Often the insider cyber threat is understated. It is over simplified with an emphasis on the low level employee and their potential to do harm to the organization. But the cyber threat is more complex and executes among three legs: the employee, the executive, and the information technology environment. How do you respond to the disgruntled employee; the executive that issues edicts; or vulnerability filled software proliferated throughout the cyber infrastructure? How do you respond to the unconvinced; the bean counters, who perceive the threat to be a myth; or those in denial who says, it will not happen to me?