This month, I had the opportunity to present “Deceiving Off The Land” to two important cybersecurity communities supporting national defense, a topic close to my heart.
The first presentation was at the DoD Cyber Crime Center (DC3) DCISE TechEx Spring 2026 event held at Johns Hopkins Applied Physics Laboratory (APL) in Laurel Maryland. DCISE provides cybersecurity services and threat-sharing support to Defense Industrial Base partners, making it an ideal forum to discuss how deception can evolve beyond traditional decoys.
Separately, I also delivered a deeper dive for the National Defense Cyber Alliance (NDCA), a nonprofit partnered with the FBI and dedicated to improving the security of the nation’s most sensitive networks through collaboration, intelligence sharing, education, and advanced tools.
Both conversations centered on the same question:
What if defenders could turn the mistakes already present in their environment into deception?
What Is Deceiving Off The Land?
Most cyber deception strategies rely on creating fake things: fake credentials, fake hosts, fake shares, fake services, or isolated decoys. Those techniques can be useful, but they often depend on an attacker choosing to interact with something artificial.
Deceiving Off The Land takes a different approach. Instead of starting with fake assets, it starts with the real environment. Every organization has drift: stale internet resources, outdated assets forgotten to decommissioned, employees who left but credentials were not disabled, and assumptions attackers may discover during reconnaissance.
Traditionally, defenders treat these as hygiene problems to clean up.
Deceiving Off The Land asks a different question:
Can we identify those mistakes first and turn them into defensive leverage?
Turning Reconnaissance Against the Attacker
Attackers rely on the information they collect. They enumerate users, systems, domains, paths, assets, and access points. Then they build plans around what they believe is true. But if that knowledge becomes unstable, the attacker’s plan becomes fragile.
A username that worked yesterday may no longer be valid. A hostname may rotate. A stale asset reference may have become a deception resource. When attackers reuse outdated reconnaissance, they reveal themselves.
That is the heart of Deceiving Off The Land: make adversary knowledge expire.
Rather than waiting for an attacker to touch a passive decoy, defenders can shape the environment so that adversaries are forced to interact with deception through their own assumptions.
Why This Matters for the DIB
The Defense Industrial Base operates in complex, high-value environments where attackers are persistent and patient. These networks are rarely perfect. They include legacy systems, operational constraints, partner dependencies, identity sprawl, and constant change.
That reality makes Deceiving Off The Land especially relevant.
The goal is not to replace hardening, detection, threat intelligence, or incident response. The goal is to add a layer that changes the attacker’s decision-making environment.
Instead of viewing imperfections only as risk, defenders can turn them into detection, deflection, and disruption opportunities.
The NDCA Deeper Dive
The NDCA session gave me the opportunity to go further into the methodology.
We discussed how defenders have actually identified environmental mistakes, and then converted those same mistakes into deception opportunities with revealing success. We also explored how dynamic deception, rotation, invalidation, and counter-reconnaissance can make attacker planning less reliable.
This deeper dive fit well with NDCA’s mission around collaboration, intelligence, and shared defense. Deception is not just a product feature. It is a defensive strategy that becomes more powerful when paired with shared intelligence and operational context.
Frenetik and the Product Behind the Methodology
The product behind this work is Frenetik.
Frenetik is built around the idea that adversaries should not merely stumble into deception. They should be forced into it by the assumptions they make about the real environment, the real organization, its real history and future – warts and all.
That is the practical promise of Deceiving Off The Land: turning stale adversary knowledge into defender signal.
Closing Thought
I was grateful to present this work at DC3 DCISE TechEx Spring 2026 and to follow it with a deeper technical discussion for the NDCA community.
The two events were separate, but they shared a common theme: defending sensitive networks requires collaboration, innovation, and a willingness to rethink old models. Classic deception still has value. But the future of deception is not just fake things waiting to be touched. The future is deception built from the real environment — adaptive, dynamic, and designed to make attackers reveal themselves through the assumptions they thought they could trust.
If you are a member of the Defense Industrial Base, please join DC3 DIB-CS program, and NDCA. If you are interested in “Deceiving Off The Land”, please reach out.