Apr 7, 2025

DTEX Taps Intelligence Expert Michael Barnhart to Counter Nation State Insider Threats

5

DTEX enhances its Ai³ and Insider Intelligence and Investigation (i³) capabilities to counter foreign espionage and detection evasion from the DPRK and other nation state actors.

I am thrilled to announce the addition of Michael “Barni” Barnhart, former lead of Google Mandiant’s North Korea (DPRK) threat hunting operations, to DTEX’s Insider Intelligence and Investigations (i3) team. Barni will further enhance our proactive strategy in mitigating nation state insider threats, with an immediate focus on countering DPRK infiltration tactics and copycat strategies by other nation states.

With a deep intelligence background spanning human intelligence (HUMINT), signals intelligence (SIGINT), and cybersecurity, Barni brings unparalleled expertise to DTEX’s mission of proactively protecting the world’s organizations from insider threats.

Amplifying Insider Threat Defense: The Intelligence Edge

At DTEX, we know that tackling the world’s toughest security and risk challenges requires the best minds working together. When someone is leading the way in a critical intelligence domain, their insights can drive immediate impact. We saw an opportunity to enhance our offering through greater intelligence, and we tapped Barni to lead this effort. His experience and insights will supercharge our ability to detect, analyze, and predict nation state infiltration efforts, particularly from the DPRK.

The insider threat landscape is evolving, with adversaries using increasingly sophisticated tactics that are difficult to consistently detect. With Barni on board, DTEX is doubling down on its ability to provide organizations with actionable intelligence to protect their most valuable assets. His expertise will immediately be leveraged for our platform, machine learning (ML) models, as well as our Ai3 Risk Assistant

Erupting Nation State Espionage: DPRK and Beyond

The DPRK IT worker threat is bigger than many people realize. As a recent CyberScoop article highlights, North Korean technical workers are securing full-time jobs at major companies under false identities, funneling money back to the regime and gathering intelligence on critical systems. 

With Barni joining, we are:

  • Supercharging DTEX’s human-behavioral intelligence program to address nation state insider threats, including DPRK, China’s Thousand Talents Program, and Russian espionage tactics.
  • Enhancing our foreign espionage intelligence capabilities by synergizing human intelligence with behavioral science, cybersecurity methodologies and powerful ML models.
  • Gaining deeper insight into DPRK’s movements and motivations, allowing us to predict their next steps and provide organizations with better visibility into potential infiltration attempts.

“DPRK is a part of a copycat league,” Barni explains. “We’re already seeing cybercriminals adopt their tactics, and we can only assume that China and Russia are taking notes. If you can find the human and identify their mistakes, you can weaponize that intelligence to stay ahead of the threat, regardless of the nation state.”

A Life’s Work in Threat Hunting 

With nearly two decades of experience in intelligence and cybersecurity, Barni has built a career at the intersection of national security and cyber operations. His expertise spans HUMINT, SIGINT, and counterintelligence, with a particular focus on North Korean cyber activities.

Barni’s career began in the US Army, which he joined at just 17 in the post-9/11 era. He quickly advanced through rigorous training in interrogation and intelligence operations, deploying to Iraq quickly thereafter during a period of intense conflict. Over a 15-month deployment, he worked alongside Joint Special Operations Command (JSOC), honing his skills in intelligence collection and analysis. His work extended beyond the battlefield, taking him into nuclear facilities, underground bunkers, and other critical security environments.

Following his military service, after completing three years of SIGINT work both overseas and domestically, Barni transitioned into cybersecurity, first as a Cyber Team Lead for the United States Senate, where he established a specialized team to oversee global cyber investigations. He then spent six years at Google Mandiant, further deepening his expertise in cyber threat intelligence. His research on North Korean cyber operations has been extensive, covering Advanced Persistent Threat (APT) groups APT43, then APT45, and broader North Korean cyber espionage campaigns, such as the DPRK IT worker threat. He has also published insights on the evolving structure of North Korea’s cyber operations and strategies to mitigate threats posed by DPRK IT workers.

Throughout his career, Barni has remained at the forefront of cyber threat intelligence, leveraging his deep understanding of adversary tactics to shape strategies for countering nation state cyber threats. 

“Companies need to view the threat from North Korea differently than they have in the past,” Barni states. “We need to shift our strategy based on an understanding of who they are, how they operate, and why they operate the way they do. The adversary evolves—so must we.”

Why DTEX

For Barni, the decision to join DTEX was mission driven. “I wanted to get back to threat hunting and making a lasting impact for the critical infrastructure and companies that power our way of life, focusing on the human aspect of the adversary,” he says. 

The Future of Insider Threat Intelligence

DPRK is an intelligence black hole. Their cyber operatives are highly skilled, leveraging tactics that are hard to track using traditional intelligence methods. But their playbook isn’t unique. They’ve taken pages from China’s Thousand Talents Program, and as they continue to evolve, we anticipate they will begin adopting more Russian-nexus style tactics—IP theft, extortion, and deep infiltration into critical industries.

Long term, China remains the number one threat to the US and its allies. While Russia and the US excel at short-term, high-impact operations, China operates with a meticulous, decade-long strategy. Their intelligence agencies, the Ministry of State Security (MSS) and the People’s Liberation Army (PLA), will continue to play the long game. “They’re watching, waiting, and learning from our mistakes,” Barni notes. “We need to stay ahead of the curve.”

A New Era for DTEX

With Barni on board, DTEX is taking a major step forward in its ability to combat nation state insider threats. His experience, insights, and relentless pursuit of the mission will help elevate DTEX’s insider risk management platform and i³ intelligence capabilities to new heights.

As Barni puts it: “To impose a cost on adversaries, we must continually adapt and collaborate on a global scale. If our adversaries collaborate, we need to collaborate better. If they adapt, we need to adapt faster. DTEX is the perfect place to do just that.”

Welcome to the team, Barni. The mission continues.