Insider threat and deception detection are two areas that focus on user actions and their impacts upon the systems with which they interact. Insider threat aims to understand and prevent malicious activities that are instigated by "trusted" users on complex computer/information systems. Such activities cover a broad spectrum ranging from simple theft of confidential data to the more subtle alteration of system performance and/or information. For the latter, examples can include minor perturbation of a component specification in a manufacturing process resulting in a rippling effect of final component failure to influencing the decision-makers by modifying their information flow and content. The goal is to model insider threat in order to predict behavior and ultimately infer their goals and intentions.