I'm feeling stupid reading this because I feel like it's using a tactical framework I'm not familiar with, e.g. what is the significance of the labeling of items like "Meeting Overload" with "T1001"?
FWIW my feeling is positive in regard to the core meaning being conveyed- I just feel like I'm missing out on something in not understanding the format.
The numbering of the challenges (eg T1001) is a little confusing to me too. My assumption is that the first number after the T is a tactic ID and the remaining digits are the challenge/issue ID. Maybe the challenge/issue ID is 3 digits because there's room (a plan?) to add many more examples?
I like the substance of this conceptual model as well (and may actually use some of it in my own personal productivity framework :-)), but don't see why it needs to be presented this way. It's neat, but I'd personally rather all the content be on one page, and maybe with a search feature for if/when the list of example challenges/issues grows.
It looks like a sort of serial number or categorization. The first block they are T1. The second block they are T2. So each category (access, persistence, etc) is a T w a leading number and the issues/“tactics” inside of that have a 001, 002 etc, as a reference to that specific instance (meeting overload)
Imagine the website is presenting you with a quicksheet about some new type of attack. It's called BUSY.
Initial Access covers how you being a BUSY attack. Execution covers how BUSY tends to manifest itself in normal operations. And so on, and so forth.
Note the domain: CISO Tradecraft. It's just the author(s) being cheeky in their presentation. If you aren't in a security-adjacent space I could see how it wouldn't land.
this site is a riff on mitre att&ck, a popular and highly-utilized framework for organizing and categorizing threat actor and malware tradecraft. it's also llm slop.
FWIW my feeling is positive in regard to the core meaning being conveyed- I just feel like I'm missing out on something in not understanding the format.
I like the substance of this conceptual model as well (and may actually use some of it in my own personal productivity framework :-)), but don't see why it needs to be presented this way. It's neat, but I'd personally rather all the content be on one page, and maybe with a search feature for if/when the list of example challenges/issues grows.
Edited for typos
Initial Access covers how you being a BUSY attack. Execution covers how BUSY tends to manifest itself in normal operations. And so on, and so forth.
Note the domain: CISO Tradecraft. It's just the author(s) being cheeky in their presentation. If you aren't in a security-adjacent space I could see how it wouldn't land.