courses
Free

MITRE ATT&CK Defender™ (MAD) ATT&CK® SOC Assessments Certification Training

Do you know how to leverage the MITRE ATT&CK® framework to conduct Security Operations Center (SOC) assessments? Join highly regarded MITRE engineers in this MITRE ATT&CK Defender™ (MAD) ATT&CK SOC Assessments Certification Training course to get the knowledge you need for the certification and evaluate how your current defenses map to ATT&CK.
4
Share
Start CourseSubscribe for UpdatesNeed to train your team? Learn more
Create Free AccountNeed to train your team? Learn more
3
16
M
Time
intermediate
difficulty
2
ceu/cpe

Course Content

Overview of ATT&CK®-based SOC Assessments
Analyzing SOC Components with ATT&CK®
Synthesizing SOC Assessments
Breaking Down Tools

14m

Analyzing SOC Components with ATT&CK®
Analyzing Analytics

14m

Analyzing SOC Components with ATT&CK®
Working with Data Sources Part 2

7m

Analyzing SOC Components with ATT&CK®
Working with Data Sources Part 1

11m

Analyzing SOC Components with ATT&CK®
Setting a Coverage Rubric

13m

Analyzing SOC Components with ATT&CK®
Scoping an Assessment

7m

Overview of ATT&CK®-based SOC Assessments
Framing an Assessment

11m

Overview of ATT&CK®-based SOC Assessments
A Methodology for Assessments

10m

Overview of ATT&CK®-based SOC Assessments
Introduction: Bringing ATT&CK® into the SOC

8m

Overview of ATT&CK®-based SOC Assessments
SOC Assessments Demo 2

11m

Synthesizing SOC Assessments
SOC Assessments Demo 1

13m

Synthesizing SOC Assessments
Proposing Recommendations Part 2

14m

Synthesizing SOC Assessments
Proposing Recommendations Part 1

13m

Synthesizing SOC Assessments
Compiling a Final Heatmap Part 2

10m

Synthesizing SOC Assessments
Compiling a Final Heatmap Part 1

13m

Synthesizing SOC Assessments
Communicating with ATT&CK®

15m

Synthesizing SOC Assessments
Interviewing Staff

14m

Synthesizing SOC Assessments
Course Description

The MITRE ATT&CK® framework has helped people across the security community adopt a threat-informed mindset and better align what they’re doing towards understanding and defending against real-world adversaries. But for organizations just getting started, it’s not always clear how to adopt it – sure, the concepts make sense, but how do you actually implement ATT&CK®? For many, the answer lies in understanding where they currently stand: without knowing how your current defenses map to ATT&CK®, it’s hard to see where you should improve.

This MITRE SOC course is designed to help answer this problem by teaching students how to leverage ATT&CK® to conduct Security Operations Center (SOC) assessments. These assessments are designed to be rapid, low overhead, and broad enough to help the SOC get on their feet with ATT&CK®. Specific subjects we’ll cover include how to analyze SOC technologies like tools and data sources, how to interview and discuss ATT&CK® with SOC personnel, and how to recommend changes based on assessment results.

Target Audience for the MITRE SOC Course

Anyone involved in or consulting with the day-to-day operations of a security operations center looking to adopt ATT&CK®.

Prerequisites for this MITRE SOC Training

  • An understanding of the ATT&CK® framework through the [MITRE ATT&CK Defender™ (MAD) ATT&CK® Fundamentals Badge course](https://www.cybrary.it/course/mitre-attack-defender-mad-attack-fundamentals/)
  • An understanding of information security and technology, and security operations

    • MITRE SOC Course Goals

    By the end of this MITRE SOC course, students should be able to:

  • Understand how SOC technologies map to ATT&CK® at a high level
  • Walk through an ATT&CK®-based SOC assessment
  • Interview and discuss ATT&CK® with SOC personnel
  • Effectively communicate findings with ATT&CK®
  • Propose enhancements to better align operations with ATT&CK®
    • Note: Per our partnership agreement with MITRE Engenuity, MITRE will have access to learner usage data.

    This course is part of a Career Path:
    No items found.

    Instructed by

    Instructor
    Andy Applebaum

    Andy Applebaum is a principal cybersecurity engineer at MITRE. He works on applied and theoretical security research problems, primarily in the realms of cyber defense, security automation, and automated adversary emulation. As a well-established researcher, he's published numerous papers and spoken at multiple academic and industry conferences, including Black Hat Europe, SANS Security Operations Summit, BSides NOVA, and the FIRST Conference.

    Before working at MITRE, Andy received his Ph.D. in Computer Science from the University of California Davis.

    Instructor
    Dr. Clem Skorupka

    Dr. Clem Skorupka is a Principal Cybersecurity Engineer at MITRE. His work has spanned both operations and research, focusing on improving the effectiveness of threat information in organizations. Throughout his career, he's developed new techniques and technologies that enhance cybersecurity data collection, sharing, and application for the DoD, the IC, and, more recently, for civilian government sponsors. Dr. Skorupka is a co-author of NIST's Special Publication 800-150 "Guide to Cyber Threat Information Sharing".

    Dr. Skorupka holds B.S., M.S., and Ph.D. in Physics and is the recipient of an Office of Naval Technology Postdoctoral Fellowship. "

    Provider
    Cybrary Logo
    Certification Body
    MITRE Engenuity
    Certificate of Completion

    Complete this entire course to earn a MITRE ATT&CK Defender™ (MAD) ATT&CK® SOC Assessments Certification Training Certificate of Completion