The 2026 EU MITRE ATT&CK® Community Workshop will take place on 6 May 2026 from 9:30 until 17:30 (CEST) and will be hosted by EUROCONTROL, in collaboration with the Centre for Cybersecurity Belgium, the MITRE Center for Threat-Informed Defense and MITRE ATT&CK. The event is hybrid: you can choose to attend online via videoconference or attend in-person in Brussels.
This workshop is organised by practitioners and for practitioners with an interest in the use of the ATT&CK® Framework in Prevention, Detection/Hunting and Response. You will hear updates from the MITRE Center For Threat-Informed Defense and from the developers of systems and tools supporting the ATT&CK® Framework. But even more importantly, you will learn best practices from your peers in the user community.
Agenda
| Timing | Title | First name | Last name | Organisation | |
|---|---|---|---|---|---|
| 09:00 - 09:30 | REGISTRATION | ||||
| 09:30 - 09:35 | Welcome | Clara | Grillet | CCB | |
| 09:35 - 09:40 | Opening Keynote | Freddy | Dezeure | Microsoft | |
| 09:40 - 09:45 | Opening Keynote | Patrick | Mana | EUROCONTROL | |
| 1 | 09:45 - 10:00 | Building Resilient AI Security Controls Using MITRE ATT&CK® and ATLAS™ | Ana | Lakshmanan | Microsoft |
| 2 | 10:00 - 10:15 | The Automation Illusion? Bridging Threat Modeling and Threat-Informed Defense | Sebastien | Deleersnyder | Toreon |
| 3 | 10:15 - 10:30 | When your ATT&CK map lands on a GRC desk | Dennis | Verslegers | Orange Cyberdefense |
| 4 | 10:30 - 10:45 | From ATT&CK-driven Scoring to Strategy: Advancing Cyber Risk Quantification through Contextualization | Hanna Artem |
Holych Zhylin |
CERT-UA |
| 5 | 10:45 - 11:00 | Country-Specific and Sector-Specific Threat Models as a Public Service | Jan | Kopriva | Nettles Consulting |
| 11:00 - 11:30 | BREAK | ||||
| 6 | 11:30 - 11:45 | Intelligence that Drives Action - Operationalizing CTI using MITRE Attack Flow v3 | Rajendra | Mekhale | Itsme |
| 7 | 11:45 - 12:00 | Cyber Offence Risk Modelling for AI Safety Evaluations and the use of MITRE ATT&CK | Luca | Massarelli | European Commission |
| 8 | 12:00 - 12:15 | Defending the Critical Path: Business‑Aligned Threat Modelling with MITRE ATT&CK | Jennifer | Henoch | Macquarie Group |
| 9 | 12:15 - 12:30 | AI in the Crosshairs: Operationalising MITRE ATLAS Alongside ATT&CK | Chris | Brake | AttackIQ |
| 10 | 12:30 - 12:45 | From SIEM-Centric to Modernized SOC: Decoupling Data, Detections, and Response. | Hieu | Tran | FPT |
| 11 | 12:45 - 13:00 | AI inSecurity Testing: MITRE ATLAS angle | Vito | Rallo | Kyndryl |
| 13:00 - 14:15 | LUNCH | ||||
| 12 | 14:15 - 14:30 | Going Full Spectrum with AI-Powered Red Ops | Jeroen | Vandeleur | Proximus, SANS, Owner of Agron |
| 13 | 14:30 - 15:00 | What’s going on with MITRE ATT&CK in 2026 | Lauren Adam |
Lusty Pennington |
MITRE ATT&CK |
| 14 | 15:00 - 15:15 | Keeping Europe SAFE, One Technique at a Time | Teodor | Mihailescu | The Romanian national cyber security and incident response team (DNSC) |
| 15 | 15:15 - 15:30 | Advancing Threat-Led Defense with Generative AI | Ian | Davila | Tidal Cyber |
| 15:30 - 16:00 | BREAK | ||||
| 16 | 16:00 - 16:15 | Latest updates of the MITRE Center for Threat-Informed Defense | Leslie | Anderson | MITRE Center for Threat-Informed Defense |
| 17 | 16:15 - 16:30 | From Threat Scenarios to ATT&CK Mapping: Making Threat Modeling Actionable Without False Precision | Nathan | Pembe | NVISO |
| 18 | 16:30 - 16:45 | Beyond detection rules | LTC Maciej | Szymczyk | Polish Cyber Command |
| 16:45 - 17:00 | Closing of event | Clara | Grillet | CCB | |
| 17:00 - 18:30 | DRINK |
We look forward to welcoming you on 6 May 2026!
👉 Register now to save your spot: 2026 EU MITRE ATT&CK® Community Workshop | EUROCONTROL
About the EU ATT&CK Community
The EU ATT&CK Community is a diverse community of practitioners including security professionals, cybersecurity vendors, CSIRTs/CERTs and user organisations whose aim is to actively use MITRE ATT&CK® while contributing back to improve cyber defense. The EU MITRE ATT&CK® Community is a volunteer-driven vendor neutral platform where all users can discuss, exchange and improve their use of adversary tactics and techniques together in practical use cases like attribution, prevention, detection, hunting and response.
Contact
If you want to get in touch with us, you can reach us via email info@attack-community.org.