Procedures Make It Possible: Solving One of Cybersecurity's Most Persistent Challenges

Black Hat 2025 Sponsored Session by Scott Small, Director of Cyber Threat Intelligence & Harrison Van Riper, Director of Artificial Intelligence

 

More security teams are using the Tactics and Techniques elements of MITRE ATT&CK® successfully for strategic planning, assessments, and risk management. But technical defenders, like detection and emulation engineers, need something more detailed & granular to do their jobs.

They need the data contained within Procedures.

Despite being a familiar term as the "P" in "TTP", no widely accepted definition of or structure for Procedures has ever existed, which has greatly limited their adoption in the community. This session covers how Tidal Cyber is solving the persistent Procedure challenge by adopting an accurate but practical definition of and data model for Procedures, and using large-scale data analysis powered by an original artificial intelligence solution to create and maintain a living, easily searchable library of adversarial Procedures.

We'll review our methodology for defining these critical data elements, spotlight real Procedure examples based on timely cyber threat intelligence, and most importantly, demonstrate how our approach to Procedures advances threat-led defense through features such as Procedure relationships to defensive capabilities, enabling more precise confidence in your security stack's ability to defend against the threats you care about.

Speakers:

Scott-Small-400Scott Small, Director of CTI, Tidal Cyber

Scott is a career intelligence researcher & analyst and an expert in cyber threat intelligence & threat profiling, open source research & investigations, and data analysis & automation. He has advised enterprise and public sector security teams across maturity levels on technical and strategic applications of intelligence and on using technology to help identify and mitigate organizational risk. Throughout his career, Scott has briefed and trained large and small audiences and has presented original content at major security conferences and industry events. He is also an active member of the professional security & intelligence communities, contributes to community projects, and has published several independent projects, tools, & resources.

Harrison HeadshotHarrison Van Riper, Director of AI, Tidal Cyber

Harrison Van Riper leads AI initiatives at Tidal Cyber, driving innovation in cybersecurity automation and adversary intelligence. With a background in threat intelligence and AI-driven security solutions, he brings deep expertise in leveraging large language models (LLMs) and automation to enhance cyber defense strategies. Before joining Tidal Cyber, Harrison founded Zero-Shot Security, where he developed NARC (Natural Attack Reading and Comprehension)—an AI-powered tool mapping threats to the MITRE ATT&CK framework. His work bridges the gap between cutting-edge AI and real-world cybersecurity challenges, helping organizations stay ahead of evolving threats.