Training Icon  NITTF Insider Threat Training


The National Insider Threat Task Force (NITTF) was established under Executive Order (E.O.) 13587 (PDF). The NITTF is the principal interagency task force responsible for developing an Executive branch insider threat detection and mitigation program to be implemented by all federal departments and agencies. Integrated in this mission of insider threat program development is the requirement to develop, provide and establish training standards for Insider Threat program personnel, specifically for those people directly involved with Insider Threat “hubs.” Hubs are responsible for gathering, integrating, and analyzing anomalous activities, and ensuring that appropriate inquiries are conducted and steps taken in response to insider threat concerns.


NITTF Insider Threat Hub Operations Course:


Since its inception, the NITTF has hosted several versions of no-cost training covering establishment and implementation of insider threat programs. NITTF continues to deliver comprehensive training in a formal classroom setting through the Insider Threat Hub Operations (referred hereinafter as the “Hub”) course with practical exercises to introduce basic Hub functions. Since, 2015 the Hub course has trained 1,444 people from over 80 departments and agencies.

Implementing insider threat programs and professionalizing the insider threat workforce requires specialized training. The Hub course delivers a practical, scenario-based approach for teaching insider threat Hub concepts and activities. This professional training course teaches fundamental concepts and requirements for insider threat response actions, along with policy and legal authority considerations, from an initial trigger event to mitigation measures. The course prepares executive branch organizations’ Hub personnel to handle day-to-day activities to deter, detect, and mitigate insider threats.

Course Objectives:
• Understand Hub operational and process dynamics
• Understand the processes for Hub functions to effectively gather information
• Understand the legal considerations in establishing program processes, to include handling information from a variety of internal and external sources
• Demonstrate how to gather and document counterintelligence, security, information assurance, human resource, law enforcement, and other relevant information related to potential insider threat activities
• Demonstrate how to integrate and analyse information on potential insider threat activities and recommend mitigation actions


Virtual Insider Threat Hub Operations Course ScheduleCalendar Year 2020

Date Registration Availability
September 29-30, 2020 Open September 1, 2020
October 27-28, 2020    Open September 21, 2020
November 17-18, 2020 Open October 1, 2020
December 1-2, 2020 Open October 1, 2020
December 15-16, 2020 Open November 1, 2020


*** This course offering will be held in a virtual environment using the CISCO Webex platform. Thus, please ensure you will be attending the course from a computer that will allow you to connect to the NIITF Hub Ops WebEx course. Additionally, you must be able to access the email address used for registration on the days of training.  All the material will be UNCLASSIFIED for those authorized to attend from an offsite location or home.*** 


Who May Attend
This course is for government employees supporting an executive branch department or agency (D/A) Insider Threat Program. Contractors assigned to these programs may be considered with agency COTR/COR approval. Requests to attend this course must be submitted by the D/A’s Insider Threat Program Manager or Senior Designated Official for all perspective attendees.


Students must have an affiliation with their D/A’s insider threat program, training and awareness in Counterintelligence and Security Fundamentals, Privacy Act & Safeguarding Personally Identifiable Information, Whistleblower Protection Act, and Insider Threat Awareness training through their organization. Additionally, students must have read and be familiar with Executive Order 13587 and the National Insider Threat Policy and Minimum Standards (See NITTF main page for documents).



Insider Threat Program Managers or Senior Designated Officials must submit nominations via email to This email address is being protected from spambots. You need JavaScript enabled to view it. with nominee name, email address, D/A, and requested class dates. Classes fill quickly; submit nominations on or shortly after registration opening dates.


External Learning Modules


NITTF features an insider threat training module developed by one of our Intelligence Community partners. This training addresses a variety of insider threat matters such as leaks, spills, espionage, sabotage, and targeted violence.


NITTF also features a mental wellness training module. This training was developed by the Office of Intelligence Community Equal Employment Opportunity and Diversity to explain challenges our workforce may endure if they are experiencing mental health issues. While there are times when behaviors of security concern overlap with mental disorders and require further review, the overwhelming reason for an employee to visit an agency’s Employee Assistance Program (EAP) is to have an objective, trained professional help sort out generally temporary and minor emotional problems.


Any Given Day – An Insider Threat Short (8 minute video):


Any Given Day Training Video

Any Given Day (VIDEO) is an 8-minute video that was produced to enhance insider threat education and awareness.  It highlights the balance between collecting information and privacy concerns, and presents a side of insider threat programs that is not often considered: protecting national security at the human level.  Executive Order 13587 focuses on safeguarding classified networks and classified information, but it's not just about information, it's also about protecting people.  NITTF encourages inclusion of this video in your existing training plan for your workforce.

NITTF Endorsed Workforce Training:

In addition to training tailored for your insider threat professionals, the Minimum Standards also require insider threat awareness training for the federal workforce. Many D/As have taken the initiative to develop their own training in line with the standards. For agencies without "in house" training for their workforce, the NITTF issued a directive in 2014 for federal agencies to use the Defense Security Service (DSS) Center for Development of Security Excellence (CDSE) web-based Insider Threat Awareness course. The DSS CDSE site is open to all government D/As, and certificates are available after course completion. Additional DSS CDSE training can be found at