search menu icon-carat-right cmu-wordmark

Insider Threat Program Manager: Implementation and Operation

This three day course builds upon the initial concepts presented in the prerequisite courses Overview of Insider Threat Concepts and Activities and Building an Insider Threat Program. The course presents a process roadmap that can be followed to build the various parts of a robust Insider Threat Program. It discusses various techniques and methods to develop, implement, and operate program components.

This training is based upon the research of the CERT Insider Threat Center of the Software Engineering Institute. The CERT Insider Threat Center has been researching this problem since 2001 in partnership with the U.S. Department of Defense (DoD), the Department of Homeland Security, the U.S. Secret Service, other federal agencies, the intelligence community, private industry, academia, and the vendor community. This training course supports organizations implementing and managing insider threat detection and prevention programs based on various government mandates or guidance including: Presidential Executive Order 13587, the National Insider Threat Policy and Minimum Standards, and proposed changes set forth in the National Industrial Security Program Operating Manual (NISPOM).

Submitting this registration will register you for the Insider Threat Program Manager: Implementation and Operation course only. Successful completion of this course is a required component for the Insider Threat Program Certificate. To register for the Insider Threat Program Manager (ITPM) Certificate Package, please visit Insider Threat Program Manager (ITPM) Certificate Package

NOTE: If you have previously completed the prerequisite eLearning courses and wish to earn the ITPM professional certificate, you must register for the ITPM Examination. Online registration for the exam is available at Insider Threat Program Manager Certificate Examination

This course is also recommended for anyone pursuing the professional certificate for Insider Risk Management Measures of Effectiveness, but is not required.


  • Insider Threat Program Team Members
  • Insider Threat Program Managers


At the completion of the course, learners will be able to:

  • Identify critical assets and protection schemes
  • Coordinate a cross-organizational team to help develop and implement the Insider Threat Program
  • Develop a framework for their Insider Threat Program
  • Identify methods to gain management support and sponsorship
  • Plan the implementation for their Insider Threat Program
  • Identify organizational policies and processes that require enhancement to accommodate insider threat components
  • Identify data sources and priorities for data collection
  • Identify infrastructure changes and enhancements necessary for implementing and supporting an Insider Threat Program
  • Outline operational considerations and requirements need to implement the program
  • Build policies and processes to help hire the right staff, develop an organizational culture of security
  • Improve organizational security awareness training
  • Identify training competencies for insider threat team staff


The course covers topics such as:

  • Building the Insider Threat Program Framework
  • Developing an enterprise-wide approach and interdisciplinary project team
  • Building or enhancing policies and processes to include insider threat program considerations
  • Identifying critical asset and protection needs
  • Identifying risks to assets from insiders and enhancing any risk management program to take into account risks from insiders
  • Enhancing organizational training and awareness programs to include insider threat
  • Enhancing organizational infrastructures to support the Insider Threat Program by determining what defenses are needed, and where enhancements are necessary
  • Building the data collection and analysis function for both technical and behavioral data
  • Identifying data sources and priorities
  • Building a Roadmap for implementation
  • Considerations for operations
  • Future improvements to the program


Course methods include lecture, group exercises, and scenario completion.

Participants will receive a course notebook, case studies and electronic course materials downloadable from the SEI Learning Portal. Students attending in-person offerings in an SEI Training Facility are required to bring a laptop to be used only during course exercises.


Participants completing the Insider Threat Program Manager Certificate Program must take the prerequisite courses: Overview of Insider Threat Concepts and Activities and Building an Insider Threat Program.

Dates Offered

Course Fees [USD]

  • U.S. Industry: $2,650.00
  • U.S. Govt/Academic: $2,250.00
  • International: $3,150.00


This 3 day course meets at the following times:

Days 1-3, 8:30 a.m. - 4:30 p.m. Eastern Time

This course may be offered by special arrangement at customer sites. For details, please email or telephone at +1 412-268-1817.

Course Questions?

Phone: 412-268-7388

Related Courses

  • Building an Insider Threat Program


    This seven (7) hour online course provides a thorough understanding of the organizational models for an insider threat program, the necessary components to have an effective program, the key stakeholders who need to be involved in the process, and basic education on the implementation and guidance of the program. This training is based upon the...

    Learn More
  • Overview of Insider Threat Concepts and Activities


    This three (3) hour online course provides a thorough understanding of insider threat terminology, identifies different types of insider threats, teaches how to recognize both technical and behavioral indicators and outlines mitigation strategies. This instruction is based upon the research of the CERT National Insider Threat Center (NITC) of the...

    Learn More

Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.