MITRE ATT&CK: The Play at Home Edition

Black Hat USA 2019

Presented by: Ryan Kovar, Katie Nickels
Date: Wednesday August 07, 2019
Time: 14:40 - 15:30
Location: South Pacific

You've seen the tactics and techniques. You've read the descriptions. However, something is missing…how do you take the theory of MITRE ATT&CK™ and actually DO something with it? At first glance, it is easy to be overwhelmed by the ATT&CK framework. Where do you start? Who should use it? What can you really do with a framework like ATT&CK? Combining the knowledge of an ATT&CK team member with the experience of a security practitioner who has helped implement it, Katie and Ryan will teach you how to take ATT&CK from a cool-sounding idea to a powerful force for creating a threat-informed defense in your company. They will walk the audience through the story of how ATT&CK helped a fictional organization solve real-world-inspired problems that defenders struggle with every day. The presentation will discuss how different teams like threat intelligence analysts, threat hunters, SOC analysts, red teamers, and even executives can use ATT&CK to improve how they track threats and protect against them. Regardless of their role, attendees will learn how they can hit the ground running with ATT&CK on the first day they return home.

Katie Nickels

Katie Nickels is the ATT&CK Threat Intelligence Lead at The MITRE Corporation, where she focuses on sharing how ATT&CK is useful for moving toward a threat-informed defense. She is also a SANS instructor for FOR578: Cyber Threat Intelligence. Katie has worked in network defense, incident response, and cyber threat intelligence for nearly a decade. She hails from a liberal arts background with degrees from Smith College and Georgetown University, embracing the power of applying liberal arts prowess to cybersecurity. With more than a dozen publications to her name, Katie has shared her expertise with presentations at BSidesLV, the FIRST CTI Symposium, multiple SANS Summits, Sp4rkcon, and many other events. Katie was also was a member of the 2019 SANS CTI Summit Advisory Board. She was the 2018 recipient of the President's Award from the Women's Society of Cyberjutsu and serves as the Program Manager for the Cyberjutsu Girls Academy, which seeks to inspire young women to learn more about STEM.

Ryan Kovar

Ryan Kovar, with over 20 years of experience cybering, has done everything from pulling miles of CAT5 cable to learning he didn't want to be a malware RE. Most recently he worked at the Defense Advanced Research Projects Agency (DARPA) on a team dedicated to detecting and mitigating advanced threats. Ryan moved onto Splunk as a Principal Security Strategist where he helps out with IR, hunting, and solving fun problems for customers around the world. Ryan loves Bernese mountain dogs and despises printers.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats