Jon Baker
AttackIQ

Jon Baker, Vice President Threat-Informed Defense at AttackIQ, leads efforts to accelerate the adoption of threat-informed defense, guiding customers with both services and technology to improve security outcomes. Before joining AttackIQ, Jon joined AttackIQ following a 23-year career at MITRE, where he began as a software engineer and advanced into leadership roles spanning standards development, cyber threat intelligence, and adversary emulation. He created and led MITRE’s cyber threat intelligence and adversary emulation department, overseeing the ATT&CK® Evaluations program and CALDERA™, MITRE’s open-source adversary emulation platform. Most notably, Baker co-founded and directed the MITRE Center for Threat-Informed Defense (CTID), building it into a global collaborative research and development hub that has advanced threat-informed defense practices across the security industry.

Threat Debt: From Findings to Adversary Opportunity

Jon Baker | April 30, 2026 | attack paths, Insights & Perspectives, Threat Debt

The speed of adversary exploitation has outrun the cycle most security programs were built to run. Defending proactively starts with knowing what an exploit actually enables next: the path it opens, the assets that path reaches, and the defenses that have to hold. The threat environment has changed and we ... Read More

AttackIQ

The Vulnerability Management Race Is Over. It’s Time to Focus on Exposure.

Jon Baker | April 17, 2026 | Insights & Perspectives

With Anthropic’s Mythos Preview announcement, the race to patch all vulnerabilities is over. As defenders, we must move on. We must focus on what adversaries can do after they exploit a vulnerability: which attack paths those exploits enable, where those paths lead, and how to eliminate them before they reach ... Read More

AttackIQ

What Does MITRE ATT&CK Coverage Really Mean?

Jon Baker | March 10, 2026 | Insights & Perspectives

Coverage claims without context are one of the most persistent sources of confusion in security tooling. This post breaks down four myths behind ATT&CK coverage claims and offers a more useful framework for thinking about ATT&CK coverage in practice. The post What Does MITRE ATT&CK Coverage Really Mean? appeared first ... Read More

AttackIQ

Finally, CTEM and MITRE INFORM Without the Jargon

Jon Baker | March 3, 2026 | CTEM, For Dummies, MITRE, MITRE INFORM, Threat Research

Your vulnerability scanner just came back with 10,000 findings. Your pen test report has a 47-page appendix. Your threat intel feed is piling up faster than anyone can read it. And somewhere in the middle of all of it, a real attacker is quietly looking for the one gap that ... Read More

AttackIQ

From Exposure to Assurance: How CTEM and MITRE INFORM Enable Modern Cyber Defense

Jon Baker | February 24, 2026 | CTEM, INFORM, Insights & Perspectives, MITRE, threat-informed-defense

What if you could prove—right now—that your defenses actually work? See how CTEM and MITRE INFORM turn exposure data into real, board-level confidence. The post From Exposure to Assurance: How CTEM and MITRE INFORM Enable Modern Cyber Defense appeared first on AttackIQ ... Read More

AttackIQ

INFORM 2026: MITRE’s Updated Threat-Informed Defense Maturity Model Explained

Jon Baker | January 9, 2026 | Center for Threat-Informed Defense, INFORM, MITRE

On January 8th, MITRE’s Center for Threat-Informed Defense (CTID) published a significant update to INFORM, its threat-informed defense maturity model. This update reflects the joint efforts of MITRE researchers, AttackIQ, and several CTID members to enhance INFORM based on two years of operational use and broad security community feedback. The ... Read More

AttackIQ

Attackers Don’t Guess and Defenders Shouldn’t Either

Jon Baker | January 8, 2026 | continuous threat exposure management, Cyber Risk Management, MITRE ATT&CK, security validation, threat-informed-defense

As environments become more complex and grow, the instinctive response has been to add more tools. Organizations now manage an average of 45 cybersecurity products, which gives the impression of broad protection. Yet the organizations seeing the most meaningful reductions in breaches are the ones using continuous threat exposure management ... Read More

Security Boulevard

Mission. Impact. Opportunity.

Jon Baker | October 14, 2025 | threat-informed-defense

After 23 years at MITRE leading the charge on threat-informed defense, Jon Baker joined AttackIQ to turn innovation into real-world security impact. The post Mission. Impact. Opportunity. appeared first on AttackIQ ... Read More

AttackIQ

Threat Debt: From Findings to Adversary Opportunity

The Vulnerability Management Race Is Over. It’s Time to Focus on Exposure.

What Does MITRE ATT&CK Coverage Really Mean?

Finally, CTEM and MITRE INFORM Without the Jargon

From Exposure to Assurance: How CTEM and MITRE INFORM Enable Modern Cyber Defense

INFORM 2026: MITRE’s Updated Threat-Informed Defense Maturity Model Explained

Attackers Don’t Guess and Defenders Shouldn’t Either

Mission. Impact. Opportunity.

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On