CypherCon 2023

Achieving a Threat-Informed Defense with MITRE ATT&CK

Ben Opel


This session covers the fundamentals of the MITRE ATT&CK Framework, including the history and evolution, why organizations are adopting it, and how they can use it to make their security program more efficient and effective.

Importance: The cybersecurity community is evolving from the fortress mentality to a threat-informed defense approach, and MITRE ATT&CK is at the center of this transition. A threat-informed defense strategy applies a thorough understanding of adversary tradecraft and technology to protect against, detect, and mitigate cyberattacks. From nation-states to criminal groups, ATT&CK directs teams to focus on adversary tactics, techniques and procedures.

Despite billions of dollars spent, intruders still break through, security controls falter, and defenses fail to prevent data theft and destruction. How can security teams change the story to improve their cybersecurity effectiveness? Instead of trying to close every vulnerability, meet every security standard or buy the “best” commercial technology, defenders can change the game by focusing their defenses on probable, known threats that are most likely to attack the organization.

Ben Opel

MITRE ATT&CK Framework

Ben Opel is a Senior Director of Professional Services at AttackIQ, where he helps customers enhance their cybersecurity capabilities to achieve their security objectives; he is also an instructor at AttackIQ Academy. A former officer in the U.S. Marine Corps, Ben led, trained, and integrated Marines in defensive cyberspace operations in support of U.S. national security objectives. As one of the first US Marine Corps Cyberspace Operations Officers, he steered the initial development of the U.S. Marine Corps’ cyberdefense doctrine, held founding roles in U.S. national and Special Operations cyberspace defense organizations, and drove organizational and technical change across the U.S. Marine Corps. He is a graduate of the U.S. Naval Academy.