Presenter: Stephen Aldrich
Room: Ballroom, EMU 244, Level 2
Presentation: Operationalizing MITRE ATTACK, Studying Offensive Security to Build a Better Defense 
Time: 02:45p – 03:15p    

An organization cannot defend against what it does not understand. ATT&CK stands for Adversary Tactics, Techniques & Common Knowledge and while it sounds more appropriate for offensive security teams, it is most often used by defensive security teams to improve the security posture of an organization. At first glance, it can seem overwhelming. With so much packed into the framework, it can be difficult to know where to get started and how to operationalize the information. After an introduction to the framework, I will explain how to use it to gain an understanding of adversary behavior, improve and validate defenses, and demonstrate the readiness of the security operations center.

Learning Objectives:

• Gain foundational knowledge of the MITRE ATT&CK framework.
• Learn how to use the framework to validate and improve organizational defenses.
• Demonstrate the value the SOC.

Attendees will leave with an understanding of how the ATT&CK framework is designed and enough information to begin using the framework to help their organization improve their defenses.