logo
        • Who We Are
        • Learn more about MITRE Engenuity’s journey as a hub for transformative innovation.

        • How We Engage
        • We forge innovative partnerships to generate whole-of-nation solutions to complex technological problems.

        • Contact Us
        • Connect with a member of the MITRE Engenuity team and ensure your inquiry gets to the right people.

        • Cybersecurity
        • We are relentlessly advancing the art of threat-informed defense, anchored by a belief that we can improve our defenses with a systemic application of a deep understanding of adversary tradecraft and technology.

        • ATT&CK Evaluations
        • We offer objective analysis of cyber products and features – see our latest results.

        • Center for Threat-Informed Defense
        • Read more about the cutting-edge research and development being done with input from our participant organizations, featuring some of the top security operations centers.

        • Developing tomorrow's cyber workforce today.
        • News & Insights
        • We are leading the leading edge of innovation. Explore the latest news, insights, R&D, and special projects from our advanced tech experts and partners.

        • Subscribe to Our Newsletters
        • Our tech foundation is addressing the complex problems that face our nation today. Find out how you can join our efforts as we spur innovation for public good.

          Subscribe

Behind the Attack: Lex Crumpton

The ATT&CK Evaluations (Evals) team are a group of dedicated cybersecurity professionals with multiple decades of combined experience. Get to know Lex Crumpton, the detection engineering lead on the Evals team and one of the minds behind executing emulations.

Lex Crumpton

What is your role on the team?

I am the detection engineering lead for ATT&CK Evaluations, heading the detection engineering team. My role involves leading the analysis and testing of Red Team tools prior to their use by our Red Team Operators during evaluation week with the participants and their security product. Additionally, I develop defensive countermeasures, specifically crafting the detection criteria that aid participants in threat hunting the malicious activities outlined in the emulation plan.

What accomplishment are you most proud of on the Evaluations team?

One of my proudest achievements on the ATT&CK Evaluations team is ensuring that the blue team’s perspective is considered much earlier in the research and development phase of individual rounds. Traditionally, the defensive viewpoint was not included in selecting the tools that the Red Team developed or in shaping the emulation plan, which led to a disconnect between the plan’s execution and what EDR/MDR products typically encounter in real-world scenarios. Effective Threat-Informed Defense requires the integration of both red and blue perspectives. It became clear that incorporating the blue team’s insights long before participants faced the emulation plan during their evaluation week was essential.

How has your career led you to MITRE and your current role?

My career journey began with a deep interest in cybersecurity during my time at Bowie State University, where I pursued computer science. After gaining experience at the Department of Defense as an Exploitation Developer and through various roles in cybersecurity, I developed a passion for defensive measures. This passion led me to MITRE, where I have been able to leverage my skills and experience to support MITRE ATT&CK, ATT&CK Evaluations, and the Center for Threat-Informed Defense. My dedication to improving defensive strategies and closing gaps in cybersecurity defenses has shaped my current role as the Detection Engineering Lead for ATT&CK Evaluations.

What skill – technical or soft – have you found useful in your current role?

In my current role, a combination of technical and soft skills is crucial. On the technical side, my expertise in behavior-based detections and threat hunting has been invaluable. On the soft skills side, effective communication and leadership have been essential in coordinating with various stakeholders, leading a diverse team, and representing MITRE in interactions with commercial companies. These skills have allowed me to successfully guide my team and ensure the smooth execution of complex evaluations and projects.

What’s an interesting trend in Cybersecurity?

An interesting trend in cybersecurity is the increasing focus on threat-informed defense. Organizations are now leveraging frameworks like MITRE ATT&CK to better understand adversary behaviors and prioritize their defensive efforts. This shift towards behavior-based detections and threat intelligence integration is enhancing the effectiveness of cybersecurity measures, enabling more proactive and informed responses to threats. The emphasis on collaboration and sharing of threat intelligence across the industry is also helping to create a more resilient cybersecurity ecosystem.

Did you know? Lex makes her own lotions and teas from plants grown in-house!

Interested in connecting with Lex? Follow her on LinkedIn