Whenever we discover another breach, adversaries give us a friendly reminder that the status quo in network defense isn’t good enough. Everyone’s telling us that we need to evolve our focus beyond indicators toward tactics, techniques, and procedures (TTPs), yet we struggle with how to do this. MITRE ATT&CK is the first public framework derived from real threats for describing detailed post exploitation activities, and the community is increasingly adopting it to help move toward detecting TTPs.Members of the ATT&CK team will engage in a discussion with the community about how ATT&CK can help us all improve. We will suggest ideas for how analysts, defenders, engineers, and red teamers can use ATT&CK as a common language to help change your approach to defense by orienting towards the adversary. Based on our experiences, we will provide practical advice on how to apply ATT&CK to improve cyber threat intelligence and defenses by tracking adversaries and developing analytics to detect their behavior. Most importantly, we want to hear from the audience about how they are using ATT&CK and what could make it better.