search menu icon-carat-right cmu-wordmark

Insider Threat Program Evaluator

This three-day, instructor-led, course presents strategies for measuring and evaluating an operational insider threat program within an organization. Using scenario-based exercises, this course takes participants through the steps to conduct an insider threat program evaluation. This training is for insider threat program managers, evaluators, and team members and for those interested in licensing the CERT methodology and tools to perform an insider threat program evaluation. This course may also benefit those working in auditing or risk management.

This training is based upon the research of the CERT Insider Threat Center of the Software Engineering Institute. The CERT Insider Threat Center has been researching this problem since 2001 in partnership with the U.S. Department of Defense (DoD), the Department of Homeland Security, the U.S. Secret Service, other federal agencies, the intelligence community, private industry, academia, and the vendor community. This training course supports organizations implementing and managing insider threat detection and prevention programs based on various government mandates or guidance including: Presidential Executive Order 13587, the National Insider Threat Policy and Minimum Standards, and proposed changes set forth in the National Industrial Security Program Operating Manual (NISPOM).

Submitting this registration will register you for the Insider Threat Program Evaluator course only. Successful completion of this course is a required component for the Insider Threat Program Evaluator Certificate. To register for the Insider Threat Program Evaluator (ITPE) Certificate Package, please visit Insider Threat Program Evaluator (ITPE) Certificate Package


  • Insider Threat Program Team Members
  • Insider Threat Program Managers
  • Insider Threat Program Evaluators


Participants who complete the course will be able to

  • Design an evaluation plan for working with an organization
  • Build a team of experts to perform the evaluation
  • Use the workbooks and templates to assess capabilities, components, and processes of an insider threat program
  • Score capabilities based on evidence-driven assessment of a set of specific indicators
  • Highlight key gaps within a program and recommend improvements or mitigations


Topics of exercises and discussions include:

  • Techniques and templates for performing evaluation preparation and execution tasks
  • Processes for engagement, planning, data collection, scoring, and report development
  • Group discussions and summarized lessons learned for each exercise


Course methods include lecture, group exercises, and scenario completion. Participants will receive a course notebook, case studies and electronic course materials downloadable from the SEI Learning Portal. Students attending in-person offerings in an SEI Training Facility are required to bring a laptop to be used only during course exercises.


Participants completing the Insider Threat Program Evaluator Certificate Program must take the prerequisite courses: Overview of Insider Threat Concepts and Activities and Building an Insider Threat Program.

Students are strongly recommended to also take the Insider Threat Program Manager: Implementation and Operation course to provide additional background knowledge for the course, but this is not required.

Dates Offered

Register Now

Course Fees [USD]

  • U.S. Industry: $2,650.00
  • U.S. Govt/Academic: $2,250.00
  • International: $3,150.00


This 3 day course meets at the following times:

Days 1-3, 8:30 a.m. - 4:30 p.m. Eastern Time

This course may be offered by special arrangement at customer sites. For details, please email or telephone at +1 412-268-1817.

Course Questions?

Phone: 412-268-7388

Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.