ATT&CK Purple Teaming Methodology Certification Path

MITRE ATT&CK® subject matter experts continuously develop the training and mastery assessment built for the ATT&CK® Fundamentals Badge. Their focus is to validate a defender's ability to understand the ATT&CK framework (the data along with the philosophy that has shaped ATT&CK) as well as recognize how ATT&CK can be applied to operational challenges/opportunities. The ATT&CK® Fundamentals Badge validates that a defender: • Understands what knowledge is and isn't captured within ATT&CK • Understands how and why ATT&CK evolves • Can manipulate and extend ATT&CK to meet tailored needs Meet the training and mastery assessment author: Jamie Williams Lead Cyber Adversarial Engineer at MITRE Jamie Williams is a Cyber Adversarial Engineer for the MITRE Corporation. He works on various exciting efforts involving security operations and research, specializing in adversary emulation and behavior-based detections. He also leads teams that help shape and deliver the "adversary-touch" within ATT&CK® and ATT&CK Evaluations. Before joining MITRE, Jamie received his M.S. in Information Systems Engineering from Johns Hopkins University and his B.S. in Information Systems from the University of Maryland, Baltimore County (UMBC). Steve Luke Director of Content MITRE ATT&CK Defender ™ Steve Luke is the Director of Content for MITRE ATT&CK Defender™. He’s dedicated to empowering organizations with more effective ways to robustly detect and respond to cyber-attacks. Since 2007, Steve has focused on delivering innovative solutions to cyber missions, with a special focus on ATT&CK® and its application to hunting. Steve co-authored a paper on TTP-Based Hunting, developed and delivered educational materials about that methodology, and leads purple teaming events to explore ATT&CK techniques and develop robust analytic approaches to detect them. Steve earned a B.S. and Masters of Engineering in Electrical Engineering from Cornell University with a focus on digital signal processing. Prior to joining MITRE in 2005, he served as an officer in the United States Air Force.

The ATT&CK Cyber Threat Intelligence Defense Recommendations badge validates a defender’s mastery of using ATT&CK mapped data to make defensive recommendations for an enterprise. The focus is to validate: • Mastery in how the defensive recommendation process works • Mastery in how techniques and sub-techniques are used in ATT&CK CTI • Proficiency in understanding constraints and tradeoffs within organizations Meet the training and mastery assessment authors: Amy L. Robertson Senior Cybersecurity Engineer at MITRE Amy Robertson is a Senior Cybersecurity Engineer for the MITRE corporation with over a decade of experience mitigating national security cyber risk. Amy provides cyber threat intelligence support to a number of mission spaces, including space assets and weapons systems. Before joining MITRE, Amy led the Department of Homeland Security's NCCIC Strategic Communications team and supported international cyber collaboration and capacity-building programs across Europe and Central Asia. Amy's experience extends into the private sector, where she managed cyber risk assessments and Cyber-OSINT & SOCMINT investigations for critical infrastructure portfolios. Ms. Robertson received a B.A in Social Science and History from Thomas Edison State College. She graduated Magna Cum Laude from Johns Hopkins University with an M.A. in Global Security Studies. Jackie Lasky Senior Cybersecurity Engineer at MITRE ATT&CK® Cyber Threat Intelligence Analyst Jackie Lasky is a Senior Cybersecurity Engineer and ATT&CK® Cyber Threat Intelligence Analyst for the MITRE Corporation. She's been a member of the MITRE ATT&CK® team for three years and is currently involved in various efforts involving data analytics, machine learning, and CTI for ATT&CK®. Jackie holds a B.S. in Computer Science from George Mason University and is currently working on her M.S. in Analytics at the Georgia Institute of Technology. Steve Luke Director of Content MITRE ATT&CK Defender ™ Steve Luke is the Director of Content for MITRE ATT&CK Defender™. He’s dedicated to empowering organizations with more effective ways to robustly detect and respond to cyber-attacks. Since 2007, Steve has focused on delivering innovative solutions to cyber missions, with a special focus on ATT&CK® and its application to hunting. Steve co-authored a paper on TTP-Based Hunting, developed and delivered educational materials about that methodology, and leads purple teaming events to explore ATT&CK techniques and develop robust analytic approaches to detect them. Steve earned a B.S. and Masters of Engineering in Electrical Engineering from Cornell University with a focus on digital signal processing. Prior to joining MITRE in 2005, he served as an officer in the United States Air Force. To consider before attempting to earn the badge: • Have a solid understanding of the ATT&CK Framework • Understand security concepts or have prior CTI field experience • Complete the ATT&CK Cyber Threat Intelligence course

ATT&CK® Adversary Emulation Fundamentals certifies a practitioner’s understanding of foundational adversary emulation concepts and ability to execute an adversary emulation plan based on ATT&CK. Meet the training and mastery assessment authors Michael Long II Capability Area Lead, Adversary Emulation at MITRE Michael Long is a Principal Adversary Emulation Engineer at the MITRE Corporation and a former U.S. Army Cyber Operations Specialist. Michael has over 10 years' experience in offensive and defensive cyber operations. Michael leads adversary emulation projects with MITRE to improve the cybersecurity of our nation’s most sensitive and critical networks. Michael has contributed to open-source projects including Metasploit and CALDERA. He is also the maintainer of the Offensive GoLang project. Michael has presented at events including Wild West Hackin’ Fest, DEFCON Adversary Village, and ATT&CKcon. Govardhen Arunagiri Offensive Security Engineer at MITRE Govardhen Arunagiri is an Offensive Security Engineer at the MITRE Corporation and former penetration tester at Praetorian. Govardhen applies his background in offensive cyber security assessments and his experience in adversary emulation to improve the security of sensitive environments both within and external to MITRE. Govardhen earned his B.S. in Computer Engineering from the University of Maryland, College Park, and is currently pursuing his M.S. in Information Security Engineering at the SANS Technology Institute. To consider before earning the badge Pre-requisites: - Practitioners should have a solid understanding of the ATT&CK Framework - Competent with basic Windows and Linux command line tools Not required but recommended: - Familiarity with common red team tools and techniques (example: Metasploit) - An understanding of cyber threat intelligence practices through the ATT&CK Cyber Threat intelligence course

Earning the ATT&CK® Threat Hunting Fundamentals badge verifies that you understand how ATT&CK can be used as a malicious activity model to conduct the six steps of the TTP-based threat hunt methodology. You will understand how to contrast key elements of TTP-based hunting with complimentary approaches, as well as fundamental considerations for characterizing malicious activity or behavior and how to use that information to execute a TTP-based hunt. Knowledge of this process continually shapes information needs and data requirements to inform and develop continual hunt efforts focused on advanced cyber adversary behaviors.

This badge verifies the holder knows how to effectively prepare for, execute, and leverage purple teaming.