top of page

Ian Dávila

Threat-Informed Defense: The Balancing Act


Ian Davila is a Lead Adversary Emulation Engineer for Tidal Cyber who is passionate about helping organizations adopt a Threat-Informed Defense. Before joining Tidal Cyber, Ian was a Cyber Security Engineer for The MITRE Corporation. Ian advanced MITRE ATT&CK® where he researched, developed, and reviewed techniques for the Enterprise domain as a Technique Research Lead. He also supported the software development team of ATT&CK. Ian was part of ATT&CK Evaluations for two Enterprise offerings where he led evaluations and emulated malware used by adversaries. Ian began his career in Cyber Security in 2015 by competing in CTFs while completing his BS in Computer Science from the URPRP. He was a Research Assistant for UPRRP and interned at NIST and Carnegie Melon University. After completing his BS, he obtained a MS in Information Security from CMU in 2020 while being an intern for The MITRE Corporation.


Threat-Informed Defense is a concept that has existed for a while now but perhaps not well understood in the cyber space. Humans have used information gained from their adversaries as a way to prepare themselves in the case of an attack since before computers existed. In cybersecurity though, understanding what adversaries are doing or what they could do is not that simple. Adversaries are stealthy and are good at making slight modifications to avoid being detected. Detecting Indicators of Compromise (IOCs) is no longer good enough to get close to detecting adversaries and Threat-Informed Defense gets us closer to that goal. In this talk, I will explain lessons learned from my past roles working on MITRE ATT&CK®, a globally accessible knowledgeable of adversary behaviors, how that impacts understanding and detecting adversaries, dive into a few examples of adversaries that have targeted Latin American countries, and combine all that knowledge to showcase how we can use that information to achieve a Threat-Informed Defense. I will also share free resources that you can use today to start moving towards detecting adversary behaviors.

Ian Dávila
bottom of page