Aligning the Modern SIEM with MITRE ATT&CK

Principal Product Manager Splunk

Kyle Champlin is an industry veteran with over 13 years of experience in the IT and security fields, and is the product manager for Splunk's Enterprise Security solution.

Principal Security Strategist Splunk

Ryan Kovar, with over 20 years of experience cybering, has done everything from pulling miles of CAT5 cable on an aircraft carrier to learning that he didn't want to be a malware RE. Most recently, he worked at the Defense Advanced Research Projects Agency (DARPA) on a team dedicated to detecting and mitigating advanced threats.

Ryan then moved to Splunk as a Principal Security Strategist where he teaches hunting, attempts practical security research, and solves fun problems for folks around the world. Ryan loves Bernese mountain dogs and wire data, and despises printers.

Principal Cybersecurity Engineer, MITRE

John is a cybersecurity engineer at MITRE, where he works on threat hunting, analytics, and defensive cyber operations for ATT&CK and MITRE's sponsors. He's one of the maintainers of the Cyber Analytics Repository and is the lead for ATT&CK Sightings.

Outside of work he likes to not go anywhere or do anything because of the pandemic.

Threat Research Manager, Cisco Talos

With over a decade of Information Security experience, Matthew currently leads a team of researchers in Cisco Talos. Previously he's worked on Cisco's CSIRT as both an Investigator and Investigations Manager, and most recently at Splunk as a Senior Security Specialist in a technical overlay role for the security sales field.

He provides expertise building security monitoring and Incident Response programs for cloud and hosted service enterprises, focusing on targeted and high-value assets via a threat-centric methodology. He is a published O'Reilly author with a proven ability to run global, high-profile, service and revenue impacting, and complex multi-faceted investigations. Matthew strives to both learn from and share his knowledge with a global InfoSec community.