3 Days Left to Get MacBook Air, $400 Amazon Gift Card, or Take $400 Off with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

MITRE ATT&CK for ICS: A Technical Deep Dive

  • Friday, May 22, 2020 at 1:00 PM EDT (2020-05-22 17:00:00 UTC)
  • Phil Neray, Joe DiPietro


  • CyberX

You can now attend the webcast using your mobile device!



MITRE ATT&CK for ICS is a standard framework for understanding the diverse tactics that adversaries use to compromise and pivot through ICS/OT networks.

Unlike ATT&CK for Enterprise, ATT&CK for ICS focuses on adversaries whose primary goal is disrupting industrial control processes, stealing intellectual property, or causing safety incidents by attacking industrial control systems.

In this technical webinar, youll learn about:

  • The 11 classes of tactics described in the MITRE ATT&CK for ICS Framework.
  • How to use the framework to improve your ICS security posture.
  • How a real-world ICS attack would be detected by CyberXs purpose-built IoT/OT security platform and how to map the attackers tactics to the MITRE framework.

Speaker Bios

Phil Neray

Phil Neray is Director of Azure IoT & Industrial Cybersecurity at Microsoft. He joined Microsoft after its acquisition of CyberX, a leader in agentless security and behavioral analytics for industrial and critical infrastructure networks. Prior to CyberX, Phil held executive roles at IBM Security/Q1 Labs, Symantec, Veracode, and Guardium. Phil began his career as an engineer with Hydro-Quebec and as a Schlumberger engineer on oil rigs in South America. He has a BSEE from McGill University, is certified in cloud security (CCSK), and has a First-Degree Black Belt in American Jiu Jitsu.

Joe DiPietro

Joe DiPietro has over 20 years of both leadership and hands-on experience with enterprise security leaders including Algosec, IBM, Guardium, and Checkpoint Software. At Algosec, he established and led the companyís technical sales engineering function for the Americas and was later promoted to lead the function worldwide. At IBM, he was director of sales engineering and IBM InfoSphere Data Governance Center of Excellence Leader. He previously led worldwide sales engineering for Guardium, which was acquired by IBM for $220 million. Prior to IBM, he was Checkpointís first sales engineer and later rose to the position of Director of Systems Engineering. Joe holds a Masterís Degree in Computer Science, a Masters of Arts degree, and a Bachelorís Degree in Mechanical Engineering

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.