By: Amanda Davi
March 25, 2021
Fighting the Good Fight: Cybrary & MITRE Join Forces to Battle the Cybersecurity Skills Gap with the Launch of MITRE ATT&CK Defender™
By: Amanda Davi
March 25, 2021
Although there’s still progress to be made, cyber professionals fighting the growing tide of new and advanced threats just got a new weapon in their security defense arsenal. Earlier today, Cybrary and MITRE Engenuity, MITRE's tech foundation for public good, announced an industry partnership to offer MITRE ATT&CK Defender™ (MAD), a new online training and certification product.
Ralph Sita Jr., Co-Founder and President of Cybrary, along with Rick Gordon, Managing Director of Programs for MITRE Enginuity, recently connected to provide a peek behind the curtain of their new partnership. They discuss the genesis of their mutually beneficial partnership and what they hope to accomplish in 2021 and beyond -- for both the industry as a whole and the countless individuals on the security frontlines.
Genesis of the Partnership: A Symbiotic Relationship
Ralph Sita (RS): Simply put, as the leading cybersecurity training platform, we’re always searching for the best, most efficient, and quickest ways possible to successfully guide all of our members along their respective career paths. Hands down, the MITRE ATT&CK framework is one of the best ways for security professionals to learn the strategies, tactics, and techniques needed when either building preemptive defenses, responding to ongoing threats, or mitigating the damages following a successful breach. We believe MITRE is perfectly aligned with our mission to provide the right tools to arm cyber defenders in the ongoing cyber battle. This practitioner “playbook” can help individuals and organizations alike get to the core of what’s happening in the cyber-verse and avoid looking for an extinguisher if they’re already in the middle of a fire.
Additionally, Cybrary and MITRE Engenuity share similar philosophies regarding cybersecurity training: do what it takes for the common good. As such, cybersecurity training should not just be a privilege for those who can dedicate a lot of time to learn it or resources to afford it, but rather for mass consumption ultimately increasing the odds of keeping the bad guys out. This means that training sessions and certifications should be divided into “bite-sized” pieces that focus on what’s most topical at that point in time. By having these smaller pieces of information available for consumption and updated regularly, practitioners will ultimately be better equipped to address the security needs of an evolving threat landscape. The scales are finally tipping in favor of the advantaged defender.
Rick Gordon (RG): First and foremost, MITRE ATT&CK® was designed to enable efficiencies when sharing threat intelligence and provide a structure around the allocation of resources for security strategies, tactics, and techniques. However, we’re still in the “first inning” of the game. A recent study we conducted shows that even though 82% of cybersecurity professionals are familiar with ATT&CK, only 8% indicated they’re using it on a regular basis. This is where Cybrary is able to help tremendously. With access to nearly 3 million members of the cybersecurity community and a set infrastructure already in place, Cybrary is able to ramp up the community’s skill to apply ATT&CK to their advantage to get ahead of agile adversaries instead of playing catch up by responding to traditional IOCs.
Secondly, as Ralph mentioned, MITRE has always been focused on the public good and we are committed to democratizing in-depth knowledge and mastery in ATT&CK. Years ago when I began my career in the cyber industry, the capability to build threat intelligence was intentionally scarce. It was important for us to find a partner that shares our ethos in broadening access to these skills and making them as easily accessible and digestible as possible. Cybrary embodies all of these attributes and cyber defenders across the globe are better off because of it.
Where do we go from here? A Roadmap for the Future of Cybersecurity Training
RS: As a result of this partnership, our hope is that we can make a real dent in the cybersecurity skills gap at a faster pace. This will also allow professionals to be more confident in their every-day roles and responsibilities since many have previously expressed they lacked the proper skills and training to operate at a high-level. By providing more tangible skills around implementing ATT&CK and empowering users to take advantage of its immense potential, Cybrary is hoping to help organizations big and small move the needle when it comes to their security postures.
RG: There are many outstanding security training programs and certifications in the marketplace that vary widely in price, structure, or timeline. However, the fact remains that adversaries can and do pivot at a moment’s notice; MAD certification and training will offer that same flexibility to change right along with them. Security professionals can now learn around their own “pandemic schedule”, whether it's a 15 minute walk around the neighborhood or a 10 minute coffee break. MAD’s bite sized training allows them to learn on the go and at their own pace.
The next step in this process is critical. It’s not enough to just put the knowledge out there and hope people find it, you have to make it a part of the entire ecosystem. We understand that the MAD assessments are challenging, but they are designed by MITRE’s own ATT&CK subject matter experts to be hard and meaningful. Potential employers will know the MAD credentials that professionals hold affirm that a practitioner has mastery in the application of ATT&CK and is capable of applying threat-informed defense approaches to better protect the enterprise. All of the training, hands-on exercises, hand-outs, resources, the assessments, the badge requirements and the certifications come straight from experts that live and breathe ATT&CK.
This partnership between MITRE and Cybrary is specifically designed to educate hundreds of thousands, if not millions, of security practitioners over the next decade and, ultimately, take a big bite out of the cybersecurity skills gap. I’ve been a fan of Cybrary ever since they started on their quest to bridge this gap years ago, and working with Ralph and the rest of the Cybrary team is something that both I and the rest of the MITRE Engenuity team are extremely excited about.