Home » Courses » Certification Courses » NICWI.ORG - National Institute of Cyber Warfare Intelligence » Certified Insider Threat Analyst (CITA)

Certified Insider Threat Analyst (CITA)

Length: 2 Days
Print Friendly, PDF & Email

Certified Insider Threat Analyst (CITA) Certification Course by Tonex

Certified Special Forces Cyber Operator (CSFCO) Certification Course by Tonex

The Certified Insider Threat Analyst (CITA) Training equips professionals with the knowledge, tools, and skills to detect, prevent, and respond to insider threats within critical environments, including government, defense, intelligence, corporate, and SCIF/SAPF facilities.

This hands-on, scenario-driven course explores both technical and behavioral indicators of insider threat activity. It incorporates best practices from NISPOM, ICD 705, DoD Insider Threat Programs, NITTF, CERT, and other government and industry frameworks. Attendees will gain the expertise to establish and manage insider threat programs, perform investigations, and coordinate effectively with HR, security, and legal departments.

Learning Objectives

By the end of the course, participants will be able to:

  • Define insider threat categories, motivations, and risk factors
  • Identify indicators of malicious and unintentional insider threats
  • Understand and apply legal and compliance requirements (e.g., EO 13587, NISPOM, ICD 705)
  • Monitor user behavior and identify anomalies using technical tools and behavioral analytics
  • Develop and manage an Insider Threat Program (InTP)
  • Coordinate multi-disciplinary insider threat teams
  • Perform risk assessments and mitigation planning
  • Respond to, investigate, and report insider threat incidents
  • Apply secure facility considerations (e.g., SCIF/SAPF vulnerabilities to insider threats)

Target Audience

This course is designed for:

  • Security and counterintelligence professionals
  • Cybersecurity analysts and threat hunters
  • SCIF/SAPF engineers and facility managers
  • Human resources and legal compliance staff
  • Program security officers (PSOs), FSO/ISSMs
  • Insider Threat Program Managers
  • Government, defense, and corporate personnel responsible for security and trust

Program Modules:

Day 1 – Understanding Insider Threats

Module 1: Introduction to Insider Threats

  • Definitions and threat categories
  • Espionage, sabotage, data exfiltration, workplace violence

Module 2: Legal, Policy, and Regulatory Landscape

  • EO 13587, NISPOM, ICD 705, DoDI 5200.48
  • Privacy, civil liberties, due process

Module 3: Behavioral Indicators and Psychology

  • Risk factors, motivations, and radicalization pathways
  • Behavioral threat assessment frameworks

Module 4: Insider Threat Program Development

  • Components of a formal program (as per NITTF)
  • Roles, responsibilities, training, and information sharing

Day 2 – Detection, Tools, and Mitigation

Module 5: Detection and Monitoring Tools

  • UEBA (User and Entity Behavior Analytics)
  • SIEM, DLP, audit logging, access pattern analysis

Module 6: Investigations and Forensics

  • Digital evidence collection
  • Chain of custody, coordination with law enforcement

Module 7: Insider Threats in Secure Facilities (SCIF/SAPF)

  • Engineering, physical, and operational vulnerabilities
  • TEMPEST exploitation, unauthorized recording, covert exfiltration methods

Module 8: Incident Response and Mitigation

  • Insider threat kill chain
  • Red team and blue team approaches
  • Remediation, recovery, lessons learned
  • Capstone Exercise: Insider Threat Case Simulation
  • Role-based investigation of a simulated insider threat
  • Debrief and mitigation planning

CITA Exam Domains

The CITA exam will consist of multiple-choice questions and scenario-based assessments. The following domains are covered:

  • Domain 1: Insider Threat Foundations (15%)
  • Domain 2: Legal, Regulatory, and Policy Framework (10%)
  • Domain 3: Behavioral Indicators and Risk Factors (15%)
  • Domain 4: Insider Threat Program Implementation (20%)
  • Domain 5: Detection and Technical Tools (15%)
  • Domain 6: Incident Investigation and Response (15%)
  • Domain 7: Insider Threats in SCIFs and Secure Environments (10%)

Course Delivery:
The course is delivered through lectures, interactive discussions, and case studies. Participants will have access to online resources, including readings and practical exercises to reinforce learning.

Assessment and Certification:
Participants will be assessed through quizzes, assignments, and a final examination. Upon successful completion, participants will receive a Certified Insider Threat Analyst (CITA) certificate.

Question Types:

  • Multiple Choice Questions (MCQs)
  • True/False Statements
  • Scenario-based Questions
  • Fill in the Blank Questions
  • Matching Questions
  • Short Answer Questions

Passing Criteria:
To pass the Certified Insider Threat Analyst (CITA) exam, candidates must achieve a score of 70% or higher.

Advance your career in cybersecurity by becoming a Certified Insider Threat Analyst (CITA) with Tonex. Enroll today and gain the skills to protect your organization from insider threats.

Request More Information