EPISODE · Oct 1, 2025 · 44 MIN
The many minds of MITRE: building multidisciplinary human insider-risk research
from Cybercrimeology · host Deanna Caputo
Trigger warning: This episode includes discussion of suicide in the context of researching measurable predictive indicators and the lack thereof in the context of cyber. Episode NotesDr Caputo's path from social psychology to applied security, including intelligence analysis and building a behavioural-science team at MITRE.What MITRE is: a not-for-profit operating six federally funded R&D centres that provide independent, public-interest research alongside government.Why early “indicator” hunting on endpoints often chased the last bad case; shifting to experiments and known-bad/created-bad data to learn patterns of behaviour change.The LinkedIn recruiter field experiment: ethically approved creation of recruiter personas, staged outreach in three messages, and follow-up interviews to understand reporting barriers.What user-activity monitoring can and cannot tell you; the role of human judgement and programme design.Insider-risk is not only “malicious users”: designing programmes for negligent, mistaken or outsmarted behaviours as well.Current lines of work include improving employee recognition and reporting of malicious elicitations and exploring whether insider-risk telemetry offers early signals of suicide risk.Why multidisciplinary teams beat solo efforts in insider-risk operations.About our guest:Dr. Deanna D. Caputo MITRE Insider Threat Research & Solutions profile: https://insiderthreat.mitre.org/dr-caputo/ LinkedIn: https://www.linkedin.com/in/dr-deanna-d-caputoPapers or resources mentioned in this episode:Caputo, D. D. (2024). Employee risk recognition and reporting of malicious elicitations: Longitudinal improvement with new skills-based training. Frontiers in Psychology. https://www.frontiersin.org/journals/psychology/articles/10.3389/fpsyg.2024.1410426/full MITRE Insider Threat Research & Solutions. (2025). Suicide risk and insider-risk telemetry overview. https://insiderthreat.mitre.org/suicide-risk/ MITRE. (2024). Managing insider threats is a team sport. https://www.mitre.org/news-insights/impact-story/managing-insider-threats-team-sport MITRE Insider Threat Research & Solutions. (2024). Capability overview two-pager (PDF). https://insiderthreat.mitre.org/wp-content/uploads/2024/06/MITREInTResearchSolutions-CapabilityTwoPager-24-0659_2024-02-01.pdf MITRE Insider Threat Research & Solutions. (2024). Insider Threat Behavioural Risk Framework two-pager (PDF). https://insiderthreat.mitre.org/wp-content/uploads/2024/06/MITREInTResearchSolutions-InTFramework_TwoPager-24-0674_2024-03-18.pdf
What this episode covers
How do insider-risk programmes work when they are built around people, not just data? Dr Deanna D. Caputo, Chief Scientist for Insider Threat Capabilities at MITRE, explains what multidisciplinary, human-centred insider-risk work looks like in real organisations, why user-activity data has limits, and how carefully designed field experiments can improve reporting and detection. We also touch on new research exploring whether typical insider-risk telemetry contains early indicators of suicide risk.
NOW PLAYING
The many minds of MITRE: building multidisciplinary human insider-risk research
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.