MITRE ATT&CK: The Play at Home Edition

Thursday, November 19, 2019

11:00 AM - 12:00 PM PDT

60 minutes, including Q&A

MITRE ATT&CK: The Play at Home Edition v2.0, by Katie Nickels & Ryan Kovar
MITRE ATT&CK: The Play at Home Edition, by Nicholas Hayden

You've seen the tactics and techniques. You've read the descriptions. However, something is missing…how do you take the theory of MITRE ATT&CK™ and actually DO something with it? What can you really do with a framework like ATT&CK? Katie and Ryan will teach you how to take ATT&CK from a cool-sounding idea to a powerful force for creating a threat-informed defense in your company. They will walk through the story of how ATT&CK helped a fictional organization solve real-world-inspired problems – as well as the struggles they faced along the way and how they overcame them. The presentation will discuss how different teams can use ATT&CK to improve how they track threats and protect against them.

Brought to you by:


Guest Presenters:

Katie Nickels

Katie Nickels is the ATT&CK Threat Intelligence Lead at The MITRE Corporation, where she focuses on sharing how ATT&CK is useful for moving toward a threat-informed defense. She is also a SANS instructor for FOR578: Cyber Threat Intelligence. Katie has worked in network defense, incident response, and cyber threat intelligence for nearly a decade. She hails from a liberal arts background with degrees from Smith College and Georgetown University, embracing the power of applying liberal arts prowess to cybersecurity. With more than a dozen publications to her name, Katie has shared her expertise with presentations at BSidesLV, the FIRST CTI Symposium, multiple SANS Summits, Sp4rkcon, and many other events. Katie was also was a member of the 2019 SANS CTI Summit Advisory Board. She was the 2018 recipient of the President's Award from the Women's Society of Cyberjutsu and serves as the Program Manager for the Cyberjutsu Girls Academy, which seeks to inspire young women to learn more about STEM.

Ryan Kovar

Ryan Kovar, with over 20 years of experience cybering, has done everything from pulling miles of CAT5 cable to learning he didn't want to be a malware RE. Most recently he worked at the Defense Advanced Research Projects Agency (DARPA) on a team dedicated to detecting and mitigating advanced threats. Ryan moved onto Splunk as a Principal Security Strategist where he helps out with IR, hunting, and solving fun problems for customers around the world. Ryan loves Bernese mountain dogs and despises printers.

Sponsor Presenter:

Nicholas Hayden

Nicholas Hayden is the senior director of threat intelligence for Anomali. For the past 20+ years, Nicholas has dedicated his learning and commitment in the field of information/cyber security. Nicholas is a co-founder for ISC2 New Hampshire Chapter, and a leader in the USAF cyber defense capabilities. He's participated in several national exercises in a variety of roles. Additionally, he continues to make an impact at the national level, by being a member of the OASIS STIX/TAKII committee.

Nicholas will cover how MITRE ATT&CK will be the game-changer you're looking for. By collecting statistical data on TTPs, a predictability model, similar to the ones used for predicting power outages, can be created. This predictability model will show how, and potentially when, you'll see attacks.

Sustaining Partners