The many minds of MITRE: building multidisciplinary human insider-risk research

Trigger warning: This episode includes discussion of suicide in the context of researching measurable predictive indicators and the lack thereof in the context of cyber.

Episode Notes

• Dr Caputo's path from social psychology to applied security, including intelligence analysis and building a behavioural-science team at MITRE.
• What MITRE is: a not-for-profit operating six federally funded R&D centres that provide independent, public-interest research alongside government.
• Why early “indicator” hunting on endpoints often chased the last bad case; shifting to experiments and known-bad/created-bad data to learn patterns of behaviour change.
• The LinkedIn recruiter field experiment: ethically approved creation of recruiter personas, staged outreach in three messages, and follow-up interviews to understand reporting barriers.
• What user-activity monitoring can and cannot tell you; the role of human judgement and programme design.
• Insider-risk is not only “malicious users”: designing programmes for negligent, mistaken or outsmarted behaviours as well.
• Current lines of work include improving employee recognition and reporting of malicious elicitations and exploring whether insider-risk telemetry offers early signals of suicide risk.
• Why multidisciplinary teams beat solo efforts in insider-risk operations.

About our guest:

Dr. Deanna D. Caputo

MITRE Insider Threat Research & Solutions profile: https://insiderthreat.mitre.org/dr-caputo/

LinkedIn: https://www.linkedin.com/in/dr-deanna-d-caputo

Papers or resources mentioned in this episode:

Caputo, D. D. (2024). Employee risk recognition and reporting of malicious elicitations: Longitudinal improvement with new skills-based training. Frontiers in Psychology. https://www.frontiersin.org/journals/psychology/articles/10.3389/fpsyg.2024.1410426/full

MITRE Insider Threat Research & Solutions. (2025). Suicide risk and insider-risk telemetry overview. https://insiderthreat.mitre.org/suicide-risk/

MITRE. (2024). Managing insider threats is a team sport. https://www.mitre.org/news-insights/impact-story/managing-insider-threats-team-sport

MITRE Insider Threat Research & Solutions. (2024). Capability overview two-pager (PDF). https://insiderthreat.mitre.org/wp-content/uploads/2024/06/MITREInTResearchSolutions-CapabilityTwoPager-24-0659_2024-02-01.pdf

MITRE Insider Threat Research & Solutions. (2024). Insider Threat Behavioural Risk Framework two-pager (PDF). https://insiderthreat.mitre.org/wp-content/uploads/2024/06/MITREInTResearchSolutions-InTFramework_TwoPager-24-0674_2024-03-18.pdf