Cyber threats come in various forms. A diverse threat actor landscape consisting of criminals, espionage actors, hacktivists, and more have demonstrated how successful they can be launching remote attacks. Gaining unauthorized access into networks, stealing sensitive intellectual property, financial, and personal identifiable information, and conducting defacements and denial-of-service attacks, are just some ways these hostile elements target organizations in both the public and private sectors. If enterprises want to understand how they can better invest in security defenses, build the necessary One class of actor that often gets overlooked is the insider threat, largely because they represent a hybrid type of actor that capitalizes on his physical access to conduct malfeasance, often leveraging some cyber aspect in the fulfillment of his goals. What is wrong with this picture? Insiders can both be witting and unwitting. The unwitting or careless insider is an individual with legitimate accesses but who through poor judgment commits a security infraction that results in potential consequences for his organization (e.g., think the insertion of a USB key into an organization’s network). The witting or malicious insider is an individual that makes the conscious decision to abuse his access in order to obtain sensitive and/or financial information for personal gain or purposeful malicious intent (e.g., an individual like Chelsea Manning or Edward Snowden fits this category). A third type of insider is the remote actor or masquerading insider who has compromised legitimate credentials in order to gain access as a trusted individual on an organization’s network. One thing that all of these three types have in common: once inside, perimeter security can do little to deter their actions.