ATT&CK® Security Operations Center Assessment Analysis Badge

ATT&CK SOC Assessment Analysis assessment tests students’ abilities to map common SOC components back to the ATT&CK framework; those who’ve passed the exam have shown themselves to be proficient in understanding SOC components as they relate to the framework. The focus is to validate: • Ability to set and customize a coverage scheme for an assessment • Mastery in evaluating different data sources, tools, and analytics that might be found in a SOC and assess how well each one covers the techniques in ATT&CK • Proficiency in going from component to component within a SOC and running it against the ATT&CK framework Meet the training and mastery assessment authors: Dr. Andy Applebaum Principal Cyber Security Engineer at MITRE Andy Applebaum is a principal cybersecurity engineer at MITRE. He works on applied and theoretical security research problems, primarily in the realms of cyber defense, security automation, and automated adversary emulation. As a well-established researcher, he's published numerous papers and spoken at multiple academic and industry conferences, including Black Hat Europe, SANS Security Operations Summit, BSides NOVA, and the FIRST Conference. Before working at MITRE, Andy received his Ph.D. in Computer Science from the University of California Davis. Dr. Clem Skorupka Principal Cybersecurity Engineer at MITRE Dr. Clem Skorupka is a Principal Cybersecurity Engineer at MITRE. His work has spanned both operations and research, focusing on improving the effectiveness of threat information in organizations. Throughout his career, he's developed new techniques and technologies that enhance cybersecurity data collection, sharing, and application for the DoD, the IC, and, more recently, for civilian government sponsors. Dr. Skorupka is a co-author of NIST's Special Publication 800-150 "Guide to Cyber Threat Information Sharing". Dr. Skorupka holds B.S., M.S., and Ph.D. in Physics and is the recipient of an Office of Naval Technology Postdoctoral Fellowship. " Steve Luke Director of Content at MITRE ATT&CK Defender ™ Steve Luke is the Director of Content for MITRE ATT&CK Defender™. He’s dedicated to empowering organizations with more effective ways to robustly detect and respond to cyber-attacks. Since 2007, Steve has focused on delivering innovative solutions to cyber missions, with a special focus on ATT&CK® and its application to hunting. Steve co-authored a paper on TTP-Based Hunting, developed and delivered educational materials about that methodology, and leads purple teaming events to explore ATT&CK techniques and develop robust analytic approaches to detect them. Steve earned a B.S. and Masters of Engineering in Electrical Engineering from Cornell University with a focus on digital signal processing. Prior to joining MITRE in 2005, he served as an officer in the United States Air Force. To consider before attempting to earn the badge: • Have a solid understanding of the ATT&CK Framework • Understand information security technology and security operations • Complete the ATT&CK SOC Assessment training course