Learn real-world skills from real-world cyber security practitioners. View upcoming Live Online Events.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

MITRE ATT&CK® for ICS: A Technical Deep Dive

  • Friday, May 22, 2020 at 1:00 PM EDT (2020-05-22 17:00:00 UTC)
  • Phil Neray, Joe DiPietro


  • CyberX

You can now attend the webcast using your mobile device!



MITRE ATT&CK for ICS is a standard framework for understanding the diverse tactics that adversaries use to compromise and pivot through ICS/OT networks.

Unlike ATT&CK for Enterprise, ATT&CK for ICS focuses on adversaries whose primary goal is disrupting industrial control processes, stealing intellectual property, or causing safety incidents by attacking industrial control systems.

In this technical webinar, youll learn about:

  • The 11 classes of tactics described in the MITRE ATT&CK for ICS Framework.
  • How to use the framework to improve your ICS security posture.
  • How a real-world ICS attack would be detected by CyberXs purpose-built IoT/OT security platform and how to map the attackers tactics to the MITRE framework.

Speaker Bios

Phil Neray

Phil Neray is VP of IoT & Industrial Cybersecurity at CyberX, a Boston-based security firm founded by blue-team experts with a track record of defending critical national infrastructure. Prior to CyberX, Phil held executive roles at IBM Security/Q1 Labs, Symantec, Veracode, and Guardium. Phil began his career as a Schlumberger engineer on oil rigs in South America and as an engineer with Hydro-Quebec. He has a BSEE from McGill University, is certified in cloud security (CCSK), and has a 1st Degree Black Belt in American Jiu Jitsu.

Joe DiPietro

Joe DiPietro has over 20 years of both leadership and hands-on experience with enterprise security leaders including Algosec, IBM, Guardium, and Checkpoint Software. At Algosec, he established and led the company’s technical sales engineering function for the Americas and was later promoted to lead the function worldwide. At IBM, he was director of sales engineering and IBM InfoSphere Data Governance Center of Excellence Leader. He previously led worldwide sales engineering for Guardium, which was acquired by IBM for $220 million. Prior to IBM, he was Checkpoint’s first sales engineer and later rose to the position of Director of Systems Engineering. Joe holds a Master’s Degree in Computer Science, a Masters of Arts degree, and a Bachelor’s Degree in Mechanical Engineering

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.