MITRE Establishes ATT&CK Advisory Council With Industry, Government Leaders

MITRE has established the MITRE ATT&CK Advisory Council, an independent body to support the long-term sustainability, integrity and global impact of the MITRE ATT&CK program.

The council will provide strategic guidance and identify emerging risks, opportunities and trends across the cybersecurity landscape as threat actors continue to evolve their tactics, MITRE said Wednesday

“The Advisory Council ensures that ATT&CK continues to evolve with input from the experts who rely on it every day, helping us maintain a trusted, actionable, and globally relevant framework for defending against cyber threats,” Charles Clancy, senior vice president and chief technology officer at MITRE, stated.

Learn more about evolving cyberthreats from experts in government and industry at the Potomac Officers Club’s 2026 Cyber Summit on May 21. Secure your spot at this critical event today.

Who Are the Members of the MITRE ATT&CK Advisory Council?

The advisory council brings together leaders from government, industry and academia.

• Adam Pennington, ATT&CK lead at MITRE
• Charles Clancy, SVP and CTO at MITRE
• Freddy Dezeure, deputy chief information security officer for Europe at Microsoft
• Kimberly Goody, head of intelligence production and analysis at Google
• Krysta Horocofsky, senior manager of new and emerging threats at Recorded Future
• Eric Hutchins, executive director of cybersecurity operations at JPMorgan Chase
• Brian Mohr, director of threat-informed defense at HCA Healthcare
• Jonathan Spring, senior technical adviser for security at scale at the Cybersecurity and Infrastructure Security Agency
• Gene Spafford, emeritus director at Purdue University’s Center for Education and Research in Information Assurance and Security
• Joel Spurlock, vice president of data science at CrowdStrike

• Eric Stride, chief security officer at Huntress
• Richard Struse, CTO at Tidal Cyber

What Is MITRE ATT&CK?

MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. It provides a common language for threat-informed defense and serves as a foundation for threat models and cybersecurity methodologies used by government, private-sector and cybersecurity product organizations.

The framework has also inspired additional domain-specific resources, such as MITRE’s Adversarial Actions in Digital Asset Payment Technologies, or AADAPT, framework to mitigate cybersecurity risks in cryptocurrency and digital financial systems.

In early 2026, MITRE launched the Embedded Systems Threat Matrix, developed with the U.S. Air Force’s Cyber Resiliency Office for Weapon Systems. The framework focuses on safeguarding embedded systems supporting critical infrastructure and defense technologies.