Pen testing, Attack simulation, Security research

SWVHSC: Mapping MITRE ATT&CK to PCI DSS – Jeff Man – ESW #193

MITRE ATT&CK seems to be the “next big thing”. Every time I hear about it I can’t help but wonder, “how do you prevent all these attacks in the first place? Shouldn’t that be the end game?” To that end, I set out to map all the recommended “Mitigations” for all the “Techniques” detailed in ATT&CK to see how many are already addressed by what is required in the Payment Card Industry Data Security Standard (PCI DSS). My hypothesis was all of them. The results were interesting and a little surprising, and I’m still trying to figure out how to best use the results and subsequently ATT&CK itself. I will present my findings in the briefing and hopefully generate a discussion about what to do with the results. Visit for all the latest episodes!

Full Episode Show Notes




[caption id="attachment_210" align="alignleft" width="120"]Matt Alderman Matt Alderman - CEO[/caption] [caption id="attachment_210" align="alignleft" width="120"]Paul Asadoorian Paul Asadoorian - Founder & CTO[/caption]


[caption id="attachment_210" align="alignleft" width="120"]Jeff Man Jeff Man - Information Security Evangelist [/caption]


  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting and completing the form! We review suggestions monthly and will reach out to you once reviewed!

[audio src=""]

prestitial ad