Insider Threat Analyst


The Insider Threat Analyst Training Course is a comprehensive 3-day program designed to equip cybersecurity professionals and analysts with the essential skills to proactively prevent, detect, and respond to insider threats.

This intensive course delves into strategies for collecting and analysing data, focusing on designing, implementing, and measuring the effectiveness of various components within an insider threat data collection and analysis capability.


  • Work with raw data to identify concerning behaviours and activity of potential insiders.
  • Identify the technical requirements for accessing data for insider threat analysis.
  • Develop insider threat indicators that fuse data from multiple sources.
  • Apply advanced analytics for identifying insider anomalies.
  • Measure the effectiveness of insider threat indicators and anomaly detection methods.
  • Navigate the insider threat tool landscapes.
  • Describe the policies, practices, and procedures for insider threat analysis.
  • Outline the roles and responsibilities of insider threat analysts in an insider threat incident response process.

Topics Covered

  • Strategies for identifying risks to assets from insiders
  • Building a data collection and analysis function for both technical and behavioural data
  • Identifying data sources for insider threat analysis
  • Prioritising data sources to include in an analysis function
  • Developing insider threat indicators from raw data
  • Advanced analytics for insider threat mitigation
  • Measuring the effectiveness of insider threat controls
  • Features and functionality of tools used in insider threat mitigation
  • Developing an insider threat data collection and analysis process
    • Triage
    • Escalation
    • Referral
    • Continuous improvement
  • Developing an insider threat incident response process


Participants completing the Insider Threat Analyst Training Course will emerge with a comprehensive understanding of insider threat analysis.

They will be adept at designing and implementing effective data collection strategies, utilising advanced tools for analysis, and measuring the success of their insider threat programs.

The practical exercises ensure that participants are well-prepared to address real-world scenarios and contribute significantly to strengthening their organisation’s defence against insider threats.

Who Should Attend

This course is designed explicitly for cybersecurity analysts, threat hunters, and professionals responsible for monitoring and mitigating insider threats within an organisation.

It is suitable for individuals seeking to enhance their skills in collecting, analysing, and responding to insider threat data effectively


Participants are recommended to complete the Introduction To Insider Threat Training Course.

Course Length:

Three days, classroom and online instructor-led.

Special Arrangement:

This course may be offered by special arrangements at customer sites. For details, please contact

Course Questions:

Email your query to

Sign up for early access