In the last 10 years as the Senior Vice President of Threat + Violence Risk Management at Hillard Heintze, as well as during my prior career as the Special Agent in Charge of the U.S. Secret Service National Threat Assessment Center, I have become increasingly aware that insider threat and workplace violence concerns and prevention strategies are similar in many ways.

We are now receiving clear guidance from experts and the U.S. government on how to combine insider threats and workplace violence into a cohesive prevention strategy in public and private sectors. In addition to recognizing that both categories have their own consequences and warning signs, we need to remain aware of the financial and emotional impact these incidents have on our society.

What Are the Definitions?

Targeted violence in the workplace is defined as “any incident of violence where a known or knowable attacker selects a particular target prior to their violent attack.”[1] As stated by the Combined Defense Services, an insider threat “is someone who will use their authorized access, wittingly or unwittingly, to do harm through espionage, terrorism, unauthorized disclosure of information or through the loss or degradation of resources or capabilities.”

What’s the Damage from an Insider Threat?

Workplace violence is often extremely visible and tangible; when we watch the news and see overhead footage of the aftermath of an active shooter in a corporate building, we are witness to the irrevocable damage to the victims and their families. Insider threats, while still promising great harm, are often invisible to innocent passerby and include actions that can be as quiet and solitary as sending an email. For this reason, insider threats may not immediately come to mind when developing security prevention methodology.

However, several years ago we collectively witnessed an exception. In 2013, a National Security Agency (NSA) contractor, Booz Allen Hamilton, hired Eric Snowden after his previous employment with Dell and the Central Intelligence Agency (CIA). Later that year on May 20, 2013, Snowden flew to Hong Kong after leaving his job at an NSA facility in Hawaii and in early June he revealed thousands of classified NSA documents to select journalists. Snowden came to international attention after stories based on the material appeared in The Guardian and The Washington Post. Further disclosures were made by other publications including Der Spiegel and The New York Times. These disclosures revealed numerous global surveillance programs, many run by the NSA with the cooperation of telecommunication companies and European governments.

The damage Mr. Snowden caused by divulging these documents was clearly detrimental to the security of the United States. In June 2014, the NSA’s recently installed director, U.S. Navy Admiral Michael S. Rogers, said some terrorist groups altered their communications to avoid surveillance techniques in response to the leak and described how this had a material impact on the NSA’s detection and evaluation of terrorist activities worldwide.

In June 2015, the United Kingdom’s Sunday Times reported that Russian and Chinese intelligence services decrypted more than one million classified files in the Snowden cache, forcing the UK’s MI6 intelligence agency to move agents out of live operations in hostile countries. A former director of the UK’s intelligence gathering agency described it as “a huge strategic setback that was harming Britain, America, and their NATO allies.” The Sunday Times said it was not clear whether Russia and China stole Snowden’s data or whether Snowden voluntarily handed it over to remain at liberty in Hong Kong and Moscow.

How the Federal Government Responded

The federal government now requires companies to develop an insider threat program plan and designate a senior official in the company to endorse and oversee it. Contractors must also periodically submit self-reviews of their insider threat programs to the Defense Security Service (DSS).

More than 7,749 officials now fill this role, according to the DSS. As companies become increasingly aware of insider threat risks — and the requirements to mitigate them — we have an opportunity to discuss how to develop an effective program and how existing resources can serve as a valuable foundation.

Integrating Workplace Violence Prevention and Insider Threat Programs …

Companies that had workplace violence policies and procedures in place used that infrastructure to establish their insider threat programs. Companies that did not have workplace violence policies and procedures, but are now required to have an insider threat program, integrated a workplace violence procedure. Columnist, journalists and authors have been writing about this phenomenon, including my longtime friend and colleague Dr. Michael Gelles.

Dr. Gelles is a Managing Director with Deloitte Consulting LLP. I first met him over 20 years ago when I was with the U.S. Secret Service and he was the Chief Psychologist for the Naval Criminal Investigative Service (NCIS).I was honored to be acknowledged by Dr. Gelles in his book on insider threat entitled, Prevention, Detection, Mitigation and Deterrence, published by Butterworth-Heineman.

In the book, Dr. Gelles provides a historical review of workplace violence and how the foundations associated with workplace violence lay the groundwork for insider threat programs today. Similarities between the two serve as a strong base to develop a thorough and preventative detection program.

Building and maintaining the organizational capacity to prevent an insider threat at the corporate and local levels takes careful conceptualization, planning and oversight by experienced security professionals. Establishing an annual budget for an insider threat program is also critical to its success. Dr. Gelles’ book will serve as a key component of a comprehensive prevention program for years to come.

… and How To Do It

Establishing an effective, combined workplace violence prevention and insider threat program has become a new global standard for corporations and government agencies and is required by law in some industries and countries. Such a program generally incorporates the following components, each of which must be carefully coordinated and systematically applied:

  • Collection of policies
  • Procedures and guidelines related to those policies
  • Cross-functional, collaborative threat assessment and management efforts
  • Training and awareness of policies, procedures and guidelines at all levels of the organization

Training, Training, Training

However, any newfound program, even if built on an existing one, requires intensive training to make it effective. In June, Hillard Heintze, myself included, conducted comprehensive workplace violence prevention threat management team training for clients under the umbrella of their insider threat programs.

On June 14, 2018, we instructed a major Department of Defense federal law enforcement agency at the Federal Law Enforcement Training Center (FLETC) in Charleston, South Carolina. The insider threat program at this agency hosted their agents from all over the world for this critical course with an emphasis on preventing an incident of targeted violence. The agency, following the guidance of the Department of Defense, established their insider threat program to also include workplace violence prevention.

On June 20, 2018, we provided similar training to one of the world’s largest Department of Defense contractors’ threat management investigators using our behavioral simulation method. The company’s insider threat program, within which its workplace violence prevention program resides, hosted the training. We redesigned our curriculum to focus on their threat case intake system by simulating a call-in scenario and threat assessment interview.

Where to Start With Workplace Violence Prevention Training

Like the threats it attempts to mitigate, workplace violence prevention and insider threat training is always evolving. For this reason, we continue to develop and train on workplace violence prevention policies and procedures. To accomplish these objectives, we believe in a phased approach to standardization.

Phase I

  • Continue to build a culture that emphasizes reporting behaviors of concern and the fact that there will not be punitive consequences for reporting information, unless warranted.
  • Continue to standardize workplace violence prevention processes to be adopted across the organization.
  • Establish a standard process for managing orders of protection.

Phase II

  • Deploy appropriate levels of training throughout the organization, including the interdisciplinary team, managers supervisors and the general workforce.
  • Provide training to the interdisciplinary team on employee behaviors or situations of concern with realistic scenarios and interviewing techniques.

Incorporating workplace violence and insider threat programs as an aide to the public and private sectors is the key to investigating, evaluating and managing individuals who are a danger to our national security. In discussing the issue on Federal News Radio, subject matter experts stated:

“The newness of the [insider threat program] rule is going to be more on the human element and the internal training within the organization, the requirement for the organization to dedicate senior management resources to not only oversee the organization’s implementation but then to certify, to be the person who’s going to say, yes we have this process in place and this is what we are doing on a day-to-day week-to-week basis to prevent the threat and to detect the threat and then to report the threat when we find it.”

Last year the Office of the Director of National Intelligence published an interesting video on insider threat. Watch how one employee struggles to deal with his stressors…and how a co-worker responds to a potential insider threat.

All of us share the task of protecting our fellow citizens as we identify, assess and manage individuals who wish us harm, either by targeted violence or insider threat. We will continue to enhance these trainings and educate the workforce. It is the key to our fellow citizen’s safety and security. Combining these programs into one seamless effort is a start.



[1] Fein, R.A., Vossekuil, B. & Holden, G. “Threat Assessment: An Approach to Prevent Targeted Violence.” Research in Action. U.S. Department of Justice, Office of Justice Programs, National Institute of Justice: Washington, D.C. (September, 1995), at 1-7. NCJ 155000 U.S. Department of Education. National Center for Education Statistics (2000). Digest of Education Statistics 2000. Washington, D.C.