1. Executive Summary:
The MITRE ATT&CK stands for Adversarial Tactics, Techniques, and Common Knowledge framework. Attackers and defenders are two parties in the cybersecurity hacking and defending game. You decide which side you are on. This framework is designed to streamline digital defense strategies, although it is fully capable of providing value and insight into strategizing offensive techniques also.
Upon scrutiny of this framework, you will find it a phenomenal piece of technical knowledge work. It lays out intricate cyber-attack details by listing common attack tactics, associated techniques and even goes into highlighting sub-techniques for a given technique. It is a piece of marvel cybersecurity technical artwork that needs to be frequently enhanced, as attack-techniques are constantly improvised, changed and new ones added.
This framework is quite broad, inclusive, non-prescriptive and extremely excellent common knowledge data on cyber-attacks and defense strategies. Understanding of this framework inevitably helps the following groups:
⁂ Executive management: To understand at a high-level, cyberattack design components and ways to protect from it and compare their own organization’s maturity in cyber-defense capabilities.
⁂ Cybersecurity professionals: Are the primary group for whom this framework was designed for. It establishes a standardized language a.k.a. common taxonomy / baseline language for cybersecurity threat protection communication and references. With this new vocabulary, technical communication between cybersecurity professionals and organizations (both up and down), irrespective of country boundaries, can now be streamlined, and will keep everyone on the same page.
⁂ Organizations: Today, all organizations are required to pay attention to cybersecurity threats and ways to protect from them. There are organizations that are providing cybersecurity defense strategies, products, and associated services. There are other organizations, almost all remaining, I would say, that require those services. It is next to impossible today to run an organization without strategizing its cyber defenses first.
Both types of above stated organizations will benefit from the MITRE ATT&CK framework because it becomes easier to communicate, what service one-side is offering, and the other-side can easily understand what they are getting and what else still they must acquire or develop internal capabilities for. The best example of this can be quoted from recent IBM’s “X-Force Threat Intelligence Index” for 2023. Here IBM states …
“Changes to our analysis in 2022 include:
– Initial access vectors: Adopting the MITRE ATT&CK framework to track initial access vectors more closely aligns our research findings with the broader cybersecurity industry and allows us to identify important trends at the technique level.”
Interior motive for companies to implement this framework, is to enhance the identification of their current threat landscape and to develop quicker threat mitigation capabilities. By utilizing this framework companies can identify and bridge their security gaps, develop a roadmap for cybersecurity maturity, develop effective cybersecurity defenses that could uniformly be implemented across geographic boundaries and cultural barriers. In one statement, the goal would be to elevate the company’s cybersecurity posture on a continuous basis.
⁂ End-users (a.k.a. digital technological users), and students: Although not much attention is paid in the press, when we are talking about MITRE ATT&CK framework with regards to common non-IT household users. We all know the use of electronic devices in the confines of our homes both in the developed and developing world. This home utilized electronic devices are also in the target-line of the attackers. If end users are little bit educated (made aware) on this common vocabulary that may help them protect their own electronic devices, then we moved a step further in our overall cyber protection strategy. The MITRE ATT&CK framework is a little complex to understand and too technical is the belief of people.
The goal of this writing is twofold: First, help common users to break the barrier and acquaint themselves with elevated & relevant cybersecurity knowledge. Second, sharpen cyber defenses both at home and at the reader’s workplace.
2. Cyber-attack lifecycle stages a.k.a. “kill chain”:
Before we venture into cyberattack tactics and techniques, it is important to understand the stages / phases by which a modern day’s Cyberattack progresses. A cyber-attack like any military attack has a finite timeline, from the birth to the completion, which is referred to as an attack lifecycle. A cyber-attack lifecycle was first articulated by Lockheed Martin as “kill chain”, which depicts distinct stages / phases of a cyberattack and those are:
Phase #1 Reconnaissance: The adversary develops a target by exploring target vulnerabilities and weaknesses. Attacker will harvest all info from within the target. Further successful attack propagation is directly proportional to the success of this phase for the attacker.
Phase #2 Weaponization: The attack is put in a form to be executed on the victim’s computer / network by creating attack vectors. E.g., Utilization of any known vulnerabilities is employed to deploy malware within the target. Usually, a backdoor is also set during this phase.
Phase #3 Delivery: In this phase the intruder launches an attack on the compromised target, based upon the vulnerabilities identified and with an aim to compromise the target to achieve the stated goal.
Phase #4 Exploitation: In this phase malicious code executed within the victim’s system.
Phase #5 Installation: As soon as phase #4 is successful, this phase becomes necessary. In this phase malware / malicious code and other attack vectors are installed on the victim’s newly compromised system. This phase / stage is the backbone (key milestone) in attack lifecycle. If this phase is successfully completed, the threat actor has entered your system and now has control!
Phase #6 Command and Control (C&C): The objective of the C&C phase is to take remote control of compromised targets. Usually done with malware to accomplish remote access / control. In this phase the attacker may also move laterally if got a chance to expand the compromise target’s scope.
Phase #7 Action on attack objective: With all the above stages fully or partially completed, attacker can now carry out their objectives’ goal, which is to create harm or to steal data. Different tactics, techniques and sub-techniques are utilized for this purpose, which are best described by the MITRE ATT&CK framework [1], explained later in this paper.
It is to be noted, these attack-stages wording may change a little over time. Different vendors refer a little differently in their respective documentations. Although cyber-attack lifecycle stages are important to understand, it is not the focus of this paper. For more details on cyber-attack stages refer here [1], [2], [3], [4]. If interested in the exact “kill chain” stage-names as of today, refer to the reference URL [1] from Lockheed Martin’s “The Cyber Kill Chain” web page.
3. ATT&CK / adversary tactics:
The V1 of MITRE ATT&CK (MA) framework was released on Jan 16, 2018. The current revision of MA framework is v16.1 and it was released on Oct 31, 2024, with quite a few improvements [1]. The entire ATT&CK version history is located here.
It lists fourteen attack tactics and further associates a tactic with one or more adversary techniques that could be used within each of these tactics. The framework further goes another level deep and classifies a technique into one or more sub-techniques.
A visual matrix of ATT&CK current Framework for Enterprises can be accessed from here. If you are new, it is highly recommended for you to visit this page and familiarize yourself with this framework’s fourteen tactics and its associated techniques.
Each technique in this framework is associated with a description, threat actor examples, mitigation strategies, and references to related value-added tools and/or techniques that could be used for threat mitigation.
The best way to have a visual look of these techniques, is from the MITRE web page located at https://attack.mitre.org, where a manipulatable graphical view is available for the users and consumers. On this web page one can visualize the ATT&CK matrix in different layouts and see or hide the sub-techniques. If you are interested in seeing different MA framework tactics’ techniques in a textual matrix, click here. The ATT&CK Navigator is available from GitHub, and it is designed to provide basic navigation and annotation of ATT&CK matrices.
Let us take one example: Tactic: Reconnaissance. It has ten techniques. One of the Reconnaissance ten (10) techniques is “Active Scanning”, which has further three (3) sub-techniques and those are: Sub-technique 1: Scanning IP Blocks | Sub-technique 2: Vulnerability Scanning | Sub-technique 3: Wordlist Scanning. In a graphical format on the MITRE page, it will look like this:
The fourteen (14) tactics of MITRE ATT&CK (MA) framework are listed below.
Note, apart from enterprise framework, there is a revision for mobile landscape for Android & iOS. There is also a dedicated framework for ICS (Industrial Control Systems).
Refer to the respective highlighted links, to take a detailed view of the respective framework from MITRE web site. The number in the bracket below indicates the number of techniques each tactic for enterprise category has, in the current version of this framework.
1. Reconnaissance (10): Refer to the definition listed in the above section 2: Cyber-attack lifecycle stages.
2. Resource Deployment (8): As the name suggests, resources for hacking are developed in this stage. Resource Deployment has eight (8) techniques, and thirty-six (36) sub-techniques listed in MITRE ATT&CK framework for enterprise.
3. Initial Access (9): Same as the name suggests, this is to get foothold within the compromised environment. Nine (9) techniques and ten (10) sub-techniques listed in MA framework.
4. Execution (13): Once an attacker has gained successful access, the next logical thing for them is to steal data or create harm, done by the execution or planting of malicious code / scripts.
5. Persistence (19): It involves attacker’s efforts to maintain access to the compromised application / system / network utilizing backdoors, rootkits, vulnerabilities, or other stealth access methods.
6. Privilege Escalation (13): Privilege access is the key to the kingdom. Once persistence stage is successfully attained, for hackers this will be the next best thing to do. If broken, it clearly highlights your environment health is NOT good. One must design this stage in a way that it must not easily break.
7. Defense Evasion (42): From an attacker’s point of view, it is important to evade break-in detection as long as possible. This is accomplished by multiple means, including use of encryption, obfuscation, or anti-forensic tool utilization and more. Defense evasion has the highest number of techniques documented in MA framework. I am sure there are more in real life.
8. Credential Access (17): Attackers will always attempt to steal or acquire credentials to gain additional access to systems with sensitive data or for lateral movement.
9. Discovery (30): These tactics utilized as the name suggests, acquire as much intelligence as possible, right from the get-go. The freshly gathered info is usually used to move the attack deeper within the confines of the break-in network. The idea here is to deploy techniques to accomplish the original attack goal, or sometime to gather additional goodies on the way out.
10. Lateral Movement (9): Once an attacker gains access to a system / application / network, they will always attempt to move laterally within the network to expand their scope or to get additional value from the initial break-in.
11. Collection (17): This tactic happens when an attacker starts collecting data or starts planting time-bombs in the compromised application or systems or databases. The two most common tools used here are key-loggers and/or data exfiltration techniques.
12. Command and Control a.k.a. C&C (16): Attacker’s at times use remote access tools or other methods to maintain control over the compromised application / system / network.
13. Exfiltration (9): Once an attacker has collected data, they may attempt to exfiltrate it from the network or system, often using encrypted channels or other methods to avoid detection.
14. Impact (13): Impact tactic is the ultimate way to achieve compromise goal. Adversaries use different techniques listed within this tactic to steal data or create harm to the compromised systems /applications / networks. MA framework list thirteen techniques and thirteen sub-techniques for Impact tactics.
This is an ever-growing and changing framework, as new tactics and associated techniques will be added to it in the future as attackers, attack-tactics and techniques will evolve. It is recommended for readers to get familiar with both MITRE ATT&CK framework tactics and techniques from its respective graphical representation from here and textual-matrix web page from here.
4. Cyberthreat Intelligence (CTI):
Cyberthreat intelligence is a critical component of any defense strategy. A key element of CTI data is that it goes stale in a short period. Below are top 5 benefits it gets to the table:
#1 Provides valuable tactics and techniques that are currently being utilized by attackers during attacks for a given industry vertical or even for a given geographic market.
#2 Precisely highlights present times ongoing threats.
#3 Organizations can use the CTI provided data as an opportunity to enhance their own cybersecurity baseline that may lead to faster and informed decision making, backed by data.
#4 Gives organizations a chance to be proactive in Cyberdefense rather than reactive.
#5 CTI provides context on who is attacking, their motivation, the tactics attackers are using, and in some cases IoCs (Indicators of Compromise) to look for.
In short, by understanding malicious software references available from here [1] and by understanding and analyzing the threat intelligence that is directly associated with your type of business, country, systems, and applications, one can best prepare a response to what is going on in the wild, should that turn towards you.
CTI feeds can come from multiple sources. At a high-level these feeds for characterization purposes, can be classified in four categories as listed below:
1. Open source/community feeds [1], such as the Collective Intelligence Framework (CIF) [1], [2], [3] and Sector-based Information Sharing and Analysis Centers (ISACs) [1], [2] or ISAO (Organization) [1].
Other Opensource CTI options:
OpenCTI [1], and its filigran blog [1], some of OpenCTI platforms out there on GitHut [1].
MISP Threat Sharing [1], [2]. It is ideal for automated exports of IDS, SIEM, in STIX (Structured Threat Information eXpression, a standardized Threat XML programming [1]) or OpenIOC and for other MISPs synchronizations.
2. Cybersecurity vendor-specific a.k.a. paid-for threat intelligence services [1]. There are hundreds of vendors in this space and an Internet search will give you a substantial list.
3. Threat Intelligence via API: This is a collection of cyber threat intelligence integrations available from https://www.intelligence.com/, a U.S.A. based cybersecurity company. It has multiple API services starting from $15 per month and goes up, along with a limited free plan. If your SOC operation is matured and running customized detection techniques, this could be the way to go. Or an alternative approach could be using a hybrid approach combining 3 (this one) with above 1 or 2.
4. Proprietary intelligence produced internally by the Security Operations team of large enterprises or cloud providers. This one is not available for external consumption.
5. Framework’s key elements review:
5.1. Framework strengths and benefits:
One of the key benefits is the common language it gets everyone (vendors to organization to ordinary computer users) to use for a cyber-attack characterization, highlighted in detail in the executive summary section above. Another key strength of the MITRE ATT&CK framework is its flexibility. It is not prescriptive, and organizations can adapt it to suit their specific needs and circumstances. By using the framework, organizations can identify their own strengths, weaknesses, and gaps. Then develop a roadmap to improve their cybersecurity posture.
Another objective of this framework is to encourage collaboration between organizations and cybersecurity vendors. This could easily be done with the common language framework that provides for threats and Cyberdefense. It makes it easier for organizations to share threat intelligence and learn from each other’s experiences using this framework. Below are few noteworthy benefits one can get by utilization of this framework:
#1 A set of Cloud-specific TTPs (tactics, techniques, and procedures) was added to this framework [1].
#2 CISA Released a new Tool Mapping Adversary Behavior to MITRE ATT&CK [1], [2].
#3 Community contributions to the framework is a very well-established area. Framework growth is very much related to community contributors [1], [2] who are experts, researchers, and/or vendors.
#4 MITRE ATT&CK enabling threat informed Cyberdefense [1].
#5 The framework has expanded its guidance on data sources and detection techniques [1]. It now provides recommendations on the types of data that should be collected and analyzed, as well as the best practices [1] for detection and response [1] there are many new features like this that keep coming up.
#6 The framework has started to provide industry-specific guidance. Currently available for the Financial Services Sector in a playbook [1] format and has released one for Cyberattacks on Industrial Control Systems (ICS) [1]. I am assuming more will be added in the future.
The Supply Chain market is in a roller coaster after recent China vs. West tug-of-war. A new Metagenomics 2023 to 2028 growth predictions were published [1], [2]. A complete dedicated section on Supply Chain Compromises [1] available, including Supply Chain Security and Resilience Strategy [1].
#7 The framework mappings for Google Cloud security capabilities [1].
These are just a few examples of enhancements to the MITRE ATT&CK framework. As the cybersecurity landscape continues to evolve, the framework will continue to adapt and expand to meet the needs of organizations and the challenges they face. Use of this framework among internal teams and partners / vendor collaboration can lead to better threat detection and mitigation capabilities and to a more secure cyber ecosystem for the organization.
5.2. Perceived Framework Limitations:
Although the Internet is documented with many limitations in this framework, most of those fall out of this framework scope. As a side note, when discussing limitations, one must be clear on the scope of the framework and then only associate a limitation if it falls within the scope. Here are few that are out of the scope:
#1 Focuses on technical defenses: Yes, that is what is in the scope of this framework. While technical defenses are important and this framework addresses those, organizations also need to focus on making their employees cybersecurity aware, implementing appropriate security policies, standards, and processes / procedures, develop an organic security culture within all ranks of workforce, from top to bottom. Only then can one defend oneself from the modern-day cybersecurity threats.
#2 Hackers could also use this framework. Yes, they can, and they are. How can you make something for the public and take away from a sub-set of the same group?
#3 Incomplete Coverage: Although this framework is extensive, not exhaustive. It cannot cover all the attack scenarios right from the get-go. As attackers first think of a new attack vector, it takes little time to incorporate the attack tactics and techniques into this framework. If an attack falls out of this framework, you may be vulnerable. On a similar token, if you are not using this framework, then you are equally or more vulnerable.
#4 Lack of Context: The MITRE ATT&CK framework provides a good, detailed description of adversary behavior. It cannot provide the context, which comes from experiences of the people manning your cybersecurity department. No two organizational environments, culture and people are the same. Because of this incorporating context is impossible.
#5 Missing mitigation strategies: Again, mitigation strategies are associated with the exact threats and risks posed to your environment. No two environments are the same with the same security controls deployed or in the limelight of the same cyberthreats. Again, to get custom mitigation strategies, usually companies hire consultants by paying big bucks, to utilize external experience to provide the best mitigation strategies for one’s unique situation.
#6 No correlation with security controls: Organizations required to look elsewhere for guidance on specific security controls and best practices. Yes, this is out of scope of the MA framework, at least at this point.
#7 Requires a significant investment: Not necessary, if you follow the steps as listed in the “What next” section below, you may implement it without engaging external consulting services, provided you have inhouse technical expertise and little extra technical FTE time on hand.
5.3. Actual Framework Limitations:
Once we have understood the scope of this framework, let us now investigate the actual framework limitations.
#1 Complex for smaller organizations to effectively implement. My response to this is something is better than nothing. If you do not do this, you will be worse off.
#2 Complexity: I may agree with this halfheartedly, although I am technically savvy and my views on this could be biased. It is somehow also true when we talk about IT people, leave alone the non-IT users. However, the goal of authoring this paper was to make it simple for both IT and non-IT users. Hopefully, this paper may help address this limitation.
#3 Difficult to implement: Again, you as a reader, after reading this paper and going through the links documented, should decide if it is difficult to implement. Not being aware of something is not difficult. After going through this article and then following the steps listed in the “What next” section below, one can slowly and surely start on the path towards the implementation of this framework. The only limitation is your own internal technical FTEs and their available time.
The Cyberthreat landscape is constantly evolving with new tactics and techniques. This framework must also with that, to be always useful for all organizations. The framework is regularly updated to reflect evolving threats. The current revision of this framework at the time of authoring this paper is v16.1 (as of December 2024) and history of past revisions can be accessed from here.
5.3. Framework future enhancements:
It would be great if the MITRE ATT&CK framework tactics were mapped to the Common Vulnerabilities and Exposures (CVE) [1]. I understand CVEs are constantly evolving and will be a little challenging process to keep up on a continuum basis. However, it will be easier to link this framework to CWEs (Common Weakness Enumeration) [1]. Either way, if this mapping is accomplished, we can instantly relate vulnerabilities and weaknesses and see which attack tactics could become possible, in our environment for potential exploitation, based upon those exposed CVEs / CWEs before mitigation.
6. What next?
As discussed in this paper, every attack stage has a pre-identified goal. These attack stages can run in sequence or in parallel. They can run inline as well as offline. After studying these attack techniques and patterns for years, security researchers have figured out the best way to combat an attack is to identify which stage that attack is in, and then try to neutralize it right in that stage, thereby stopping its further propagation. The earlier you do this, the better it is for your environment. This strategy is what yields the maximum benefits and least impact at the optimum cost. This is what every security professional and organization running a security department wants in today’s world, where cyber-attacks have become de facto dark side of doing a business and the same applies even when you use an electronic device within the confines of your own home network.
According to World Economic Forum, Dec 2020 [1]:
⁖ 95% of cybersecurity breaches were caused by human error.
According to IBM Security X-Force Threat Intelligence Index report for 2023, all below stats are for year 2022:
⁖ 27% of attacks aimed for extortion.
⁖ 17% of attacks aimed for ransomware.
⁖ 26% of top access vectors for exploiting were directed towards public-facing applications.
⁖ In 2022, Top-2 overall compromise categories with highest impacts include: Extortion (21%) & Data Theft (19%).
These stats would help prove correlation for you to establish a strong cyberthreat mitigation program utilizing MITRE ATT&CK framework to your management. Although the explanation provided in this paper sounds simple to read, in practice it is a little complex and overwhelming. The threat mitigation field is multi-dimensional. Threat vectors can move in any direction, and it is imperative for you as a defense strategist to change your course, as and when that happens. Humans are used to working in a three-dimensional environment. It is extremely challenging to adapt and change one’s thinking dynamically within today’s multi-dimensional cyberthreat environment.
With a read of this paper, you are now intimately familiar with MITRE ATT&CK framework and value it brings to the table. Below are the next recommended logical steps for readers to perform to establish a successful threat mitigation practice:
Step-1: Enhance your familiarity with “kill chain” stages and corresponding MITRE ATT&CK framework tactics and techniques. MITRE ATT&CK as a Framework for Cloud Threat Investigation [1]. Additional guidance on how to use this framework here [1]. Enabling threat-informed cyber defense [1].
⁙✓ The links presented throughout this paper can help in step 1.
Step-2: Get access to a threat-intelligence-feed if you do not have one. If you already have one, add access to an opensource threat-intelligence-feed. Refer to section 4 above.
⁙✓ This will keep you abreast of latest the cyberthreat landscape within your country, for your organization industry vertical, etc.
Step-3: Perform a MITRE ATT&CK framework gap analysis within your environment. This could simply be done with an Excel Spreadsheet.
⁙✓ You may use this spreadsheet template and convert it for gap analysis. Or you may drop an email to me for a gap analysis spreadsheet template. My contact info is in the last section.
Step-4: Create a plan on how to activate a “Cybersecurity Incident Response Plan”. If such a plan doesn’t exist, it needs to be created.
⁙✓ Templates are available for it. A consulting company could be engaged or follow the IRP guidance from [1], [2], [3], [4], [5]
Step-5: Perform regular cybersecurity dry-runs / table-top exercises / drills. See to it that you perform at least one unannounced cybersecurity drill.
Step-6: Perform IR (Incident Response) awareness training regularly to your technical teams.
Step-7: Provide phishing awareness training regularly to your end users.
Step-8: Provide a cybersecurity threats awareness session, once a year for board and executive management, highlighting …
(1) Potential cyberthreats that could touch your organization.
(2) Steps taken to enhance your organization security posture.
(3) What is needed from them in this or next year… this could be a budget increase or special consulting engagement for the mitigation of a specific threat or a new FTE, etc.
Step-9: Continuously keep enhancing your cybersecurity team’s technical skill set.
Step-10: Keep cybersecurity team engaged and constantly monitor team’s progress by providing weekly KPIs/KRIs. Highlight and communicate these regularly to the key stakeholders.
MITRE ATT&CK framework core five free training modules are highly recommended for the readers and both videos and slides can be accessed from here [1]. It would be a clever idea to keep your area / state / country’s “Data Breach Statutes” handy for reference and for USA check these [1], [2], [3].
Estonia’s e-Governance Academy maintains National Cyber Security Index (NCSI) [1], which is a global index that measures cyber security preparedness ratings of 160 countries.
7. Summary & Conclusion:
The MITRE ATT&CK framework is a global comprehensive knowledgebase for managing cybersecurity adversary attack “tactics” and “techniques” along with “mitigation strategies” very specifically for… one, enterprises, second, the mobile device landscape of your organization and third, for ICS (Industrial Control Systems) if you have any. These are accessible from the main web page top menu [1]. It also a detailed model of adversary behavior during an attack [1]. It helps us do this by taking the “kill chain” stages and associating those steps with relevant tactics. Then further associating those tactics with relevant techniques and sub-techniques.
It is a powerful and comprehensive cyber-attack knowledge framework, freely available that is being adopted by more cybersecurity vendors and organizations to streamline cyber-attack tactics and techniques, which are utilized by vendors and organizations alike to standardize cyber-attack communications and pattern documentation.
The use of this framework helps us understand the cyber-attack patterns, apply appropriate cyberthreat mitigation strategies [1], and help us in a faster attack containment. By incorporating this framework, organizations are gaining deeper understanding of their current threat-mitigation techniques and able to identify security control gaps and mature their cybersecurity practice eventually.
The MITRE ATT&CK framework in today’s threat environment is an important and valuable tool at the hands of organizations looking to improve their cybersecurity posture and at the hands of cybersecurity professionals who are interested in expanding their technical horizons. Not everyone can keep up with the fast and dynamic changes that happen to the cybersecurity landscape. As the threat landscape continues to evolve, the MITRE ATT&CK framework will need to continue to adapt and evolve to remain effective. It is your participation and feedback [1] into the framework enhancement, and request for new features, will help the framework using community safe and prepared for the cyberthreats. With your active participation, this framework will continue to grow along with the threat landscape in the wild and can potentially be the bridge to keep your organization’s name out of news headlines.
About The Author:
Asad Syed is a graduate of Mathematics, Applied Mathematics and Statistics. His experience spans in Security Architecture, Security Operation Management, Digital Investigations & Forensics, Crisis & Threat Simulation, GRC Management, Threat Hunting, Cybersecurity Emerging Trends & Threat Mitigation, Database Security, Identity & Access Management, and Identity Federation. His interests are in the application of newer technologies, to enhance the output performance of technologies with which he is working. He is a writer, teacher, and cybersecurity evangelist, who has worked for multiple fortune five hundred companies and currently providing cybersecurity consulting to the upstream operations of the oil and gas industry. Reach him via Asad at ASyed dot com. ■
