Dr Bill Claycomb

Dr Bill Claycomb

Principal Researcher, Software Engineering Institute, Carnegie Mellon University

PRESENTATION

Technical Risk Indicators for the Critical Pathway to Insider Risk

IMPACT2025 logo white

Presentation overview

Detecting warning signs, or indicators, of insider risk is a significant challenge for security professionals. The Critical Pathway to Insider Risk (CPIR) is a framework that describes observable behaviors that often precede malicious insider attacks. The framework components describe human personality and behavior and are often detected by psychologists observing a person’s activities and interactions in the workplace. However, data collected by or accessible to an organization’s IT infrastructure could also be used as relevant information leading to detection of CPIR warning signs. This talk will describe several ways an organization could implement such technical indicators of potential insider risk for components of the CPIR framework.

Biography

Bill Claycomb is a Principal Researcher for the CERT Division’s National Insider Threat Center and Principal Cyber Advisor for the CMU/SEI National Initiative for the Advancement of Cybersecurity. He leads multidisciplinary projects related to cyber security and human behavior, primarily investigating novel techniques for detection, prevention, and mitigation of insider threats for government and industry. Dr Claycomb’s earlier work involved efforts to improve biometric security systems, and since then his research portfolio has included both domestic and international research efforts across a broad range of topics such as malware detection, cloud computing security, wireless and mobile security, enterprise architecture, digital rights enforcement, and identity management. Prior to joining the SEI, he pioneered early efforts for preventing insider attacks on enterprise information systems at Sandia National Laboratories. Bill has published numerous peer-reviewed conference and journal papers, served as Steering Committee Chair for the IEEE Workshop on Research for Insider Threats (WRIT), served as Associate Editor for a special issue on Insider Threats for the ACM Journal on Digital Threats – Research & Practice, Associate Editor for the inaugural issue of Counter Insider Threats: Research and Practice, and has served four times as a Program Chair-in-Chief for the IEEE Computer Society Computers, Software, and Applications Conference (COMPSAC).