Already a MAD subscriber?
Log in to your existing MAD Skills Hub account

Join the community of Certified MITRE ATT&CK® Defenders who have proven their real-world mastery in applying the knowledge of adversary behaviors to improve security configurations, analytics and decision-making.

One year of unlimited access to ATT&CK badges and certifications – USD 299


MITRE ATT&CK Defender is the cybersecurity community’s new ATT&CK training and certification program produced by MITRE’s own ATT&CK subject matter experts.

Our mission is to close the cybersecurity skills gap with ATT&CK. Certified Defenders use ATT&CK for threat-informed defense and organizations can now unearth practitioners with mastery in the application of ATT&CK across disciplines.

Why are we forging Certified ATT&CK Defenders? 

We commissioned a comprehensive survey on The State of MITRE ATT&CK® in Threat-Informed Defense to better understand the use of ATT&CK in the community. We learned that 82% of respondents know ATT&CK, but only 8% use it regularly.  We also learned that hiring managers value ATT&CK skills: 70% actively seek out employees who have the skill to apply ATT&CK. We’ve built MITRE ATT&CK Defender to train and certify mastery in the application of ATT&CK. 

Currently available MAD Badges and Certificates
Stay current with just-in-time recertification

The ATT&CK team produces timely updates to the framework when there are significant impacts to the threat landscape. Alongside these updates, MAD will require that the defender initiate a recertification exercise to affirm continuous proficiency against the latest threats.

Created by ATT&CK Experts

MAD Training and Assessments are created by MITRE’s own ATT&CK subject matter experts, currently on a mission to forge a new breed of advantaged defenders, better prepared than ever to stop agile adversaries.   Learn from the experts in this 45min. on-demand webinar.

Andy Applebaum

Andy Applebaum

Principal Cyber Security Engineer at MITRE

Dr. Dan Ellis

Dr. Dan Ellis

Principal Cyber Operations Engineer at MITRE

Jackie Lasky

Jackie Lasky

Senior Cybersecurity Engineer at MITRE ATT&CK® Cyber Threat Intelligence Analyst

Steve Luke

Steve Luke

Director of Content MITRE ATT&CK Defender

Adam Pennington

Adam Pennington


Amy L. Robertson

Amy L. Robertson

Senior Cybersecurity Engineer at MITRE

Dr. Clem Skorupka

Dr. Clem Skorupka

Principal Cybersecurity Engineer at MITRE

Jamie Williams

Jamie Williams

Lead Cyber Adversarial Engineer at MITRE

Earn Certifications

With a subscription to MAD, subscribers will validate their mastery of ATT&CK concepts across disciplines. With MAD badges and certifications, team leaders can be confident that a certified practitioner can employ the latest threat-informed defense using ATT&CK.

CTI Certification

The ATT&CK Cyber Threat Intelligence (CTI) Certification is for practitioners interested in certifying a mastery in the application of ATT&CK to improve existing threat intelligence practices. The training and experiential assessments validate a learner’s ability to map to ATT&CK from both finished reporting and raw data, perform CTI analysis using ATT&CK-mapped data, make defensive recommendations based on research, and more.


  • Earn five badges by passing five distinct Assessments with an average 80% or better score
  • Prepare with a comprehensive training course and eight hands-on exercises
SOC Assessments Certification

The ATT&CK Security Operations Center (SOC) Certification validates defenders’ proficiency at using ATT&CK to perform rapid, low overhead SOC Assessments. The certification confirms defenders’ abilities to align modern security operations with ATT&CK for a threat-informed defense. Specific topics include analysis of SOC tools and resources, interview and discussion capability, ATT&CK with personnel, and building recommendations based on results.


  • Earn four badges by passing four distinct Assessments with an average 80% or better score
  • Prepare with a comprehensive training course and nine hands-on exercises

Annual Subscription

$299 USD per person

Provides unlimited access to ATT&CK® certifications and online training courses

Free on-demand educational content
MITRE Engenuity is a trusted tech foundation that brings industry together to apply state of the art MITRE innovation for the public good. We partnered with Cybrary to bring you unlimited free MITRE ATT&CK Framework® online training to help you better apply ATT&CK® to your work and succeed at passing the MITRE ATT&CK Defender certification assessments.

Get the “Quick ATT&CK Facts” Newsletter 

Follow us at @MITREattackDef


What is MAD?

MITRE ATT&CK Defender (MAD) is a program run by MITRE Engenuity, Inc. that includes the MAD product that provides access to ATT&CK® education and certifications.

Who issues MAD credentials?

MITRE Engenuity, Inc., the MITRE Corporation’s tech foundation for the public good, issues all MITRE ATT&CK Defender credentials through the MAD Program.

What does the MAD Program do?

The MITRE ATT&CK Defender program creates and delivers free online training to help cyber security defenders better adopt and use the MITRE ATT&CK Framework for threat-informed defense; and administers a family of certifications.

How much does it cost to access MAD?

Individuals access MAD by purchasing a MITRE ATT&CK Defender Individual Subscription for a $299 USD annual fee.

Are enterprise licenses available?

To learn more about enterprise licenses, please complete this form

What certifications can I earn?

ATT&CK® Cyber Threat Intelligence
ATT&CK® Security Operations Center Assessment

What does a certification prove to the industry?

The certification affirms that the individual has met MITRE Engenuity’s definition of real-world mastery, knowledge, and proficiency in the application of MITRE ATT&CK® in a particular subject matter.

How do I earn the certifications?

MITRE ATT&CK Defender certifications bring a new approach to certifications in the cyber security industry. Certifications only require learners to pass a series of assessments to earn current badges. Each certification is automatically awarded to learners who earns the required badges for that certification. Each badge requires the learner to demonstrate mastery of a specific set of topics within the subject matter.

What score do I need to pass an Assessment?

Learners must earn a passing score for each assessment (typically 80 percent). Once a learner passes an assessment, they are issued a badge affirming mastery of the application of ATT&CK® in that set of topics.

What Badges can I earn?

ATT&CK® Fundamentals
ATT&CK® Cyber Threat Intelligence from Narrative Reporting
ATT&CK® Cyber Threat Intelligence from Raw Data
ATT&CK® Cyber Threat Intelligence Storage and Analysis
ATT&CK® Cyber Threat Intelligence Defensive Recommendations
ATT&CK® Security Operations Center Assessment Fundamentals
ATT&CK® Security Operations Center Assessment Analysis
ATT&CK® Security Operations Center Assessment Synthesis

How can I prepare for the certifications?

Practitioners gain knowledge and skill by watching the MAD online training courses available through our partner Cybrary.

What online training courses are available?

ATT&CK® Fundamentals
Mapping to ATT&CK® from Narrative Reporting
Mapping to ATT&CK® from Raw Data
Storing and Analyzing ATT&CK®-mapped Intelligence
Making ATT&CK®-mapped Data Actionable with Defensive Recommendations
Overview of ATT&CK®-based SOC Assessments
Analyzing SOC Components with ATT&CK®
Synthesizing SOC Assessments