13 Years After Snowden: Former NSA Chief Chris Inglis on Lessons Learned and Insider Threat Warnings for CISOs
Former NSA Deputy Director Chris Inglis shares three key regrets from the Snowden leaks and offers CISOs actionable advice on insider threat detection, media crisis management, and building a security culture through 'enculturation.'
A Reckoning After the Storm: Chris Inglis Reflects on the Snowden Leaks
In June 2013, the world learned that a National Security Agency contractor named Edward Snowden had leaked thousands of classified documents exposing global surveillance programs. At the helm of the agency's civilian leadership was Chris Inglis, then Deputy Director of the NSA. More than a decade later, Inglis has opened up about the missteps that allowed one of the most damaging intelligence breaches in U.S. history, and what his experience means for today's chief information security officers (CISOs).
Inglis, now a strategic advisor and academic, describes the Snowden affair as a painful but pivotal moment that forced the intelligence community to confront blind spots in its security culture. In interviews and keynote speeches, he has candidly admitted that the NSA failed to detect Snowden's intentions despite clear red flags, and that the agency's approach to media disclosures and internal trust was dangerously flawed.
Where the NSA Went Wrong: Inglis’s Three Regrets
Overreliance on Technical Controls
Inglis points out that the NSA's security apparatus was heavily weighted toward technical safeguards—firewalls, encryption, and monitoring—while neglecting the human element. Snowden, a system administrator with broad access, exploited trust and social engineering rather than breaking technical barriers. “We had the best cyber defenses, but we forgot to check the heart of the individual behind the keyboard,” Inglis has said.
Failure to Heed Behavioral Warning Signs
Colleagues had noted Snowden's increasingly erratic behavior and his habit of accessing files unrelated to his work. However, no formal process existed to escalate these concerns. Inglis acknowledges that the agency lacked a robust insider threat program that could correlate behavioral anomalies with access logs.
Clumsy Media and Public Engagement
When the leaks first broke, the NSA’s initial response was dismissive and defensive. Inglis now believes the agency should have immediately acknowledged the breach and framed the narrative around the protections already in place. Instead, it allowed Snowden’s documents to shape the global conversation, leading to lasting damage to public trust.
What CISOs Can Learn from Inglis’s Reflections
Inglis’s post-Snowden writing and talks focus on three pillars for modern security executives: spotting insider threats, managing media crises, and fostering what he calls “enculturation”—building a security-aware culture from within.
Spotting the Insider Threat: Beyond Technical Monitoring
Inglis advises CISOs to integrate behavioral science into security operations. This means training managers to recognize signs of discontent, financial stress, or sudden changes in work patterns. He also recommends continuous user behavior analytics (UBA) that flags unusual access requests, not just rule-based alerts. “The threat is often not a stranger at the gate but someone with a badge,” he warns.
Media Disclosures: Plan, Don’t React
In the age of ransomware and data exfiltration, many companies face public disclosures. Inglis suggests that every CISO should maintain a crisis communication playbook that includes pre-drafted statements, designated spokespersons, and a clear chain of approval. Transparency, he argues, is more effective than stonewalling. “Control the narrative before it controls you.”
Enculturation: Security as Shared Responsibility
Perhaps Inglis’s most profound lesson is the need for enculturation—embedding security into the organizational DNA. This goes beyond phishing tests and mandatory training. It means creating a culture where employees feel empowered to report suspicious activity without fear of retribution, and where security teams actively seek input from non-IT staff. Inglis cites the example of how during the Cold War, signals intelligence analysts were taught to question everything—a mindset that he believes was eroded by overconfidence post-9/11.
To implement enculturation, CISOs should:
- Establish anonymous reporting channels and reward whistleblowers who flag potential risks.
- Conduct regular “red team” exercises that simulate real insider or outsider attacks.
- Include security metrics in every department’s performance reviews, not just IT’s.
Conclusion: A Decade of Reckoning
While the Snowden leaks were a devastating blow to the intelligence community, Chris Inglis’s willingness to share regrets and remedies offers a valuable blueprint for modern CISOs. His emphasis on human-centric cybersecurity—combining technical controls with behavioral insight, crisis readiness, and a pervasive security culture—remains as relevant today as it was in 2013. For executives navigating the increasingly complex threat landscape, his reflections serve as both a cautionary tale and a guide for building more resilient organizations.
This article is based on public statements and writings by Chris Inglis, including interviews with cybersecurity outlets and academic conferences.