MITRE ATT&CKcon Agenda

Note: Speakers and sessions are still being added.

Tuesday, October 23

8:00-9:00 - Registration and Breakfast

  • 9:00-9:15 - Welcome
    Dr. Jason Providakes, MITRE President and CEO
  • 9:15-10:00 - Keynote Address
    John Lambert, Distinguished Engineer and General Manager, Microsoft’s Threat Intelligence Center
  • 10:00-10:30 - MITRE ATT&CK: How Did We Get Here?
    Blake Strom, MITRE ATT&CK Lead, The MITRE Corporation

10:30-10:50 - Break

  • 10:50-11:20 - Summiting the Pyramid of Pain: Operationalizing ATT&CK
    Emma MacMullan, Staff Cyber Intelligence Analyst, General Electric
    Justin Sherenco, Senior Staff Incident Responder, General Electric
  • 11:20-11:50 - ATT&CK: All the Things
    Neelsen Cyrus, Information Security Engineer Lead, USAA
    David Thompson, Detections Lead/Blue Team, USAA
  • 11:50-12:20 - Agile Continuous Improvement Using ATT&CK
    Matthew Stiak, Director, Cyber Risk Management, Delta Dental of California
    Jason Sinchak, Principal, Level Nine Group

12:20-1:30 - Lunch

  • 1:30-2:15 - ATT&CK Panel Discussion

    • Introduction: Rich Byrne, Senior Vice President, The MITRE Corporation
    • Moderator: Dr. Ed Amoroso, CEO, Tag Cyber LLC

    • Panelists: Devon Kerr, Director of Response, Endgame
      Carl Wright, CEO, ATTACKIQ
      Jen Miller-Osborn, Deputy Director of Threat Intelligence, Unit 42 at Palo Alto Networks
      Yonatan Striem-Amit, CTO and Co-Founder, Cybereason
  • 2:15-2:45 - VCAF: Expanding the ATT&CK Framework to Cover VERIS Threat Action Varieties
    Alex Pinto, Principal Security Data Scientist, Verizon
    Gabe Bassett, Senior Security Data Scientist, Verizon
  • 2:45-3:15 - Playing Devil's Advocate to Security Initiatives with ATT&CK
    David Middlehurst, Principal Security Consultant, Trustwave

3:15-3:45 - Break

  • 3:45-4:15 - From Red VS Blue to Red ♥ Blue
    Olaf Hartong, Blue Team Specialist Leader, Deloitte
    Vincent Van Mieghem, Senior Consultant, Deloitte
  • 4:15-4:30 - Helping Your Non-Security Executives Understand ATT&CK in 10 Minutes or Less
    Elly Searle, Lead Content Strategist, CrowdStrike
  • 4:30-4:45 - ATT&CK as a Teacher
    Travis Smith, Principal Security Researcher, Tripwire
  • 4:45-5:00 - Decision Analysis Applications in Threat Analysis Frameworks
    Emily Shawgo, IT Security Administrator, PNC
  • 5:00-5:15 - Building an Atomic Testing Program
    Brian Beyer, Co-Founder & CEO, Red Canary

5:15-7:00 - Closing Statements and Reception

Wednesday, October 24

8:00-9:00 - Breakfast

9:00-9:20 - Welcome: Gary Gagnon, Vice President of Cyber Strategy and CSO, The MITRE Corporation

9:20-9:45 - Lightning Talks

  • 9:45-10:15 - 5 Ways to Screw Up Your Security Program with ATT&CK
    Kyle Rainey, Lead Detection Engineer, Red Canary

  • 10:15-10:30 - ATT&CK + OSQuery = Love
    Scott Lundgren, Chief Architect, Carbon Black

  • 10:30-10:45 - An ATT&CK Review of 200 Hybrid-Analysis Submissions
    James Lerud, Manager, Behavior Research Team, Verodin

10:45-11:15 - Break

  • 11:15-11:45 - Hunters ATT&CKing with the Data
    Roberto Rodriguez, Senior Threat Hunter, SpecterOps
    Jose Luis Rodriguez, Student
  • 11:45-12:15 - Analyzing Targeted Intrusions Through the Lens of the ATT&CK Framework
    Karl Scheuerman, Senior Strategic Intrusion Analyst, Crowdstrike

12:15-1:30 - Lunch

  • 1:30-2:15 - ATT&CK Panel Discussion

    • Moderator: Katie Nickels, ATT&CK Threat Intelligence Lead, The MITRE Corporation

    • Panelists: Jon Bagg, Head of Cyber Detection Engineering, Booz Allen
      Daniel Bernholz, JPMorgan Chase, Vice President, Cybersecurity & Technology Controls
      John Hubbard, Instructor & Course Author, SANS Institute
      Dave Westgard, Target Corporation
  • 2:15-2:45 - Sofacy 2018 and the Adversary Playbook
    Robert Falcone, Threat Researcher, Palo Alto Networks

2:45-3:00 - Break

  • 3:00-3:30 - From Automation to Analytics Simulating the Adversary to Create Better Detections
    David Herrald, Staff Security Strategist, Splunk
    Ryan Kovar, Principal Security Strategist, Splunk
  • 3:30-4:00 - Closing Keynote Address
    Richard Struse, Chief Strategist for Cyber Threat Intelligence, The MITRE Corporation


ATT&CKcon Agenda
ATT&CKcon Conference Logistics

MITRE ATT&CKcon Questions?

Please email the team at