Insider Threat SIG: Building a stronger community to address an evolving threat landscape
Insider threats remain one of the most challenging areas of cybersecurity. Whether driven by malicious intent, negligence, compromised identities, or trusted third parties, insider-related incidents continue to grow in complexity as organizations become increasingly interconnected. Technical controls alone are no longer sufficient.
Effective insider threat programs require collaboration across security, human resources, legal, privacy, leadership, and operational teams, making this a uniquely multidisciplinary challenge.
The FIRST Insider Threat SIG was established to bring together practitioners from across industries to share knowledge, experiences, and practical approaches to detecting, preventing, and responding to insider threats.
Since its launch, the SIG has seen strong interest from the global FIRST community, with members representing CSIRTs, PSIRTs, SOCs, insider risk teams, threat intelligence, digital forensics, law enforcement, academia, and critical infrastructure organizations.
Our shared objective is simple: to create an open forum where practitioners can collaborate on one of the most difficult problems facing defenders today.
This quarter marked an exciting milestone for the SIG as we officially kicked off our activities with an in-person meetup at FIRSTCON26 in Denver. The session provided members with an opportunity to meet, discuss priorities for the group, and help shape the direction of the SIG moving forward. The enthusiasm and willingness of members to contribute highlighted the growing importance of insider threat as a dedicated area of collaboration within the FIRST community.
Alongside the inaugural meetup, we have continued to expand our community through the SIG’s private Slack workspace, where members are already exchanging ideas, sharing resources, and discussing emerging insider threat challenges.
Work is also underway to establish regular virtual meetings, identify working groups around key focus areas, and develop practical guidance and resources that can benefit organizations of all sizes and levels of maturity.
The Insider Threat SIG is intended to be community-driven. Whether your expertise lies in technical detection, investigations, behavioral analytics, governance, threat intelligence, legal considerations, or program development, your perspective is valuable.
We encourage members to contribute in whatever way they can, from sharing case studies and research to participating in discussions or helping develop future SIG initiatives.
As organizations continue to evolve, so too will the nature of insider risk. By working together as a global community, we can build stronger capabilities, share lessons learned, and help advance best practices across the industry.
We look forward to welcoming new members and continuing to grow the SIG over the coming months.
Thanks,
Vish
Published on FIRST POST: Apr-Jun 2026
Wed, 15 Jul 2026 00:00:00 +0000