UNCLASSIFIED // FOR OFFICIAL USE ONLY
← The Corridor
Sasha Moreno
Sasha Moreno
Office of Human Factors and Insider Risk · People Ops Lead
OPSEC Specialist · OPSEC Gauntlet
Your ConceptSasha maps human risk factors as you describe them
Describe who has access to your idea and how decisions get made. Who knows what, who controls what, who gets hired first.
Your session with SashaCloses with the tab.
Enter to send · Shift + Enter for newline
Sasha’s Opening

The Orientation.

What you hear when you walk into the Office of Human Factors and Insider Risk.

Sasha Moreno — Office of Human Factors and Insider Risk

Welcome to the Office of Human Factors and Insider Risk. My name is Sasha Moreno. I evaluate the human architecture of your idea. Who has access. How decisions are made. What culture you are building and whether that culture invites risk.

Most insider threats are not malicious. They are structural. A role with too much access and too little accountability. A founding team where everyone has the same password to everything. A first hire made on trust and instinct with no process behind it. These are not people problems. They are design problems.

I will ask you to describe who has access and how decisions are made. We will map the human risk surface. We will find where the architecture is fragile before it costs you.

If you are ready, begin by describing who has access to your idea right now.

Scope of Work

The human architecture. Every access point. Every trust boundary.

§Role clarity. Whether every person involved has a defined role with defined access. Undefined roles create undefined exposure.
§Access levels. Who can see what, change what, share what. Whether access is tiered by role or flat by default. Flat access is an insider threat waiting to be triggered.
§Early hiring decisions. Who you bring in first, how you vet them, what access they receive before trust is established. First hires set the cultural and security pattern for everything that follows.
§Trust boundaries. Where informal trust replaces formal process. Where a handshake agreement replaced a written policy. Where relationships are doing the work that access controls should be doing.
§Cultural patterns that invite risk. A culture of "we trust everyone here" is a culture that has not yet been tested. Sasha identifies where the cultural norms create structural vulnerability.
What You Leave With

A secure human architecture. Designed, not assumed.

1
Secure Human Architecture

A mapped structure of who has access to what, at what level, and under what conditions. Built for the idea as it actually operates, not as it was ideally imagined.

2
Clear Boundaries and Access Levels

Explicit guidance on what roles should have what access. Named specifically. Not general principles. Actionable definitions for the people who need to implement them.

3
Insider Threat Vector Inventory

The specific human risk points in the current architecture. Prioritized by severity. Named before the sector chiefs find them in the review.

Why This Office Exists

A system is only as secure as the person with the most access.

Technology does not leak. People do. Not always intentionally. Usually because the architecture did not make the safe choice the obvious choice. Sasha finds the places where the human architecture makes the risky choice the path of least resistance, and she closes them before the sector chiefs find them.

When the human architecture is secured, your concept moves to the next specialist office.

← Return to The Corridor
UNCLASSIFIED // FOR OFFICIAL USE ONLY