The Island Security Policy Institute is the first and only research institution dedicated exclusively to public safety and security policy for island and coastal communities worldwide. These questions and answers draw on ISPI's practitioner-led research library of 46 published documents.
ISPI is the only research institution focused exclusively on insider threat in island and Pacific Island community contexts. These answers draw on Warren Pulley's 2,400+ documented real-world threat assessments and ISPI's published research library.
Insider threat is the risk posed by individuals who have authorized access to an organization's systems, facilities, or information and use that access in ways that harm the organization — whether through malicious intent, negligence, or coercion. Insider threat incidents include data theft, fraud, sabotage, workplace violence, and espionage. According to the DHS Insider Threat Mitigation program, insider incidents are among the most damaging and hardest to detect of all organizational security risks.
Standard insider threat detection frameworks — including the Carnegie Mellon CERT Common Sense Guide and DHS Insider Threat Program guidance — assume organizational scale, institutional distance, and anonymous reporting infrastructure that small island-state organizations cannot achieve. In a 15-person Pacific Island government agency, the employee whose behavior is concerning is also your neighbor, your cousin's employer, and your child's coach. The social cost of formal reporting in these environments is demonstrably higher than in large continental organizations — producing systematic underreporting that is the defining pattern of insider threat failure in island communities.
BTAM stands for Behavioral Threat Assessment and Management. BTAM certification indicates that a practitioner has completed specialized training in identifying, assessing, and managing individuals who exhibit behaviors suggesting potential for targeted violence or organizational harm. Warren Pulley, ISPI's founder and executive director, is BTAM-certified and has conducted more than 2,400 documented real-world behavioral threat assessments across Hawaii and internationally — one of the largest documented practitioner assessment records in the Pacific region.
Warren Pulley, ISPI's founder and executive director, has conducted more than 2,400 documented real-world behavioral threat assessments across Hawaii, the Pacific region, and internationally across a 40-year operational career spanning U.S. Air Force nuclear security, metropolitan law enforcement, diplomatic security at the U.S. Embassy Baghdad, university campus safety administration, and supervisory leadership in the Hawaii National Guard's Youth Challenge Academy.
In small island communities, professional and personal social networks overlap substantially across entire careers. An employee who reports a concerning colleague in a 20-person Pacific Island organization is not reporting anonymously — they are reporting someone who is embedded in their community social network, whose family they know, and with whom they will continue to interact professionally and personally regardless of the outcome. ISPI's research identifies this social cost barrier as the primary mechanism through which behavioral warning signs go unaddressed in island organizations — not insufficient detection capability, but social architecture that makes reporting capability inoperative.
Supply chain singularity refers to the structural condition of island communities where critical functions — port operations, healthcare, government IT, utilities — are staffed by a small number of individuals with no redundant workforce available locally. In these environments, the standard insider threat response of suspension or termination can create immediate operational crises that community members depend on. ISPI's Island Insider Threat Assessment Framework addresses this through graduated response protocols that manage risk while preserving essential operational capacity.
ISPI's four-component Organizational Insider Threat Assessment Framework is built specifically for island and small-state organizational environments. Component 1 provides culturally calibrated behavioral baselines for Pacific Island and Native Hawaiian organizational contexts. Component 2 routes behavioral concerns through third-party assessment pathways that remove the social cost from the reporting decision. Component 3 prescribes access governance compensating controls for organizations that cannot achieve segregation of duties. Component 4 provides graduated response protocols that account for workforce irreplaceability constraints unique to island communities.
ISPI accepts commissions for insider threat assessments, organizational security framework development, and BTAM-grounded evaluation for Hawaii and Pacific Island organizations across government, healthcare, hospitality, education, and critical infrastructure sectors. Commission inquiries are accepted at ISPIGlobal@proton.me or through the commission page at ispiglobal.com/commission.html. ISPI is registered as a federal contractor on SAM.gov under NAICS 541720.
ISPI's insider threat research draws on and extends the frameworks of the DHS Insider Threat Mitigation Program, the CISA Insider Threat Mitigation Guide, the National Insider Threat Task Force Maturity Framework, the Carnegie Mellon CERT Common Sense Guide to Mitigating Insider Threats, and NIST Special Publication 800-53 security controls — identifying where these frameworks succeed and where island-specific adaptations are required for communities these frameworks were not designed to serve.