NITTF Training

Insider Threat Training (NITTF)

Training Icon  NITTF Insider Threat Training


The National Insider Threat Task Force (NITTF) was established under Executive Order (E.O.) 13587 (PDF). The NITTF is the principal interagency task force responsible for developing an Executive branch insider threat detection and mitigation program to be implemented by all federal departments and agencies. Integrated in this mission of insider threat program development is the requirement to develop, provide and establish training standards for Insider Threat program personnel, specifically for those people directly involved with Insider Threat “hubs.” Hubs are responsible for gathering, integrating, and analyzing anomalous activities, and ensuring that appropriate inquiries are conducted and steps taken in response to insider threat concerns.


NITTF Insider Threat Hub Operations Course:


Since its inception, the NITTF has hosted several versions of no-cost training covering establishment and implementation of insider threat programs. NITTF continues to deliver comprehensive training in a formal classroom setting through the Insider Threat Hub Operations (referred hereinafter as the “Hub”) course with practical exercises to introduce basic Hub functions. Since, 2015 the HUB course has trained 1816 people from over 100 departments and agencies.

Implementing insider threat programs and professionalizing the insider threat workforce requires specialized training. The Hub course delivers a practical, scenario-based approach for teaching insider threat Hub concepts and activities. This professional training course teaches fundamental concepts and requirements for insider threat response actions, along with policy and legal authority considerations, from an initial trigger event to mitigation measures. The course prepares executive branch organizations’ Hub personnel to handle day-to-day activities to deter, detect, and mitigate insider threats.

Course Objectives:
• Understand Hub operational and process dynamics
• Understand the processes for Hub functions to effectively gather information
• Understand the legal considerations in establishing program processes, to include handling information from a variety of internal and external sources
• Demonstrate how to gather and document counterintelligence, security, information assurance, human resource, law enforcement, and other relevant information related to potential insider threat activities
• Demonstrate how to integrate and analyse information on potential insider threat activities and recommend mitigation actions


Virtual Insider Threat Hub Operations Course ScheduleCalendar Year 2021

Date Registration Availability
January 26-27, 2021 CLOSED
February 23-24, 2021  CLOSED
April 13-14 , 2021 CLOSED
May 18-19, 2021 CLOSED
June 22-23, 2021 CLOSED
August 10-11, 2021 CLOSED
September 14-15, 2021 CLOSED


*** The final iteration of the NITTF Insider Threat Hub Ops course will be held on September 14-15, 2021. There will no longer be a virtual or an in-person version of the course. NITTF will continue to advocate for insider threat training opportunities that professionalize the insider threat workforce.  Please see advisory announcing the sunset of the Insider Threat Hub Ops course via direct link ( NITTF Directives & Advisories ).*** 


Who May Attend
This course is for government employees supporting an executive branch department or agency (D/A) Insider Threat Program. Contractors assigned to these programs may be considered with agency COTR/COR approval. Requests to attend this course must be submitted by the D/A’s Insider Threat Program Manager or Senior Designated Official for all perspective attendees.


Students must have an affiliation with their D/A’s insider threat program, training and awareness in Counterintelligence and Security Fundamentals, Privacy Act & Safeguarding Personally Identifiable Information, Whistleblower Protection Act, and Insider Threat Awareness training through their organization. Additionally, students must have read and be familiar with Executive Order 13587 and the National Insider Threat Policy and Minimum Standards (See NITTF main page for documents).



Insider Threat Program Managers or Senior Designated Officials must submit nominations via email to This email address is being protected from spambots. You need JavaScript enabled to view it. with nominee name, email address, D/A, and requested class dates. Classes fill quickly; submit nominations on or shortly after registration opening dates.


External Learning Modules


NITTF features an insider threat training module developed by one of our Intelligence Community partners. This training addresses a variety of insider threat matters such as leaks, spills, espionage, sabotage, and targeted violence.


NITTF also features a mental wellness training module. This training was developed by the Office of Intelligence Community Equal Employment Opportunity and Diversity to explain challenges our workforce may endure if they are experiencing mental health issues. While there are times when behaviors of security concern overlap with mental disorders and require further review, the overwhelming reason for an employee to visit an agency’s Employee Assistance Program (EAP) is to have an objective, trained professional help sort out generally temporary and minor emotional problems.


Any Given Day – An Insider Threat Short (8 minute video):


Any Given Day Training Video

Any Given Day (VIDEO) is an 8-minute video that was produced to enhance insider threat education and awareness.  It highlights the balance between collecting information and privacy concerns, and presents a side of insider threat programs that is not often considered: protecting national security at the human level.  Executive Order 13587 focuses on safeguarding classified networks and classified information, but it's not just about information, it's also about protecting people.  NITTF encourages inclusion of this video in your existing training plan for your workforce.

NITTF Endorsed Workforce Training:

In addition to training tailored for your insider threat professionals, the Minimum Standards also require insider threat awareness training for the federal workforce. Many D/As have taken the initiative to develop their own training in line with the standards. For agencies without "in house" training for their workforce, the NITTF issued a directive in 2014 for federal agencies to use the Defense Counterintelligence and Security Agency (DCSA) Center for Development of Security Excellence (CDSE) web-based Insider Threat Awareness course. The DCSA CDSE site is open to all government D/As, and certificates are available after course completion. Additional DCSA CDSE training can be found at