ATT&CK Advisory Council Members & Bios
The ATT&CK Advisory Council includes leaders from cybersecurity strategy, policy, and operations across public and private sectors.
Adam Pennington leads ATT&CK at The MITRE Corporation and collected much of the intelligence leveraged in creating ATT&CK’s initial techniques. When not working on ATT&CK, Adam has spent many of his 17 years with MITRE studying and preaching the use of deception for intelligence gathering. Prior to joining MITRE, Adam was a researcher at Carnegie Mellon's Parallel Data Lab and earned his BS and MS degrees in Computer Science and Electrical and Computer Engineering as well as the 2017 Alumni Service Award from Carnegie Mellon University. Adam has presented and published in a number of venues including FIRST CTI, USENIX Security, DEF CON, and ACM Transactions on Information and System Security.
Charles Clancy
Chief Technology Officer, MITRE
Charles Clancy is a senior vice president and chief technology officer at MITRE and heads MITRE Labs.
More than 4,000 MITRE Labs scientists, technologists, and engineers deliver deeply technical capabilities and solutions
to the six federally funded R&D centers we operate on behalf of the U.S. government.
In addition, Clancy serves as MITRE’s chief technology officer, harnessing thecompany’s independent R&D program
to advance the missions of MITRE’s sponsors and the nation.
Charles Clancy is a senior vice president and chief technology officer at MITRE and heads MITRE Labs. More than 4,000 MITRE Labs scientists, technologists, and engineers deliver deeply technical capabilities and solutions to the six federally funded R&D centers we operate on behalf of the U.S. government. In addition, Clancy serves as MITRE’s chief technology officer, harnessing thecompany’s independent R&D program to advance the missions of MITRE’s sponsors and the nation.
Before joining MITRE in 2019 as vice president for intelligence programs, Clancy served as the Bradley Distinguished Professor of Cybersecurity in the Department of Electrical and Computer Engineering at Virginia Tech and executive director of the Hume Center for National Security and Technology. There, he led Virginia Tech’s research and experiential learning programs in defense and intelligence. He started his career at the National Security Agency, filling a variety of research and engineering roles, with a focus on wireless communications.
He was named a Fellow of the Institute for Electrical and Electronics Engineers (IEEE) for his work in information security and digital communications and elected a member of the Virginia Academy of Science, Engineering, and Medicine. He has co-authored more than 250 academic publications and patents, as well as six books. He co-founded five venture-backed defense-tech startup companies that apply commercial innovation to the intersection of telecommunications and national security.
Clancy sits on the Armed Forces Communications & Electronics Association International (AFCEA) Board of Directors’ Executive Committee, the AFCEA Intelligence Committee, the Systems Engineering Research Center Advisory Board, the Research Institute for Tactical Autonomy Advisory Board, the Alliance for Telecommunications Industry Solutions Next G Alliance, and the Virginia Tech National Security Institute Advisory Board.
Clancy holds a bachelor’s degree in computer engineering from the Rose-Hulman Institute of Technology, a master’s degree in electrical engineering from the University of Illinois at Urbana-Champaign, and a doctorate in computer science from the University of Maryland, College Park
Kimberly Goody is a Senior Manager with Google Threat Intelligence Group where she has led various teams focused on intelligence analysis and production. She brings over a decade of experience primarily focused on research into complex cybercrime operations dating back to her time at NCFTA where she worked as a liaison between law enforcement and some of the world's largest financial institutions. She holds a master’s degree in security and intelligence studies and has also taught a graduate level course on cyber crime at Georgetown University.
Krysta Horocofsky is a Senior Manager within Recorded Future's Insikt Group. She began her career as a Threat Intelligence Analyst researching diverse cyber threats before specializing in TTP tracking, malware analysis, and detection engineering (YARA, Sigma, Snort, and Nuclei). Krysta currently leads Insikt Group's New and Emerging Threats team, focusing on intelligence reporting, detections, and mitigations for novel, evolving, and trending TTPs. She is passionate about differentiating between adversary and malware TTPs and advocates for the benefits of tracking them distinctly. Krysta also has a growing interest in mobile security.
Ryan Miller is a Sr. Director at Target Corporation, where he leads Cyber Threat Operations including Cyber Threat Intel, Fraud Intel, and Reverse Engineering teams. His experience includes leading and supporting cyber threat intelligence operations in large fusion centers including the National Cybersecurity and Communications Integration Center (NCCIC) and the National Cyber Investigative Joint Task Force (NCIJTF). Ryan is an industry recognized leader who regularly participates and shares threat intelligence, processes, and best practices through forums such as vendor conferences, ISAC communities, and RSAC eFraud Global Forum (EFG). Ryan also serves as a program committee member on the RSAC EFG, helping drive engagement and content development.
Brian Mohr
Director of Threat Informed Defense, HCA Healthcare
Brian Mohr currently serves in the role of Director, Threat Informed Defense, at HCA Healthcare, based in Nashville, TN.
With a career spanning over twenty years, Brian is a seasoned cybersecurity leaders with experience in cybersecurity strategy, intelligence operations,
product development, and program management.
Brian Mohr currently serves in the role of Director, Threat Informed Defense, at HCA Healthcare, based in Nashville, TN. With a career spanning over twenty years, Brian is a seasoned cybersecurity leaders with experience in cybersecurity strategy, intelligence operations, product development, and program management.
Prior to joining HCA Healthcare, Brian co-founded Reqfast, a SaaS intelligence management platform, designed to enhance and facilitate intelligence team operations and workflows. He also served in key cyber intelligence roles both in the financial services and the cyber intelligence vendor space, where he developed intelligence programs, enhanced risk-based decision-making, and encouraged a stakeholder-centric approach to providing intelligence services.
Gene Spafford
Emeritus Director, Center for Education and Research in Information Assurance and Security, Purdue University
Eugene H. Spafford is one of the most senior and recognized leaders in the field of computing.
His research and development work, including work with his students, underlies cyber security mechanisms in use on millions of systems in use today,
including work in firewalls, intrusion detection, vulnerability scanners, integrity monitoring, forensics, and security architectures.
Eugene H. Spafford is one of the most senior and recognized leaders in the field of computing. His research and development work, including work with his students, underlies cyber security mechanisms in use on millions of systems in use today, including work in firewalls, intrusion detection, vulnerability scanners, integrity monitoring, forensics, and security architectures.
Professor Spafford has been honored with every significant award in cybersecurity, including induction into the [Cyber Security Hall of Fame](https://www.cybersecurityhalloffame.org/); every major award at Purdue University for teaching; and many major awards for distinguished service to the computing community, including the CRA Distinguished Service Award. He is one of only two people to receive all three of the National Computer Security Award, be inducted into the Cyber Security Hall of Fame, and receive the Hal Tipton Award. He is also the only person ever to be named as a Fellow of the combination of the [(ISC)2](https://www.isc2.org/), [ISSA](https://www.issa.org/) (as a Distinguished Fellow), [ACM](https://www.acm.org/), [IEEE](https://www.ieee.org/), [American Association for the Advancement of Science (AAAS)](https://www.aaas.org/), and [American Academy of Arts and Sciences (AAA&S)](https://www.amacad.org/).
Spaf (as he is widely known) has established an on-going record of accomplishment as a senior advisor and consultant on issues of security and intelligence, education, cybercrime and computing policy to many major companies, law enforcement organizations, academic and government agencies, including Microsoft, Intel, Tripwire, SignaCert, Unisys, the US Air Force, Sandia National Laboratory, Los Alamos National Laboratory, the National Security Agency, the GAO, the Federal Bureau of Investigation, the National Science Foundation, the Department of Justice, the Department of Energy, and the staff of two Presidents of the United States. With nearly five decades of experience as a researcher and instructor, Professor Spafford has worked in software engineering, reliable distributed computing, host and network security, digital forensics, computing policy, and computing curriculum design. He is responsible for several "[firsts](https://spaf.cerias.purdue.edu/firsts.html)" in several of these areas.
Dr. Eugene H. Spafford is a Distinguished Professor with a primary appointment in [Computer Science](https://www.cs.purdue.edu/) at [Purdue University](https://www.purdue.edu), where he has been a member of the faculty since 1987. He also has courtesy appointments as a professor of [Philosophy](https://www.cla.purdue.edu/philosophy/), a professor of [Communication](https://www.cla.purdue.edu/communication/), a professor of [Electrical and Computer Engineering](https://engineering.purdue.edu/ECE/), a professor of [Nuclear Engineering](https://engineering.purdue.edu/NE/), and a professor of [Political Science](https://www.cla.purdue.edu/polsci/). He is the Executive Director Emeritus of the Purdue University [Center for Education and Research in Information Assurance and Security](https://www.cerias.purdue.edu/) (CERIAS). In 2012, he was named one of Purdue's inaugural Morrill Professors - the university's highest faculty award.
From 2010–2025, Spaf was Editor-in-Chief of the Elsevier journal [Computers & Security](https://www.journals.elsevier.com/computers-and-security/), the oldest journal in the field of information security, and the official outlet of [IFIP TC-11](https://www.ifiptc11.org/). Before this appointment, he served as Academic Editor (Associate Editor) of the journal from 1998–2009. As of January 1, 2026, he is the Editor Emeritus.
Dr. Spafford is a member and past chair of the [ACM's US Technology Policy Committee](https://www.acm.org/public-policy/usacm/) (formerly the US Public Policy Council) and was a member of ACM Council from 2012–2020. He is a member of Verified Voting's [Board of Advisors](https://www.verifiedvoting.org/board-of-advisors/). He has served several terms as a member of the Board of Directors for the [Computing Research Association](https://cra.org/).
Jonathan "Jono" Spring
Senior Technical Advisor for Security at Scale, Cybersecurity and Infrastructure Security Agency (CISA)
Dr. Jonathan Spring is a cybersecurity specialist in the Cybersecurity and Infrastructure Security Agency.
Working within the Cybersecurity Division’s Vulnerability Management Office, his area of focus includes researching and
producing reliable evidence to support effective cybersecurity policies at various levels of vulnerability management,
machine learning, and threat intelligence.
Dr. Jonathan Spring is a cybersecurity specialist in the Cybersecurity and Infrastructure Security Agency. Working within the Cybersecurity Division’s Vulnerability Management Office, his area of focus includes researching and producing reliable evidence to support effective cybersecurity policies at various levels of vulnerability management, machine learning, and threat intelligence.
Prior to joining CISA, Jonathan held positions in the Computer Emergency Response Team (CERT) division of the Software Engineering Institute (SEI) at Carnegie Mellon University and was adjunct professor at the University of Pittsburgh's School of Information Sciences.
Jonathan has served as program chair of FloCon, an annual conference that focuses on applying data to defend enterprise networks, and the New Security Paradigms Workshop. He has served as a member of Internet Corporation for Assigned Names and Numbers (ICANN's) Security and Stability Advisory Committee (SSAC). Dr. Spring earned his doctoral degree in computer science from University College London. He's authored two cybersecurity textbooks and over 50 publications.
Eric Stride
Chief Security Officer, Huntress
Eric R. Stride is the Chief Security Officer for Huntress, where he oversees the company's global security operations,
global support, adversary tactics, and internal security infrastructure.
A seasoned cybersecurity leader with over 23 years of experience, Eric previously served as a Specialist Executive at Deloitte,
where he drove significant business growth in government cyber offerings.
He also served as the co-founder and Chief Technology Officer of Atlas Cybersecurity, alongside leadership roles at other cybersecurity startups.
Eric R. Stride is the Chief Security Officer for Huntress, where he oversees the company's global security operations, global support, adversary tactics, and internal security infrastructure. A seasoned cybersecurity leader with over 23 years of experience, Eric previously served as a Specialist Executive at Deloitte, where he drove significant business growth in government cyber offerings. He also served as the co-founder and Chief Technology Officer of Atlas Cybersecurity, alongside leadership roles at other cybersecurity startups.
His expertise is grounded in a distinguished 12-year active duty career with the U.S. Air Force and the National Security Agency (NSA). During this time, he led the establishment of the Air Force’s first regional cyber combat mission team and graduated from the NSA’s prestigious Computer Network Operations Development Program. Eric continues to support national defense as a Reserve Colonel, serving as the IMA to the Commander of the 67th Cyberspace Wing.
Richard Struse
Chief Technology Officer and Co-Founder, Tidal Cyber
Richard Struse is a globally recognized technology innovator who has led the development of new approaches and solutions in cybersecurity for decades.
Rich is the Co-founder and CTO at Tidal Cyber and is responsible for leading the product engineering team to ensure the platform delivers scalable, reliable,
and industry-first capabilities that operationalize Threat-Led Defense and translate complex capabilities to meet the real-world demands of modern security operations.
Richard Struse is a globally recognized technology innovator who has led the development of new approaches and solutions in cybersecurity for decades. Rich is the Co-founder and CTO at Tidal Cyber and is responsible for leading the product engineering team to ensure the platform delivers scalable, reliable, and industry-first capabilities that operationalize Threat-Led Defense and translate complex capabilities to meet the real-world demands of modern security operations.
Rich was the co-founder of MITRE’s Center for Threat-Informed Defense, where he worked with many of the most sophisticated enterprise cybersecurity organizations in the world to advance the state-of-art and state-of-practice of threat-informed defense globally. In this role, Rich helped create many of the resources and approaches that undergird advanced threat-informed defense. Rich is also the creator of STIX and TAXII Cyber Threat Intelligence (CTI) sharing standards that changed the landscape of cyber threat intelligence. Rich previously served as the CTO of DHS’s National Cybersecurity and Communications Integration Center and was the co-founder of VOXEM, Inc.