MITRE ATT&CK – Combining APTs, TTPs, & GRC to build realistic security programs

Are you prepared to face the next big APT? Do you need to be ready to face the next big APT? This session focuses on building a realistic GRC program. This approach uses intelligence gleaned from these attackers but does not chase down every type of attack. This session focuses on showing you how to leverage this attacker information without going overboard chasing down threats you’re likely to never see. This approach brings the best ROI for security controls by identifying the threats with the highest likelihood and focusing mitigation efforts. About the speaker: Alex Martirosyan Alex is a Senior Penetration Tester at Wolf’s IT Assurance Services group where he’s responsible for coordinating and conducting penetration testing services for clients in a variety of industries, including financial, healthcare, and software. His expertise consists of internal and external network penetration testing, threat emulation exercises, social engineering, vulnerability assessments, cloud security assessments, and Active Directory security reviews. Additionally, he has experience working with standards from the National Institute of Standards and Technology (NIST), the Center for Internet Security (CIS), and leveraging the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework. Alex has over three years of experience performing security assessments and holds certifications from industry-recognized organizations such as Offensive Security and Global Information Assurance Certification (GIAC).