Ryan Fetterman

Ryan is a Security Strategist at Splunk on the SURGe team, joining after a decade spent in windowless basements conducting government research and consulting. Ryan holds Doctorate and Masters degrees from George Washington University, and a cybersecurity undergraduate degree from Penn State University. He sometimes holds controversial opinions like “you don’t need Machine Learning for that.”

Security 3 Min Read

Macro ATT&CK for a TTP Snack

Splunk's Mick Baccio and Ryan Fetterman explore 2024's macro-level cyber incident trends through the lens of the MITRE ATT&CK framework.

Security 6 Min Read

Macro-ATT&CK 2024: A Five-Year Perspective

Splunk’s Ryan Fetterman and Tamara Chacon dive into attacker techniques, trends, and blue team tips for analyzing and visualizing data from the past year.

Security 5 Min Read

Add To Chrome? - Part 4: Threat Hunting in 3-Dimensions: M-ATH in the Chrome Web Store

SURGe experiments with a method to find masquerading using M-ATH with Splunk and the DSDL App.

Security 5 Min Read

Revisiting the Big Picture: Macro-level ATT&CK Updates for 2023

SURGe reviews the latest attacker trends and behaviors with this look at four years of ATT&CK data from some of the largest and most trusted threat reporting sources.

Security 6 Min Read

Threat Hunting for Dictionary-DGA with PEAK

Explore applied model-assisted threat hunting for dictionary-based domain generation algorithms using the SURGe Security Research Team's PEAK Threat Hunting Framework.

Security 9 Min Read

Model-Assisted Threat Hunting (M-ATH) with the PEAK Framework

Welcome to the third entry in our introduction to the PEAK Threat Hunting Framework! Taking our detective theme to the next level, imagine a tough case where you need to call in a specialized investigator. For these unique cases, we can use algorithmically-driven approaches called Model-Assisted Threat Hunting (M-ATH).