Back to News
Leslie Z Anderson MITRE Interview

MITRE: “Our goal is to help defenders everywhere stay ahead of threats”

We interviewed Leslie Z. Anderson, Chief Strategist for Cyber at MITRE, about its mission to to advance US national security in new ways and serve the public interest as an independent adviser, the sustainability issues they face, and how efforts like Common Good Cyber can help.

Can you introduce MITRE and explain what projects like ATT&CK, Caldera, and the Center for Threat-Informed Defense are? What do they do to improve cybersecurity in the public interest? 

MITRE is a not-for-profit organization that exists to serve the public good—our focus is on solving big, complex problems that matter to the nation, not on making a profit. We run several federally funded research and development centers (FFRDCs), which means we get to work side-by-side with government, industry, and academic partners on everything from national security to health and, of course, cybersecurity. 

When it comes to cyber, our goal is to help defenders everywhere stay ahead of threats. We do this by creating open, community-driven resources that anyone can use. All of our cyber experts work on a variety of government-sponsored programs. They are exposed to real-world cyber threat intelligence, and in their development of cyber tools and frameworks, they bridge government and industry who have different insights and complementary datasets. For example: 

  • MITRE ATT&CK® is a globally recognized, openly accessible knowledge base that catalogs cyber adversary tactics and techniques based on real-world observations. It provides defenders with a common language and actionable information to detect, analyze, and mitigate threats more effectively. For instance, security teams use ATT&CK to simulate attacks, inform detection rules, and prioritize defense efforts according to how real-world attackers operate. 
  • MITRE Caldera™ is an automated adversary emulation platform built on the ATT&CK framework. Available via GitHub, Caldera allows organizations to quickly simulate sophisticated threats on their networks, assess defenses, and improve incident response by automating red-teaming and purple-teaming operations. Caldera’s extensible architecture supports custom tools and TTP (tactics, techniques, and procedures) libraries, empowering both research and practical defense. 
  • MITRE’s Center for Threat-Informed Defense is an industry-funded cybersecurity research and development collaborative. Its mission is to advance the state of threat-informed defense globally by developing open resources (e.g., most recently Attack Flow V3) that help defenders apply deep technical knowledge of adversary behaviors to cyber defense. All research and output from the Center are made freely available to the public, directly supporting the global cyber community. 

By making these tools and research freely available, we’re helping defenders everywhere—and making the whole cyber ecosystem stronger. 

MITRE is currently going through a reorganization. How do you see this affecting your cybersecurity initiatives like ATT&CK, Caldera, and the Center for Threat-Informed Defense?

Like many organizations in 2025, MITRE has made changes corporate-wide as we adjust to meet evolving customer priorities. One of those changes was the recent merging of teams for our three flagship cyber programs: MITRE ATT&CK, ATT&CK Evaluations, and the Center for Threat-Informed Defense (CTID). While these teams already worked together closely, integrating them will further improve strategic alignment and responsiveness to stakeholder needs. MITRE remains committed to all three programs, and we will continue to support defenders globally by providing more high-value, open-source cyber tools like Caldera and Engage.

ATT&CK has become a global standard for adversary behavior modeling. What’s driving its wide adoption, and how do you ensure it stays relevant as threats evolve? 

ATT&CK’s popularity comes down to three things: it’s open, it’s practical, and it’s up to date. We work closely with the global cyber community to keep ATT&CK fresh—constantly adding new techniques and real-world examples as threats change. Because it’s open and free, anyone can use it, and it’s become a common language for defenders and vendors alike. We also listen to feedback from practitioners all over the world, so ATT&CK keeps evolving alongside the threat landscape. The latest version, v17, is packed with updates that reflect what’s happening out there right now. 

Same question for Caldera—how do you ensure it stays relevant as threats evolve? 

Caldera stays relevant as cyber threats evolve by continuously updating its platform to reflect the latest TTPs, tightly integrating it with ATT&CK.  Caldera’s modular architecture allows rapid adaptation: security professionals can customize attack scenarios, develop new plugins, and add or modify abilities and adversary profiles as new threats emerge. Its open-source nature, supported by active research and direct engagement with the cybersecurity community, means Caldera benefits from global practitioner feedback and contributions, ensuring its capabilities expand alongside the changing threat landscape.  

Caldera is currently seeking more active and committed “maintainers” for codebase. We think it’s time the global community more fully share in the direction and development of this important cybersecurity tool. For more information, email [email protected] or hit us up on Discord

What misconceptions about MITRE’s cybersecurity work do you wish more people understood? 

One big misconception is that ATT&CK is MITRE, or MITRE is ATT&CK. MITRE’s cybersecurity expertise spans enterprise cyber defense, cyber operations and effects, and critical infrastructure protection. We have hundreds of cybersecurity experts who offer threat detection, response, resilience, and recovery capabilities that protect national security and the public interest across diverse sectors worldwide.

Many also think that MITRE’s open-source capabilities are funded by the U.S. government. In most cases, these community offerings are funded by MITRE as public-interest initiatives and/or through MITRE Benefactors – a charitable giving program. While our extensive government work has enriched our collective cyber expertise over the decades, strengthening the knowledge base that informs these public offerings, the funding for these open-source tools comes from MITRE’s own commitment to the public good. To that end, I hope everyone reading this will consider becoming a benefactor. MITRE benefactors are globally recognized for supporting independent research in the public interest. Click that link above or email [email protected] to learn more. 

How can efforts like Common Good Cyber or other funders do more to support and sustain public-good resources like the ones MITRE maintains? 

Keep spreading the word and supporting community resources! Stable, long-term, unrestricted funding makes a huge difference for nonprofits and initiatives that deliver core cybersecurity services and infrastructure for the public interest. It lets us keep building and sharing tools that help everyone. 

Coordinated support from governments, industry, and philanthropy helps too. When we all work together, we can make sure defenders everywhere have the resources they need to keep the digital world safer for everyone. 

interview
Back to News

Join Us

Click below for our recent efforts and to sign up for upcoming news
Sign Up Our Next Event Explore Our Work

Privacy Policy

Common Good Cyber logo

Global Cyber Alliance is a 501(c)(3) Nonprofit Organization

Copyright 2026 Global Cyber Alliance

Privacy Policy

Global Cyber Alliance is a 501(c)(3) Nonprofit Organization

Copyright 2026 Global Cyber Alliance