Cybrary, the world's largest online cybersecurity professional development platform, and MITRE Engenuity, MITRE's tech foundation for public good, today announced a partnership to offer MITRE ATT&CK Defender™ (MAD), a new online training and certification product designed to enable defenders to gain the advantage over cyber adversaries. MAD is anchored by knowledge from the source, the authors of MITRE ATT&CK®, and training is freely available to the community through Cybrary's growing catalog of cybersecurity training and MITRE Engenuity's continuing service to the public good.
The skills gap among cybersecurity professionals means organizations are unable to keep pace with threats. To better prepare them against agile and evasive adversaries, MAD focuses on teaching and certifying cybersecurity practitioners in the real-world application of ATT&CK for threat-informed defense. MAD is unique in that the credentials carry no set expiration date, instead requiring recertification as the threat environment changes. Practitioners will have to recertify within 90 days of an update to the curriculum to ensure MAD certified defenders continuously stay ahead of adversaries as the threat landscape evolves over time.
"We're thrilled to work with MITRE Engenuity to add more technical content and timely resources for our entire community," said Cybrary co-founder and CEO Ryan Corey. "As cyber threats become both more frequent and sophisticated, this new MAD program is a great way for industry professionals to enhance their skills to address the latest attack techniques and strategies."
"Over the years, we've seen the security community embrace our MITRE ATT&CK framework, but many practitioners have struggled to confidently and practically apply it in their work to gain an advantage. With the launch of MAD, practitioners will have access to learn and master the application of the ATT&CK knowledgebase to get ahead of adversaries," said Steve Luke, director of content, MITRE ATT&CK Defender. "In collaboration with Cybrary, we're confident in our ability to strengthen the community and make a positive impact to shrink the skills gap."
MITRE Engenuity commissioned Cybersecurity Insiders for a recent survey "The State of MITRE ATT&CK® Threat Defense in 2021." The survey of 290 IT security professionals found that:
Although 82 percent of respondents said they know about the MITRE ATT&CK framework, only 8 percent reported that they are using the ATT&CK framework regularly;
84 percent noted they have not mapped their data and analytics to ATT&CK techniques;
83 percent of respondents said they feel confident that they could utilize ATT&CK, but 62 percent rarely or never use it;
80 percent of survey participants have shown interest in ATT&CK training while only 10 percent accessed formal training;
86 percent said they would like to learn more about how to apply ATT&CK; and
70 percent of hiring managers seek out employees who have the skill to apply ATT&CK, and 73 percent of respondents found it valuable to have credentials validating mastery in applying ATT&CK.
In keeping with its efforts to make cyberspace safer for all, MITRE Engenuity is making courses freely available in the Cybrary catalog. The initial catalog will include three courses and will expand during the year:
ATT&CK Fundamentals – how ATT&CK and a threat-informed mindset can help focus our efforts toward understanding and improving how our defenses actually fare against real-world adversaries
ATT&CK SOC Assessments – how to leverage ATT&CK to conduct Security Operations Center (SOC) assessments
ATT&CK Cyber Threat Intelligence – how to apply ATT&CK to improve threat intelligence practices.
Individuals and teams can now subscribe to the MITRE ATT&CK Defender training and certification product to learn ATT&CK, earn badges and certifications, and keep up to date as the threat landscape changes. For more information, visit mitre-engenuity.org/mad/.