From “oops” to “ops”: spotting insider risk before it becomes an incident
SPRITE+ Lunch and Learn with Dr. Ismini Vasileiou
Insider threats are the cyber risk that often looks like “normal work”: trusted access, everyday shortcuts, and small decisions that can snowball into real incidents.
This talk will demystify what “insider threat” actually means, distinguishing malicious insiders, well-meaning but risky behaviour (the “oops” factor), and compromised insiders where legitimate accounts are used by attackers. It will explore why insider risk is fundamentally sociotechnical—shaped by incentives, workload, culture, and how access and controls are designed.
The talk will then move from “oops” to “ops” with practical, proportionate mitigations that protect security without eroding trust. It will cover a toolkit of governance and technical measures such as least privilege, separation of duties, strong onboarding/offboarding, purposeful logging and monitoring, and awareness approaches that change behaviour (not just tick boxes). Attendees will leave with a clearer sense of how to spot insider risk early and translate guidance into actionable steps—especially in real-world, resource-constrained settings.
About Ismini
Dr Ismini Vasileiou is an Associate Professor at De Montfort University and Founder & Director of the East Midlands Cyber Security Cluster (EMCSC).
Her research and leadership span organisational cyber security, cyber governance, resilience, social engineering, and the human factors that shape digital risk. She has a particular focus on cyber skills and workforce development, championing diversity and inclusion as critical enablers of organisational and societal cyber resilience.
---------------------------
SPRITE+ Lunch and Learn is your chance to find out the latest developments in the world of Trust, Identity, Privacy and Security (TIPS). Join us every third Wednesday of the month at 1:00pm (GMT) for a lightning 20 minute talk from an Industry or Academic expert followed by 10 minutes of Q&A.
Visit our YouTube channel to access recording of previous Lunch + Learn talks.
Interested in learning more about what we do? Head over to the SPRITE+ website.
SPRITE+ Lunch and Learn with Dr. Ismini Vasileiou
Insider threats are the cyber risk that often looks like “normal work”: trusted access, everyday shortcuts, and small decisions that can snowball into real incidents.
This talk will demystify what “insider threat” actually means, distinguishing malicious insiders, well-meaning but risky behaviour (the “oops” factor), and compromised insiders where legitimate accounts are used by attackers. It will explore why insider risk is fundamentally sociotechnical—shaped by incentives, workload, culture, and how access and controls are designed.
The talk will then move from “oops” to “ops” with practical, proportionate mitigations that protect security without eroding trust. It will cover a toolkit of governance and technical measures such as least privilege, separation of duties, strong onboarding/offboarding, purposeful logging and monitoring, and awareness approaches that change behaviour (not just tick boxes). Attendees will leave with a clearer sense of how to spot insider risk early and translate guidance into actionable steps—especially in real-world, resource-constrained settings.
About Ismini
Dr Ismini Vasileiou is an Associate Professor at De Montfort University and Founder & Director of the East Midlands Cyber Security Cluster (EMCSC).
Her research and leadership span organisational cyber security, cyber governance, resilience, social engineering, and the human factors that shape digital risk. She has a particular focus on cyber skills and workforce development, championing diversity and inclusion as critical enablers of organisational and societal cyber resilience.
---------------------------
SPRITE+ Lunch and Learn is your chance to find out the latest developments in the world of Trust, Identity, Privacy and Security (TIPS). Join us every third Wednesday of the month at 1:00pm (GMT) for a lightning 20 minute talk from an Industry or Academic expert followed by 10 minutes of Q&A.
Visit our YouTube channel to access recording of previous Lunch + Learn talks.
Interested in learning more about what we do? Head over to the SPRITE+ website.
Good to know
Highlights
- 30 minutes
- Online