Many organizations struggle with keeping track with the flood of information regarding threat actor groups, malware, and other security vulnerabilities being released each day. Although many people understand the importance of keeping up to date with this information, it can often become a lower priority to other defensive security operations functions.
This talk will cover how to take various forms of cyber threat intelligence and operationalize that information into behaviors that can create actual detections relevant to the organization. We will walk through the process of identifying said behaviors, how to create detections, and how to actually test those detections using open source tools.
Jamie Williams is a Cyber Adversarial Engineer for The MITRE Corporation where he works on various efforts involving security operations and research. He is also a member of both the MITRE ATT&CK‚Ñ¢ and ATT&CK Evaluations teams. Before joining MITRE, Jamie received his M.S. in Information Systems Engineering from Johns Hopkins University and his B.S. in Information Systems from the University of Maryland, Baltimore County (UMBC).
Sarah Yoder is a Cyber Security Engineer for the MITRE Corporation. She enjoys furthering her red team skills and applying cyber threat intelligence to ATT&CK. Prior to joining MITRE, Sarah worked as an Exploit Analyst with the Department of Defense. Sarah received her M.P.A. in Public Administration and B.S. in Cybersecurity from California State University, San Bernardino (CSUSB).