Aligning Security Operations with the MITRE ATT&CK Framework

In our From the Author’s Mouth series, we open our virtual doors to the movers and shakers in information security. It allows you to get your information directly from the source in an interactive interview- setting, with sufficient time reserved for Q&A.

This time we invite Rebecca Blair, SOC Leader at Toast, a leading cloud based restaurant management platform and author of the book ‘Aligning Security Operations with the MITRE ATT&CK Framework’. Todays session will be moderated by Rob van Os, strategic SOC advisor and creator of the SOC Maturity Model.

The Book: Aligning Security Operations with the MITRE ATT&CK Framework: Level up your security operations center for better security

Rebecca Blair serves as the SOC Manager at Toast, a leading cloud based restaurant management platform where she built the SOC team from the ground up. Prior to that, she served at IronNet as the Director of SOC Operations and at the US Army Research Lab as a SOC Lead. She has deep expertise in integrations and security operations and holds degrees from Norwich University in Computer Security and Information Assurance, a Master's Degree from the University of Maryland Global Campus in Cybersecurity, and a MBA from Villanova School of Business.

During her career, Rebecca experienced first hand that The MITRE ATT&CK framework is an extraordinary resource for all SOC environments. However, determining the appropriate implementation techniques for different use cases can be a daunting task.

In her book, Rebecca helps readers gain an understanding of the current state of their SOC, identify areas for improvement, and then fill the security gaps with appropriate parts of the ATT&CK framework.

The book evaluates how to identify the strengths and weaknesses of your SOC environment, and how ATT&CK can help you improve it. Next, you'll explore how to implement the framework and use it to fill any security gaps you've identified, expediting the process without the need for any external or extra resources. Finally, you'll get a glimpse into the world of active SOC managers and practitioners using the ATT&CK framework, unlocking their expertise, cautionary tales, best practices, and ways to continuously improve.

By the end of this book, readers would be ready to start assessing their SOC environment and implement the ATT&CK framework.

Set up for Today:

To keep some focus and make this webinar worth your while, we will dive deeper into 4 specific areas that Rebecca covers in her book:

# How to Organize a SOC environment with the teams that interact with.

# The importance of purple team exercises, setup, and the value/actions they can drive

# Threat modeling and choosing the one that fits the best for your environment

# How to apply the MITRE ATT&CK Framework to your environment and how to choose the right techniques and mitigations.

But the Q&A has been set up in 'ask me anything' format, with sufficient time for any questions that you may have on other sections in the book and on security operations and MITRE ATT&CK in general.

Audiences

The book - and this webinar - is of interest to cybersecurity practitioners, SOC leaders and CISOs. It is aimed at helping those setting up new security programs, as well as leveling up and assessing the maturity of their current program.

Agenda

14h00: Welcome -- Wim Stoffelen (Netherlands)

14h05: Introduction by your moderator – Rob van Os (Netherlands)

14h10: Aligning Security Operations with the MITRE ATT&CK Framework – Rebecca Blair, (USA)

14h35: Q&A Session – Rebecca Blair and Rob van Os

14h55: Closing remarks