I’ve been on writing hiatus since the spring for a number of reasons, but one important reason has emerged and, to use a phrase, the cat’s out of the bag.
With a big thank-you to the ATT&CK team at The MITRE Corporation, I was recently announced as a presenter at this year’s ATT&CKcon 5.0, The MITRE ATT&CK Conference, which will be held in McLean, VA on October 22 and 23. It’s a great honor to have my conference proposal selected, and I’m excited to present what will be an unconventional but insightful and entertaining talk: “Sources of ATT&CK: A Bibliographic Journey Through Enterprise ATT&CK.”
For those who aren’t familiar with MITRE ATT&CK, there’s plenty to read on the official website, but in short, it’s a technical framework that describes how cyber threat actors engage in adversarial activity. ATT&CK synthesizes the “how” of cyber attacks into a formal structure — in this case, matrices of attack domains or surfaces, with columns of tactics, each containing related techniques. Over the years, it’s evolved to become a well-curated source of cyber threat intelligence, and is even responsible for an entire cottage industry of cybersecurity compliance tools.
As I put the finishing touches on the talk and accompanying slides, I plan to return to a monthly cadence of content here on the site. There’s also some great travel photography updates in the works, so stay tuned on the gallery front.
I’ll also be dropping some hints about content leading up to ATT&CKcon 5.0 on my LinkedIn: https://www.linkedin.com/in/rfunches/
Finally, if ATT&CK is your thing, there’s still time to register for in-person attendance (and see me!) at the conference. Virtual registration opens September 24th and is free.