Hck4G#0x13 – Trust, But Verify: Testing Cybersecurity Controls with MITRE ATT&CK
Details
Hck4G#0x13 – Trust, But Verify: Testing Cybersecurity Controls with MITRE ATT&CK
доверяй, но проверяй
A cybersecurity meetup for the community, by the community.
Hck4G is a not-for-profit organisation focused on disrupting the human impact of cybercrime through awareness, intervention, education, victim support and referrers and diversion. Our monthly meetup events aim to create ethical pathways, real-world skills, and building defenders communities who understand context — not just tools.
***
PLEASE REGISTER HERE!!!! https://shorturl.at/QFPAI
About the Session
How do you know your security controls actually work?
This session is designed for:
- GRC professionals looking to move beyond tick-box compliance and Excel security questionnaires
- Security engineers who want practical ways to validate control effectiveness
- Security leaders responsible for assessing the performance and maturity of their organisation's risk posture
- Anyone curious about threat-informed defence, MITRE ATT&CK, or how cybersecurity controls are tested in the real world
The talk will explore how to apply threat-informed defence to test cybersecurity controls in real-world environments. Using the Information Security Manual (ISM) and the MITRE ATT&CK framework, we’ll walk through threat modelling, control selection and tailoring, and how to evaluate whether your controls genuinely mitigate common adversary tactics.
The session will finish with a hands-on small-group exercise, where attendees will work together to threat model a scenario, select relevant ATT&CK tactics, and determine how those controls could be tested.
***
### What You’ll Learn
- Why compliance does not equal security
- How threat modelling differs across organisations and environments
- How to apply ISM guidance for system hardening and procurement
- How to focus on the most relevant MITRE ATT&CK tactics and techniques
- An overview of Atomic Red Team techniques for servers and desktops
- How to practically assess and validate control effectiveness
You’ll receive a copy of the presentation, including links and resources, so you can start applying a ~~“trust, but verify”~~ "Zero-Trust" approach in your own organisation.
***
### 🍕 Bonus
Best cyber pizzas in Melbourne, courtesy of CyLynk.
***
### Event Information
Date: Wednesday, 18 February 2026
Time: 5:30 PM – 7:30 PM (AEST)
Location: Building 80, 435–457 Swanston St, Melbourne VIC 300
Cost: Free (registration required)
Catering: Food and drinks provided
***
### Livestream Watch Parties
- Ghana (WAT+2)
- Nigeria (WAT+1)
Livestream links will be shared with registered attendees 24 hours before the event.
***
### Speaker – David Dowling
David has 18 years of experience in the IT and cybersecurity industry, beginning his career in Launceston, Tasmania, and working across Seoul, San Francisco, and now Melbourne. He holds the Certified Information Systems Security Professional (CISSP) and SABSA Chartered Foundation (SCF) certifications, along with a range of vendor certifications including Microsoft, Qualys, Netskope, and Splunk.
David began his career working for SIEM, WAF, and endpoint vendors before moving into MSSP environments, and has since completed the “circle of life” by working in security accreditation and operations at a vehicle manufacturer in Geelong. This background gives him a unique perspective across vendors, service providers, and in-house security teams.
Outside of work, David has teenage kids, a very active poodle named APT p00py who enjoys walkies and being bad at CTFs and serves part-time as an Artillery Forward Observer in the Australian Army Reserves.
***
### What to Bring
- Laptop with internet access
- Minimum 8GB RAM
- Curiosity and a willingness to ask questions
***
### Event Schedule
- 5:30 – 5:40 PM: Welcome, Intro & Networking
- 5:40 – 6:00 PM: Networking & Cyber pizzas 🍕
- 6:00 – 6:45 PM: Presentation
- 6:45 – 7:00 PM: Small-group exercise
***
### Thanks to our Sponsors
RMIT University - Worldclass certificates, degrees, Masters and Postgraduate programs.
BridgeLynk.io - Attack Informed Cybersecurity Services for NFP, SMB and Enterprise
CyLynk.com - Job-Ready cybersecurity training led by expert coaches.