BSidesCharm 2022 - Forecasting Cyber Attacks - Charlene Deaver-Vazquez

Wouldn’t it be fantastic if you could forecast the next cyber-attack, the number of attacks, and even how rapidly the attacks would occur? In this session, I’m going to show you how you can use the MITRE ATT&CK framework to build up your attack scenario then use the mathematical models to generate your forecasts. Don’t worry, you don’t have to be a mathematician (or even good at math) to use these models. The goal of this activity is to be proactive in developing mitigations and strategies for the next possible cyber-attack. Charlene Deaver-Vazquez (@FISMACS_LLC) Charlene has worked as a subject matter expert in cybersecurity for 12 years. She has worked in IT for 30 years in both private and government sectors, from supporting small networks and programming to designing global networks. More than a decade ago, she transitioned to compliance, managing a multi-million-dollar contract, then went on to auditing installation sites, cloud, and even supporting deployable platforms. For the past several years she has been providing enterprise-level risk analysis to C-suite stakeholders. In 2021, she created Probabilistic Risk Modeling for Cyber (P-RMOD4Cyber) a framework of methods, models, and guides for cyber-related quantitative analysis.