Intrusion Kill Chain with Rick Howard

Infographic - Reboot of Strategy

Listen this Threat Talk on

Intrusion Kill Chain with Rick Howard

Turning the Tables on Attackers

 

In this episode, host Lieuwe Jan Koning is once again joined by Rick Howard, former Commander of the US Army’s Computer Emergency Response Team and former CSO of Palo Alto Networks, to explore how defenders can flip the script on attackers by focusing on the Intrusion Kill Chain.

❓What is the Intrusion Kill Chain and how has it changed the way we look at cybersecurity?

❓There are only 250 active adversary campaigns; what should we be doing with this knowledge?

❓How can we use frameworks like the Diamond Model and MITRE ATT&CK to our advantage?

❓Why aren’t global governments and intelligence agencies doing more to share cyber threat intelligence? 

 

Rick Howard breaks down the strategic shift introduced by the Intrusion Kill Chain, proving that attackers have more to lose than defenders—as long as security teams know where to break the chain.

 

Explore todays hacks in detail

Find a complete overview of all attacks featured in 2025.

View all infographics

Your cybersecurity experts

Lieuwe Jan Koning, Co-Founder and CTO, ON2IT

Lieuwe Jan Koning

Co-Founder and CTO
ON2IT

Luca Cipriano, Threat Intel Specialst, ON2IT

Rick Howard

President
Cybersecurity Canon Project

Episode details

Cybersecurity has long been seen as a game where defenders must be perfect, while attackers only need to succeed once. But what if that’s the wrong way around?

In this Deep Dive, Rick Howard joins host Lieuwe Jan Koning to discuss how the Intrusion Kill Chain turned the idea of attackers only needing to succeed on its head.

Howard, a former CSO of Palo Alto Networks, explains how frameworks like the Diamond Model and MITRE ATT&CK help defenders proactively counter adversary campaigns. By focusing on the 250 known adversary groups, security teams can anticipate and disrupt attacks rather than just react to them.

Questions that will be answered:

  • Why should we focus on the Cyber Kill Chain?
  • What do different frameworks like the Diamond Model and MITRE ATT&CK have in common? Can and should the ideas behind them be combined?
  • What steps should security teams take to track, analyze, and prevent real-world threats?
  • What roles do agencies like the FBI and global governments play in this?

PS. Find out more about the Cybersecurity Canon here: https://icdt.osu.edu/about-cybersecurity-canon

Infographic - Reboot of Strategy

Get your Hacker T-shirt

Join the treasure hunt!

Find the code within this episode and receive your own hacker t-shirt for free.

9 + 15 =

Christmas Hacker