Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Staff Profile

Jason Clark

Insider Threat Research

Key Responsibilities

  • Participate in the examination, analysis, documentation, modeling, and assessment of insider threat including sabotage, fraud, and espionage.
  • Examine cases and data to understand risks and trends
  • Support Federal agencies and the IC when it comes to mitigating insider threat
  • Teach Insider Threat workshops to both the public and private sectors
  • Contribute to (academic) conferences and meeting; give talks and lectures to interested organizations

Professional Background

Before joining the SEI, I spent 4 years as lead information security analyst at another FFRDC namely the Institute for Defense Analyses (IDA) in Alexandria, VA. My role was pure information security where I was responsible for incident response, forensics, firewall management, investigating IDS alerts and the like. Prior to that I worked for 4 years as an Information Security Specialist for the Census Bureau. My main responsibilites were more on the documentation/policy side. I spent a lot of time helping to prepare documentation (e.g., security plans, risk assessments, contingency plans) in order to have our systems certified and accredited.

Publications (recent or significant)

Four Insider IT Sabotage Patterns and an Initial Effectiveness Analysis
Lori Flynn, Jason Clark, Andrew Moore, Matthew Collins, Eleni Tsamitis, David Mundie, and David McIntire
To be presented at Pattern Languages of Programs Conference (PLOP) 2013
Monticello, IL

There are no free iPads: An Analysis of Survey Scams as a Business
Jason W. Clark and Damon McCoy
Proceedings of the USENIX Workshop on Large-Scale Exploits and Emergent Threats, Washington D.C., August 2013.

Everything but the kitchen sink: determining the effect of multiple attacks on privacy preserving technology users
Jason W. Clark
Secure IT Systems. Springer Berlin Heidelberg, 2012. 199-214.

Correlating a Persona to a Person
Jason W. Clark
Privacy, Security, Risk and Trust (PASSAT), 2012 International Conference on and 2012 International Conference on Social Computing (SocialCom). IEEE, 2012.

Breaching and Protecting an Anonymizing Network System
Jason W. Clark and Angelos Stavrou
Proceedings of the 6th Annual Symposium on Information Assurance. 2011.


I am currently a member of ETVM team. I also help support the continuous diagnostic monitoring (CDM) task.


Courses I teach or have taught

ITE 115: Introduction to Computer Applications and Concepts - Northern Virginia Community College (Annandale)

ITE 140: Spreadsheet Software - Northern Virginia Community College (Loudoun)

ITE 100: Introduction to Telecommunications - Northern Virginia Community College (Online/ELI)


Contact Jason Clark