Blog Contributor

Tiffany Bergeron

Tiffany Bergeron

Chief Architect, Mappings Program

As Chief Mappings Architect, Tiffany leads the Center's MITRE ATT&CK mapping initiatives, including Mappings Explorer, security control framework mappings, and the Mappings Editor. Her work advances threat-informed defense through practical tools, research, and guidance that help organizations understand real-world adversary threats and align effective defensive measures. She specializes in threat intelligence, adversary behavior analysis, and actionable mitigations, with experience spanning the Department of Defense, Department of Homeland Security, and private industry.

More About Our Team

Fraud Fighters United with MITRE F3

MITRE Fight Fraud Framework (F3) is a behavior-based model of fraud actor tactics and techniques that gives fraud and cyber defenders a shared structure to describe incidents, relate events, and disrupt fraud outcomes.

Continue reading

Cloud Security Built with ATT&CK

Threats to cloud computing span multiple security domains, objectives, and layers of technology. Defenders must protect dynamic, shared environments while adversaries actively exploit misconfigurations, weak controls, and gaps between responsibility boundaries. To keep up, security cannot just focus …

Continue reading

Get in Sync with ATT&CK and CTID

Threat-informed defenders can use ATT&CK Sync and the enhanced Mappings Editor to keep ATT&CK-based tools and mappings current with major changes like ATT&CK v18.

Continue reading

Threat-Informed Defense for the Financial Sector

The Cyber Risk Institute Profile is a distillation of the NIST Cybersecurity Framework tailored to address the financial services sector’s regulatory environment. Financial institutions, financial services companies, financial firms, and their third-party providers use the CRI Profile …

Continue reading

Put Your Money Where Your Adversaries Are: Exploited Vulnerabilities

Historically, vulnerability management and threat management have been separate disciplines, but in a risk-focused world, they need to be brought together.

Continue reading

Stacked Defense from the Hardware Up

The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the software bytes.

Continue reading

The Best Defense is a Security Capability Mapped to ATT&CK

The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the software bytes.

Continue reading

Guarding the Grid: Defending Operational Technology With ATT&CK

Critical infrastructure such as electrical generation facilities, water treatment plants, and transportation systems are a lifeline for our communities. Unfortunately, this dependence has made critical infrastructure a prime target for threat actors.

Continue reading