Building on the foundation of mitre ATT&CK™ to improve cyber defense at scale.

The Center for Threat-Informed Defense is a privately funded research and development organization focused on advancing the state-of-the-art and the-state-of-the-practice in threat-informed defense. Together with Center participants, we conduct applied research and advanced development to improve cyber defense at scale for the global community. The Center brings together the best security teams from around the world to identify and solve the most-pressing problems facing cyber defenders.

The Center builds on MITRE ATT&CK™, an important foundation for threat-informed defense used by security teams and vendors around the world in their enterprise security operations. Our research and development is informed by this deep technical understanding of cyber adversaries, their tradecraft, and technology. And, since the Center operates for the public good, we freely share the outputs of our research and development for the benefit of all.

There is an ever-louder call for MITRE to expand upon ATT&CK and ensure that it remains open, free, and keeps pace with evolving threats. The Center brings together this robust and rapidly growing community to conduct research in support of ATT&CK and accelerate innovation in threat-informed defense.

Login to Center for Threat-Informed Defense

Our Research Approach

We do research for impact

Center projects focus on addressing practical, real-world problems faced by organizations around the world. The Center’s projects, chosen and funded by participants, will:

  • Increase the global understanding of cyber adversaries and their tradecraft by expanding upon the MITRE ATT&CK™ knowledge base
  • Advance threat-informed defense in cyber operations with open-source software, methodologies, and frameworks
  • Publish data sets critical to better understanding adversaries and their movements

Our goal is to change the game on adversaries by relentlessly improving our collective ability to prevent, detect, and respond to cyberattacks.

Public Interest Impact

public interest icon
Bringing together sophisticated security teams from leading organizations around the world to expand the global understanding of adversary behaviors
public interest icon
Creating focus, collaboration, and coordination to accelerate innovation in threat-informed defense, building on the MITRE ATT&CK framework
public interest icon
Creating a scalable platform for identifying and pursuing collaborative R&D in the public interest

How to Join

Because the cyber challenges we face are bigger than any single organization, sector, or country, we’re committed to bring together:

  • Global end-user and critical infrastructure companies
  • Leading technology companies
  • Cybersecurity-related non-profits including ISACs and ISAOs

For more information, contact us at

More about participation arrow image

Current Participants

Research Partners

Founding Member
Founding Member
Founding Member
Founding Member

Research Sponsors

Founding Member
Founding Member
Founding Member
Founding Member
Founding Member
Founding Member
Founding Member
Founding Member

Non-Profit Participants

Founding Member

Our Leadership

  • Richard J. Struse

    Director, Center for Threat-Informed Defense

    Richard Struse is the Director for MITRE Engenuity’s Center for Threat-Informed Defense. He also is the Chief Strategist for Cyber Threat Intelligence at The MITRE Corporation, leading the effort to improve cyber defense by better understanding the adversary’s tactics and techniques.

    Prior to joining MITRE, Struse served as Chief Advanced Technology Officer for the U.S. Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) where he was responsible for technology vision, strategy, and implementation in support of the NCCIC’s mission. He was recognized with one of the Department’s highest honors, the Secretary’s Award for Excellence, for his pioneering role in creating the STIX and TAXII automated information sharing initiatives which have been widely adopted across the public and private sectors.

    Among his many recognitions, Struse was named by Federal Computer Week as one of the “Federal 100” for his leadership role in the development of cyber threat intelligence technology standards. In 2016, OASIS recognized Struse as an "OASIS Distinguished Contributor" for his leadership of the STIX and TAXII standardization efforts.

  • Jonathan O. Baker

    Director of Research and Development, Center for Threat-Informed Defense

    Jon Baker is the founding Director of Research for MITRE Engenuity’s Center for Threat-Informed Defense. In addition to co-founding the Center, he is the Adversary Emulation and SOC Orchestration Department Head in The MITRE Corporation’s Cyber Operations and Effect Technology Center. His department leads the development of ATT&CK and works to advance adversary emulation as a capability to drive innovation in defensive cyber operations.  

    Jon has spent much of the past sixteen years at MITRE, working with industry and government partners to increase the affordability, efficiency, and effectiveness of cybersecurity automation and information sharing technologies. He led the MITRE team that developed STIX and TAXII, which enable automated cyber threat intelligence sharing. Jon led MITRE’s security automation team through the development of SCAP and managed the CVE team.  He was a cocreator of OVAL, a standard language for describing and checking for the presence of misconfigurations, vulnerabilities, and other endpoint artifacts.  

    Baker holds a bachelor’s degree in psychology from Tufts University and a master’s degree in computer science from Boston University.