MITRE ATT&CK matrix on a monitor

MITRE Announces Formation of the ATT&CK Advisory Council to Strengthen Long-Term Stewardship of the ATT&CK Program

Cybersecurity

McLean, Va., and Bedford, Mass., Feb. 25, 2026 — MITRE today announced the formation of the MITRE ATT&CK® Advisory Council, an independent body created to support the long-term sustainability, integrity, and global impact of the MITRE ATT&CK program.

MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques, grounded in real-world observations and continuously refined through operational use. From small organizations to top 10 Fortune 500 companies, it has become a global gold standard for turning cyber threat data into a strategic advantage. The framework provides a common language for threat-informed defense and is widely embedded across the cybersecurity ecosystem, relied on directly or through security technologies by leading organizations worldwide.

ATT&CK’s value is reflected in its adoption and trust. In a 2022 survey conducted by an independent industry analyst, more than 80% of North American organizations reported that ATT&CK is “critical” or “very important” to their security operations strategy.

The ATT&CK Advisory Council brings together experienced leaders from government, industry, and academia to provide strategic guidance on ATT&CK’s continued evolution. Members will advise MITRE on long-term strategy, content and roadmap development, methodology and quality standards, community engagement and transparency, and program sustainability. The Council will also identify emerging risks, opportunities, and trends across the cybersecurity landscape.

“The Advisory Council ensures that ATT&CK continues to evolve with input from the experts who rely on it every day, helping us maintain a trusted, actionable, and globally relevant framework for defending against cyber threats,” said Charles Clancy, senior vice president and chief technology officer, MITRE.  

ATT&CK Advisory Council Members include:

  • Adam Pennington, ATT&CK Lead, MITRE
  • Charles Clancy, Chief Technology Officer, MITRE
  • Freddy Dezeure, Deputy Chief Information Security Officer for Europe, Microsoft
  • Kimberly Goody, Head of Intelligence Production and Analysis, Google
  • Krysta Horocofsky, Senior Manager, New and Emerging Threats, Recorded Future
  • Eric Hutchins, Executive Director, Cybersecurity Operations, JPMorgan Chase
  • Brian Mohr, Director of Threat Informed Defense, HCA Healthcare
  • Jonathan “Jono” Spring, Senior Technical Advisor for Security at Scale, Cybersecurity and Infrastructure Security Agency (CISA)
  • Gene Spafford, Emeritus Director, Center for Education and Research in Information Assurance and Security, Purdue University
  • Joel Spurlock, Vice President, Data Science, CrowdStrike
  • Eric Stride, Chief Security Officer, Huntress
  • Richard Struse, Chief Technology Officer and Co-Founder, Tidal Cyber

“Since its initial public release over a decade ago, MITRE ATT&CK has been an invaluable resource for security teams around the world due to its non-commercial, public-interest spirit,” said Richard Struse, CTO and co-founder, Tidal Cyber. “I am honored to be a member of the ATT&CK Advisory Council and look forward to working with the council members and MITRE to continue to advance ATT&CK as a trusted resource for all.”

“At Recorded Future, we understand that the MITRE ATT&CK framework is extremely helpful for our users in classifying adversary behaviors, assessing security gaps, and communicating with the global cybersecurity community,” said Krysta Horocofsky, senior manager, new and emerging threats, Recorded Future. “The launch of the ATT&CK Advisory Council is a testament to MITRE’s focus on the framework's longevity, ensuring its evolution reflects both the developmental pace of adversarial TTPs and defender needs. As a leader whose team focuses on tracking new and emerging threats, I am excited to be involved in the Council and look forward to providing guidance to help MITRE maintain a trusted, relevant, and effective framework.”

The ATT&CK Advisory Council offers guidance and advice but does not have governing authority over ATT&CK. MITRE will consider the Council’s recommendations as part of managing and advancing the program, reinforcing a shared commitment to responsible, inclusive stewardship of ATT&CK for the benefit of the global cybersecurity community.

About MITRE

MITRE’s mission-driven teams are dedicated to driving solutions to our nation’s most pressing challenges. As a not-for-profit research and development organization, MITRE’s staff leverage our unique multi-sponsor vantage point, systems expertise, and innovative solutions to ensure the health, prosperity, and security of our nation.

Media Contact: Sarah Lytle, media@mitre.org