Session 2.4f Tutorial: Applying MITRE ATT&CK and Cyber Threat Intelligence to Deliver Effective Cyber Security
Tracks
Wednesday, November 15, 2023 |
11:30 AM - 12:30 PM |
Fitzroy Theatre |
ㅤ
Effective cyber security relies on the ability to anticipate a variety of different Tactics, Techniques and Procedures (TTPs) used by adversaries to target and compromise the confidentiality, integrity and availability of systems and data. Cyber Threat Intelligence (CTI) provides situational awareness to cyber security teams to defend against threat actors in cyber space. MITRE ATT&CK is the industry benchmark knowledge base of threat actor behaviours, upon which numerous threat models have been built.
This tutorial will provide a deep-dive into the MITRE ATT&CK Framework in the context of using CTI to defend organisations and review a number of benefits and challenges in the application of CTI on scale. The tutorial will provide realistic examples in the form of a gamified learning experience, which will involve tutorial participants in the process of using MITRE ATT&CK and CTI across the pyramid of pain to defend a network from a mock adversary. Participants will be a key aspect of the tutorial and are expected to participate to deliver an optimised experience.
Speaker/s
Dr David Ormrod
Director Information Warfare
Defence
Dr Dave Ormrod joined Defence SA in July 2023 as the inaugural Director Information Warfare (IW). A leader in IW and cyber security with more than 25 years of industry experience, Dave’s past experience includes service in the Australian Defence Force, as well as working with defence industry, federal and state government, and the cyber security industry more broadly. Throughout his career, Dave has built high performing security teams, tailored cyber security solutions, and acted as a trusted advisor and collaborator to C-suite Executives. He has worked across Australia, Europe, the United Kingdom and the United States. Dave has a PhD in Computer Science and is a graduate of both the Carnegie Mellon University (CMU) Chief Information Security Officer (CISO) Program and the US Joint Staff College, Joint Information Operations Planning Course (JIOPC). Dave is an Australian Signals Directorate (ASD) endorsed member of the Information Security Registered Assessor Program (IRAP), as well as an IRAP trainer through the Australian Cyber Collaboration Centre.
Michael Billet