ATT&CK® Security Operations Center Assessment Certification Path

MITRE ATT&CK® subject matter experts continuously develop the training and mastery assessment built for the ATT&CK® Fundamentals Badge. Their focus is to validate a defender's ability to understand the ATT&CK framework (the data along with the philosophy that has shaped ATT&CK) as well as recognize how ATT&CK can be applied to operational challenges/opportunities. The ATT&CK® Fundamentals Badge validates that a defender: • Understands what knowledge is and isn't captured within ATT&CK • Understands how and why ATT&CK evolves • Can manipulate and extend ATT&CK to meet tailored needs Meet the training and mastery assessment author: Jamie Williams Lead Cyber Adversarial Engineer at MITRE Jamie Williams is a Cyber Adversarial Engineer for the MITRE Corporation. He works on various exciting efforts involving security operations and research, specializing in adversary emulation and behavior-based detections. He also leads teams that help shape and deliver the "adversary-touch" within ATT&CK® and ATT&CK Evaluations. Before joining MITRE, Jamie received his M.S. in Information Systems Engineering from Johns Hopkins University and his B.S. in Information Systems from the University of Maryland, Baltimore County (UMBC). Steve Luke Director of Content MITRE ATT&CK Defender ™ Steve Luke is the Director of Content for MITRE ATT&CK Defender™. He’s dedicated to empowering organizations with more effective ways to robustly detect and respond to cyber-attacks. Since 2007, Steve has focused on delivering innovative solutions to cyber missions, with a special focus on ATT&CK® and its application to hunting. Steve co-authored a paper on TTP-Based Hunting, developed and delivered educational materials about that methodology, and leads purple teaming events to explore ATT&CK techniques and develop robust analytic approaches to detect them. Steve earned a B.S. and Masters of Engineering in Electrical Engineering from Cornell University with a focus on digital signal processing. Prior to joining MITRE in 2005, he served as an officer in the United States Air Force.

The ATT&CK SOC Assessment Fundamentals Badge features an assessment where students show their mastery of the foundational elements of ATT&CK-based SOC assessments. The focus is to validate: • Proficiency in understanding the types and tradeoffs of different assessment methodologies, including the general methodology of a hands-off ATT&CK-based SOC assessment • Mastery in determining whether or not an ATT&CK-based SOC assessment is appropriate for a given SOC • Ability to properly scope and communicate the value of an assessment for a given SOC Meet the training and mastery assessment authors: Dr. Andy Applebaum Principal Cyber Security Engineer at MITRE Andy Applebaum is a principal cybersecurity engineer at MITRE. He works on applied and theoretical security research problems, primarily in the realms of cyber defense, security automation, and automated adversary emulation. As a well-established researcher, he's published numerous papers and spoken at multiple academic and industry conferences, including Black Hat Europe, SANS Security Operations Summit, BSides NOVA, and the FIRST Conference. Before working at MITRE, Andy received his Ph.D. in Computer Science from the University of California Davis. Dr. Clem Skorupka Principal Cybersecurity Engineer at MITRE Dr. Clem Skorupka is a Principal Cybersecurity Engineer at MITRE. His work has spanned both operations and research, focusing on improving the effectiveness of threat information in organizations. Throughout his career, he's developed new techniques and technologies that enhance cybersecurity data collection, sharing, and application for the DoD, the IC, and, more recently, for civilian government sponsors. Dr. Skorupka is a co-author of NIST's Special Publication 800-150 "Guide to Cyber Threat Information Sharing". Dr. Skorupka holds B.S., M.S., and Ph.D. in Physics and is the recipient of an Office of Naval Technology Postdoctoral Fellowship. " Steve Luke Director of Content at MITRE ATT&CK Defender ™ Steve Luke is the Director of Content for MITRE ATT&CK Defender™. He’s dedicated to empowering organizations with more effective ways to robustly detect and respond to cyber-attacks. Since 2007, Steve has focused on delivering innovative solutions to cyber missions, with a special focus on ATT&CK® and its application to hunting. Steve co-authored a paper on TTP-Based Hunting, developed and delivered educational materials about that methodology, and leads purple teaming events to explore ATT&CK techniques and develop robust analytic approaches to detect them. Steve earned a B.S. and Masters of Engineering in Electrical Engineering from Cornell University with a focus on digital signal processing. Prior to joining MITRE in 2005, he served as an officer in the United States Air Force. To consider before attempting to earn the badge: • Have a solid understanding of the ATT&CK Framework • Understand information security technology and security operations • Complete the ATT&CK SOC Assessment training course

ATT&CK SOC Assessment Analysis assessment tests students’ abilities to map common SOC components back to the ATT&CK framework; those who’ve passed the exam have shown themselves to be proficient in understanding SOC components as they relate to the framework. The focus is to validate: • Ability to set and customize a coverage scheme for an assessment • Mastery in evaluating different data sources, tools, and analytics that might be found in a SOC and assess how well each one covers the techniques in ATT&CK • Proficiency in going from component to component within a SOC and running it against the ATT&CK framework Meet the training and mastery assessment authors: Dr. Andy Applebaum Principal Cyber Security Engineer at MITRE Andy Applebaum is a principal cybersecurity engineer at MITRE. He works on applied and theoretical security research problems, primarily in the realms of cyber defense, security automation, and automated adversary emulation. As a well-established researcher, he's published numerous papers and spoken at multiple academic and industry conferences, including Black Hat Europe, SANS Security Operations Summit, BSides NOVA, and the FIRST Conference. Before working at MITRE, Andy received his Ph.D. in Computer Science from the University of California Davis. Dr. Clem Skorupka Principal Cybersecurity Engineer at MITRE Dr. Clem Skorupka is a Principal Cybersecurity Engineer at MITRE. His work has spanned both operations and research, focusing on improving the effectiveness of threat information in organizations. Throughout his career, he's developed new techniques and technologies that enhance cybersecurity data collection, sharing, and application for the DoD, the IC, and, more recently, for civilian government sponsors. Dr. Skorupka is a co-author of NIST's Special Publication 800-150 "Guide to Cyber Threat Information Sharing". Dr. Skorupka holds B.S., M.S., and Ph.D. in Physics and is the recipient of an Office of Naval Technology Postdoctoral Fellowship. " Steve Luke Director of Content at MITRE ATT&CK Defender ™ Steve Luke is the Director of Content for MITRE ATT&CK Defender™. He’s dedicated to empowering organizations with more effective ways to robustly detect and respond to cyber-attacks. Since 2007, Steve has focused on delivering innovative solutions to cyber missions, with a special focus on ATT&CK® and its application to hunting. Steve co-authored a paper on TTP-Based Hunting, developed and delivered educational materials about that methodology, and leads purple teaming events to explore ATT&CK techniques and develop robust analytic approaches to detect them. Steve earned a B.S. and Masters of Engineering in Electrical Engineering from Cornell University with a focus on digital signal processing. Prior to joining MITRE in 2005, he served as an officer in the United States Air Force. To consider before attempting to earn the badge: • Have a solid understanding of the ATT&CK Framework • Understand information security technology and security operations • Complete the ATT&CK SOC Assessment training course

Practitioners holding the ATT&CK SOC Assessment Synthesis Badge have shown themselves to be able to put together the pieces to form a full ATT&CK-based SOC assessment. These defenders have been tested and validated to show that they understand the big picture of assessments and how assessments should be composed and delivered. The assessment validates: • Ability to fuse together a holistic view of security operation coverage of ATT&CK • Proficiency in using current coverage and other SOC information to make prioritized recommendations • Ability to aggregate heatmaps from different sources to paint a complete picture of SOC coverage • Ability to choose a heatmap scoring scheme best geared towards a specific audience • Mastery in interviewing SOC personnel and understanding how that impacts coverage and recommendations Meet the training and mastery assessment authors: Dr. Andy Applebaum Principal Cyber Security Engineer at MITRE Andy Applebaum is a principal cybersecurity engineer at MITRE. He works on applied and theoretical security research problems, primarily in the realms of cyber defense, security automation, and automated adversary emulation. As a well-established researcher, he's published numerous papers and spoken at multiple academic and industry conferences, including Black Hat Europe, SANS Security Operations Summit, BSides NOVA, and the FIRST Conference. Before working at MITRE, Andy received his Ph.D. in Computer Science from the University of California Davis. Dr. Clem Skorupka Principal Cybersecurity Engineer at MITRE Dr. Clem Skorupka is a Principal Cybersecurity Engineer at MITRE. His work has spanned both operations and research, focusing on improving the effectiveness of threat information in organizations. Throughout his career, he's developed new techniques and technologies that enhance cybersecurity data collection, sharing, and application for the DoD, the IC, and, more recently, for civilian government sponsors. Dr. Skorupka is a co-author of NIST's Special Publication 800-150 "Guide to Cyber Threat Information Sharing". Dr. Skorupka holds B.S., M.S., and Ph.D. in Physics and is the recipient of an Office of Naval Technology Postdoctoral Fellowship. " Steve Luke Director of Content at MITRE ATT&CK Defender ™ Steve Luke is the Director of Content for MITRE ATT&CK Defender™. He’s dedicated to empowering organizations with more effective ways to robustly detect and respond to cyber-attacks. Since 2007, Steve has focused on delivering innovative solutions to cyber missions, with a special focus on ATT&CK® and its application to hunting. Steve co-authored a paper on TTP-Based Hunting, developed and delivered educational materials about that methodology, and leads purple teaming events to explore ATT&CK techniques and develop robust analytic approaches to detect them. Steve earned a B.S. and Masters of Engineering in Electrical Engineering from Cornell University with a focus on digital signal processing. Prior to joining MITRE in 2005, he served as an officer in the United States Air Force. To consider before attempting to earn the badge: • Have a solid understanding of the ATT&CK Framework • Understand information security technology and security operations • Complete the ATT&CK SOC Assessment training course

The ATT&CK® Security Operations Center (SOC) Assessment Certification validates a defender's ability to conduct Security Operations Center (SOC) assessments that are rapid, have low overhead, and are broad enough to help the SOC get on their feet with ATT&CK. The certification affirms mastery at analyzing SOC technologies, like tools and data sources, savviness at interviewing and discussing ATT&CK with SOC personnel, and proficiency at recommending improvements based on the assessment's results. Certified ATT&CK defenders have earned four distinct badges to achieve the ATT&CK® for SOC Assessment Certification. • ATT&CK® Fundamentals Badge • ATT&CK® Security Operations Center Assessment Fundamentals Badge • ATT&CK® Security Operations Center Assessment Analysis Badge • ATT&CK® Security Operations Center Assessment Synthesis Badge Meet the training and mastery assessment authors: Dr. Andy Applebaum Principal Cyber Security Engineer at MITRE Andy Applebaum is a principal cybersecurity engineer at MITRE. He works on applied and theoretical security research problems, primarily in the realms of cyber defense, security automation, and automated adversary emulation. As a well-established researcher, he's published numerous papers and spoken at multiple academic and industry conferences, including Black Hat Europe, SANS Security Operations Summit, BSides NOVA, and the FIRST Conference. Before working at MITRE, Andy received his Ph.D. in Computer Science from the University of California Davis. Dr. Clem Skorupka Principal Cybersecurity Engineer at MITRE Dr. Clem Skorupka is a Principal Cybersecurity Engineer at MITRE. His work has spanned both operations and research, focusing on improving the effectiveness of threat information in organizations. Throughout his career, he's developed new techniques and technologies that enhance cybersecurity data collection, sharing, and application for the DoD, the IC, and, more recently, for civilian government sponsors. Dr. Skorupka is a co-author of NIST's Special Publication 800-150 "Guide to Cyber Threat Information Sharing". Dr. Skorupka holds B.S., M.S., and Ph.D. in Physics and is the recipient of an Office of Naval Technology Postdoctoral Fellowship. " Steve Luke Director of Content at MITRE ATT&CK Defender ™ Steve Luke is the Director of Content for MITRE ATT&CK Defender™. He’s dedicated to empowering organizations with more effective ways to robustly detect and respond to cyber-attacks. Since 2007, Steve has focused on delivering innovative solutions to cyber missions, with a special focus on ATT&CK® and its application to hunting. Steve co-authored a paper on TTP-Based Hunting, developed and delivered educational materials about that methodology, and leads purple teaming events to explore ATT&CK techniques and develop robust analytic approaches to detect them. Steve earned a B.S. and Masters of Engineering in Electrical Engineering from Cornell University with a focus on digital signal processing. Prior to joining MITRE in 2005, he served as an officer in the United States Air Force. Jamie Williams Lead Cyber Adversarial Engineer at MITRE Jamie Williams is a Cyber Adversarial Engineer for the MITRE Corporation. He works on various exciting efforts involving security operations and research, specializing in adversary emulation and behavior-based detections. He also leads teams that help shape and deliver the "adversary-touch" within ATT&CK® and ATT&CK Evaluations. Before joining MITRE, Jamie received his M.S. in Information Systems Engineering from Johns Hopkins University and his B.S. in Information Systems from the University of Maryland, Baltimore County (UMBC). To consider before attempting to earn the badge: • Have a solid understanding of the ATT&CK Framework • Understand information security technology and security operations • Complete the ATT&CK SOC Assessment training course