Technical Storytelling: How to Build Mission-Focused Threat Emulation Plans

Conference:  RSA Conference 2021



This Lab will focus on threat intelligence integration and organizational threat alignment in support of purple team exercises. Participants will create emulation plans fitting the business requirements and IT architecture of a fictional scientific research organization. They will learn to better understand their own threat environment and to prepare plans for enacting threat-informed defenses. This session will follow Chatham House Rule to allow for free exchange of information and learning. We look forward to participants actively engaging in the discussion, and remind attendees that no comment attribution or recording of any sort should take place. Pre-Requisites: Attendees should understand how to read and use the MITRE ATT&CK framework as a supporting resource to threat intelligence analysis Attendees should be conversant in modern attack techniques and methodologies Attendees should be conversant in the fundamental components of modern IT architectures Attendees should be familiar with the components of a modern cyberdefense architecture This is a capacity-controlled session. If added to your schedule and your availability changes, please remove this session from your schedule to allow others to participate.