As a network defender, you need to predict and protect against every possible combination of attack scenarios. But, on the other hand, as an attacker, you only need to find one way to get into a system or environment. Moreover, attackers always look for the weakest avenue to exploit that requires the least effort and cost on their part but still yields a sizable reward. To accomplish this, they often think outside the box and look at things through a unique attacker's mindset.

You may have heard the phrase "attacker's mindset" or "think like an attacker" before, but what does it mean? In simple terms, the goal behind these phrases is to encourage people to get inside the head of the groups targeting them and try to predict how they would abuse a system, process, or human element to achieve a malicious objective.

To practice the attacker mindset, take what you have learned so far about the NIST CSF and see it through the lens of an attacker.

To prepare for this exercise, first listen to Embrace an Attacker Mindset to Improve Security Links to an external site., a podcast that takes a deeper dive into the attacker mindset. Then, review Lockheed Martin's Cyber Kill Chain Links to an external site., a model for identifying and preventing cyber intrusions. This particular resource elegantly puts the attacker's goals and defender's actions for each step of the kill chain side by side.

Answer the questions in your write$-$up:

What is your takeaway from the podcast?

What did you find most interesting?

How can you view the world through the attacker's mindset?

Using the resource Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide Links to an external site.as a starting point, can you identify how the NIST CSF can be used for the offensive purpose? Conceptually, which of the CSF functions do you think you would be able to evade and how?