Magnets for Needles in Haystacks: Using MITRE ATT&CK w/ Risk-Based Alert | Haylee Mills | WWHF 2023

🔗 Join us in-person and virtually at our Wild West Hackin' Fest: information security conferences — https://wildwesthackinfest.com/

MITRE ATT&CK helps us identify threats, prioritize data sources, and improve security posture, but how do we actualize those insights for better detection and alerting? We shift to alerts on aggregated behaviors over direct alerts, and make our noisy datasets into valuable treasure troves tagged with ATT&CK metadata. Let's discuss the key features needed to implement this in any security toolset!

“Haylee went to school for 2D animation and worked in that industry for four years before 80 hour weeks and 40 hours of minimal pay crushed her soul and her dreams. During her quarter-life crisis living with her parents, she bicycled across the United States and dabbled in documentary film-making, aquaponics, and urban gardening. She ultimately wandered into information security as a career path thanks to a friend in the field who believed in her and dangled the starting pay for an information security analyst. Beyond the money, she quickly developed a passion for the craft as well as building pipelines for folks to achieve financial stability in this career.

She started as a SOC analyst working crappy alerts, made better alerts and an elegant investigation workflow in Splunk with Risk-Based Alerting as a Content Engineer, and finally moved to Splunk to evangelize and advise on RBA as a Security Strategist. In that time, she hosted regular classes with mentees and created a course on Twitch/Youtube to reach people interested in cybersecurity without a background in IT or Computer Science. In her spare time (lol), she works with the Cybersecurity Council of Arizona building infosec education pipelines, as social media staff for AZ’s premiere cybersecurity conference CactusCon, and on the Tempe Arts & Culture Commission to advise the City on arts development and preservation.”

///Black Hills Infosec Socials
Twitter:   / bhinfosecurity  
Mastodon: https://infosec.exchange/@blackhillsi...
LinkedIn:   / antisyphon-training  
Discord:   / discord  

///Black Hills Infosec Shirts & Hoodies
https://spearphish-general-store.mysh...

///Black Hills Infosec Services
Active SOC: https://www.blackhillsinfosec.com/ser...
Penetration Testing: https://www.blackhillsinfosec.com/ser...
Incident Response: https://www.blackhillsinfosec.com/ser...

///Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: https://www.backdoorsandbreaches.com/
Play B&B Online: https://play.backdoorsandbreaches.com/

///Antisyphon Training
Pay What You Can: https://www.antisyphontraining.com/pa...
Live Training: https://www.antisyphontraining.com/co...
On Demand Training: https://www.antisyphontraining.com/on...
Antisyphon Discord:   / discord  
Antisyphon Mastodon: https://infosec.exchange/@Antisy_Trai...

///Educational Infosec Content
Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest YouTube:    / wildwesthackinfest  
Antisyphon Training YouTube:    / antisyphontraining  
Active Countermeasures YouTube:    / activecountermeasures  
Threat Hunter Community Discord:   / discord  

Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/