MITRE ATT&CK DEFENDER™ (MAD)
MITRE ATT&CK Defender is the cybersecurity community’s new MITRE ATT&CK® training and certification product produced by MITRE’s own ATT&CK subject matter experts.
Our mission is to close the cybersecurity skills gap with ATT&CK. Certified defenders use ATT&CK for threat-informed defense and organizations can now unearth practitioners with mastery in the application of ATT&CK across disciplines.
Practitioners access MAD through an annual subscription that gives access to a family of ATT&CK assessments designed as micro-credential badges. Each badge is supported by bite-sized preparedness training videos.
The ATT&CK team produces timely updates to the framework when there are significant impacts to the threat landscape. Alongside these updates, MAD will require that the defender initiate a recertification exercise to affirm continuous proficiency against the latest threats.
Created by ATT&CK Experts
MAD Training and Assessments are created by MITRE’s own ATT&CK subject matter experts, currently on a mission to forge a new breed of advantaged defenders, better prepared than ever to stop agile adversaries.
Principal Cyber Security Engineer at MITRE
Dr. Dan Ellis
Principal Cyber Operations Engineer at MITRE
Senior Cybersecurity Engineer at MITRE ATT&CK® Cyber Threat Intelligence Analyst
Director of Content MITRE ATT&CK Defender
MITRE ATT&CK® Lead
Amy L. Robertson
Senior Cybersecurity Engineer at MITRE
Dr. Clem Skorupka
Principal Cybersecurity Engineer at MITRE
Lead Cyber Adversarial Engineer at MITRE
With a subscription to MAD, subscribers will validate their mastery of ATT&CK concepts across disciplines. With MAD badges and certifications, team leaders can be confident that a certified practitioner can employ the latest threat-informed defense using ATT&CK.
The ATT&CK Cyber Threat Intelligence (CTI) Certification is for practitioners interested in certifying a mastery in the application of ATT&CK to improve existing threat intelligence practices. The training and experiential assessments validate a learner’s ability to map to ATT&CK from both finished reporting and raw data, perform CTI analysis using ATT&CK-mapped data, make defensive recommendations based on research, and more.
- Earn five badges by passing five distinct Assessments with an average 80% or better score
- Prepare with a comprehensive training course and eight hands-on exercises
The ATT&CK Security Operations Center (SOC) Certification validates defenders’ proficiency at using ATT&CK to perform rapid, low overhead SOC Assessments. The certification confirms defenders’ abilities to align modern security operations with ATT&CK for a threat-informed defense. Specific topics include analysis of SOC tools and resources, interview and discussion capability, ATT&CK with personnel, and building recommendations based on results.
- Earn four badges by passing four distinct Assessments with an average 80% or better score
- Prepare with a comprehensive training course and nine hands-on exercises
MITRE ATT&CK Defender
$299 USD per person
Provides unlimited access to ATT&CK® certifications and online training courses
Not ready to subscribe yet?
Register to stay informed and follow us on Twitter @MITREattackDef
What is MAD?
MITRE ATT&CK Defender (MAD) is a program run by MITRE Engenuity, Inc. that includes the MAD product that provides access to ATT&CK® education and certifications.
Who issues MAD credentials?
MITRE Engenuity, Inc., the MITRE Corporation’s tech foundation for the public good, issues all MITRE ATT&CK Defender credentials through the MAD Program.
What does the MAD Program do?
The MITRE ATT&CK Defender program creates and delivers free online training to help cyber security defenders better adopt and use the MITRE ATT&CK Framework for threat-informed defense; and administers a family of certifications.
How much does it cost to access MAD?
Individuals access MAD by purchasing a MITRE ATT&CK Defender Individual Subscription for a $299 USD annual fee.
Are enterprise licenses available?
To learn more about enterprise licenses, contact MAD@mitre-engenuity.org.
What certifications can I earn?
ATT&CK® Cyber Threat Intelligence
ATT&CK® Security Operations Center Assessment
What does a certification prove to the industry?
The certification affirms that the individual has met MITRE Engenuity’s definition of real-world mastery, knowledge, and proficiency in the application of MITRE ATT&CK® in a particular subject matter.
How do I earn the certifications?
MITRE ATT&CK Defender certifications bring a new approach to certifications in the cyber security industry. Certifications only require learners to pass a series of assessments to earn current badges. Each certification is automatically awarded to learners who earns the required badges for that certification. Each badge requires the learner to demonstrate mastery of a specific set of topics within the subject matter.
What score do I need to pass an Assessment?
Learners must earn a passing score for each assessment (typically 80 percent). Once a learner passes an assessment, they are issued a badge affirming mastery of the application of ATT&CK® in that set of topics.
What Badges can I earn?
ATT&CK® Cyber Threat Intelligence from Narrative Reporting
ATT&CK® Cyber Threat Intelligence from Raw Data
ATT&CK® Cyber Threat Intelligence Storage and Analysis
ATT&CK® Cyber Threat Intelligence Defensive Recommendations
ATT&CK® Security Operations Center Assessment Fundamentals
ATT&CK® Security Operations Center Assessment Analysis
ATT&CK® Security Operations Center Assessment Synthesis
How can I prepare for the certifications?
Practitioners gain knowledge and skill by watching the MAD online training courses available through our partner Cybrary.
What online training courses are available?
Mapping to ATT&CK® from Narrative Reporting
Mapping to ATT&CK® from Raw Data
Storing and Analyzing ATT&CK®-mapped Intelligence
Making ATT&CK®-mapped Data Actionable with Defensive Recommendations
Overview of ATT&CK®-based SOC Assessments
Analyzing SOC Components with ATT&CK®
Synthesizing SOC Assessments