ATT&CK® Adversary Emulation Methodology Certification Path

MITRE ATT&CK® subject matter experts continuously develop the training and mastery assessment built for the ATT&CK® Fundamentals Badge. Their focus is to validate a defender's ability to understand the ATT&CK framework (the data along with the philosophy that has shaped ATT&CK) as well as recognize how ATT&CK can be applied to operational challenges/opportunities. The ATT&CK® Fundamentals Badge validates that a defender: • Understands what knowledge is and isn't captured within ATT&CK • Understands how and why ATT&CK evolves • Can manipulate and extend ATT&CK to meet tailored needs Meet the training and mastery assessment author: Jamie Williams Lead Cyber Adversarial Engineer at MITRE Jamie Williams is a Cyber Adversarial Engineer for the MITRE Corporation. He works on various exciting efforts involving security operations and research, specializing in adversary emulation and behavior-based detections. He also leads teams that help shape and deliver the "adversary-touch" within ATT&CK® and ATT&CK Evaluations. Before joining MITRE, Jamie received his M.S. in Information Systems Engineering from Johns Hopkins University and his B.S. in Information Systems from the University of Maryland, Baltimore County (UMBC). Steve Luke Director of Content MITRE ATT&CK Defender ™ Steve Luke is the Director of Content for MITRE ATT&CK Defender™. He’s dedicated to empowering organizations with more effective ways to robustly detect and respond to cyber-attacks. Since 2007, Steve has focused on delivering innovative solutions to cyber missions, with a special focus on ATT&CK® and its application to hunting. Steve co-authored a paper on TTP-Based Hunting, developed and delivered educational materials about that methodology, and leads purple teaming events to explore ATT&CK techniques and develop robust analytic approaches to detect them. Steve earned a B.S. and Masters of Engineering in Electrical Engineering from Cornell University with a focus on digital signal processing. Prior to joining MITRE in 2005, he served as an officer in the United States Air Force.

ATT&CK® Adversary Emulation Fundamentals certifies a practitioner’s understanding of foundational adversary emulation concepts and ability to execute an adversary emulation plan based on ATT&CK. Meet the training and mastery assessment authors Michael Long II Capability Area Lead, Adversary Emulation at MITRE Michael Long is a Principal Adversary Emulation Engineer at the MITRE Corporation and a former U.S. Army Cyber Operations Specialist. Michael has over 10 years' experience in offensive and defensive cyber operations. Michael leads adversary emulation projects with MITRE to improve the cybersecurity of our nation’s most sensitive and critical networks. Michael has contributed to open-source projects including Metasploit and CALDERA. He is also the maintainer of the Offensive GoLang project. Michael has presented at events including Wild West Hackin’ Fest, DEFCON Adversary Village, and ATT&CKcon. Govardhen Arunagiri Offensive Security Engineer at MITRE Govardhen Arunagiri is an Offensive Security Engineer at the MITRE Corporation and former penetration tester at Praetorian. Govardhen applies his background in offensive cyber security assessments and his experience in adversary emulation to improve the security of sensitive environments both within and external to MITRE. Govardhen earned his B.S. in Computer Engineering from the University of Maryland, College Park, and is currently pursuing his M.S. in Information Security Engineering at the SANS Technology Institute. To consider before earning the badge Pre-requisites: - Practitioners should have a solid understanding of the ATT&CK Framework - Competent with basic Windows and Linux command line tools Not required but recommended: - Familiarity with common red team tools and techniques (example: Metasploit) - An understanding of cyber threat intelligence practices through the ATT&CK Cyber Threat intelligence course

The ATT&CK® Adversary Emulation TTP Research Badge certifies your ability to research adversary TTPs, select an adversary to emulate, and develop a TTP outline. This badge is for anyone interested in leveraging ATT&CK and adversary emulation as part of their cybersecurity assessment and improvement practices. Passing the assessment validates that you understand how to research adversary TTPs to support adversary emulation activities that are representative of real-world threats. Meet the training and mastery assessment authors Michael Long II Capability Area Lead, Adversary Emulation at MITRE Michael Long is a Principal Adversary Emulation Engineer at the MITRE Corporation and a former U.S. Army Cyber Operations Specialist. Michael has over 10 years' experience in offensive and defensive cyber operations. Michael leads adversary emulation projects with MITRE to improve the cybersecurity of our nation’s most sensitive and critical networks. Michael has contributed to open-source projects including Metasploit and CALDERA. He is also the maintainer of the Offensive GoLang project. Michael has presented at events including Wild West Hackin’ Fest, DEFCON Adversary Village, and ATT&CKcon. Govardhen Arunagiri Offensive Security Engineer at MITRE Govardhen Arunagiri is an Offensive Security Engineer at the MITRE Corporation and former penetration tester at Praetorian. Govardhen applies his background in offensive cyber security assessments and his experience in adversary emulation to improve the security of sensitive environments both within and external to MITRE. Govardhen earned his B.S. in Computer Engineering from the University of Maryland, College Park, and is currently pursuing his M.S. in Information Security Engineering at the SANS Technology Institute.

The ATT&CK® Adversary Emulation Planning Badge certifies your ability to plan adversary emulation engagements that are representative of real-world threats and aligned with the organization’s cybersecurity objectives. This badge is for anyone interested in leveraging ATT&CK and adversary emulation as part of their cybersecurity assessment and improvement practices. Passing the assessment validates that you understand how to plan professional adversary emulation engagements to include defining objectives, scope, and rules of engagement. Meet the training and mastery assessment authors Michael Long II Capability Area Lead, Adversary Emulation at MITRE Michael Long is a Principal Adversary Emulation Engineer at the MITRE Corporation and a former U.S. Army Cyber Operations Specialist. Michael has over 10 years' experience in offensive and defensive cyber operations. Michael leads adversary emulation projects with MITRE to improve the cybersecurity of our nation’s most sensitive and critical networks. Michael has contributed to open-source projects including Metasploit and CALDERA. He is also the maintainer of the Offensive GoLang project. Michael has presented at events including Wild West Hackin’ Fest, DEFCON Adversary Village, and ATT&CKcon. Govardhen Arunagiri Offensive Security Engineer at MITRE Govardhen Arunagiri is an Offensive Security Engineer at the MITRE Corporation and former penetration tester at Praetorian. Govardhen applies his background in offensive cyber security assessments and his experience in adversary emulation to improve the security of sensitive environments both within and external to MITRE. Govardhen earned his B.S. in Computer Engineering from the University of Maryland, College Park, and is currently pursuing his M.S. in Information Security Engineering at the SANS Technology Institute.

The ATT&CK® Adversary Emulation TTP Implementation Badge certifies your ability to implement adversary TTPs based on ATT&CK. This badge is for anyone interested in leveraging ATT&CK and adversary emulation as part of their cybersecurity assessment and improvement practices. Passing this assessment validates that you understand how to implement adversary TTPs based on real-world adversary behaviors documented in ATT&CK. ATT&CK® Adversary Emulation Fundamentals certifies a practitioner’s understanding of foundational adversary emulation concepts and ability to execute an adversary emulation plan based on ATT&CK. Meet the training and mastery assessment authors Michael Long II Capability Area Lead, Adversary Emulation at MITRE Michael Long is a Principal Adversary Emulation Engineer at the MITRE Corporation and a former U.S. Army Cyber Operations Specialist. Michael has over 10 years' experience in offensive and defensive cyber operations. Michael leads adversary emulation projects with MITRE to improve the cybersecurity of our nation’s most sensitive and critical networks. Michael has contributed to open-source projects including Metasploit and CALDERA. He is also the maintainer of the Offensive GoLang project. Michael has presented at events including Wild West Hackin’ Fest, DEFCON Adversary Village, and ATT&CKcon. Govardhen Arunagiri Offensive Security Engineer at MITRE Govardhen Arunagiri is an Offensive Security Engineer at the MITRE Corporation and former penetration tester at Praetorian. Govardhen applies his background in offensive cyber security assessments and his experience in adversary emulation to improve the security of sensitive environments both within and external to MITRE. Govardhen earned his B.S. in Computer Engineering from the University of Maryland, College Park, and is currently pursuing his M.S. in Information Security Engineering at the SANS Technology Institute.

The ATT&CK® Adversary Emulation Execution Badge certifies your ability to execute adversary TTPs based on ATT&CK in order to assess and improve cybersecurity. This badge is for anyone interested in leveraging ATT&CK and adversary emulation as part of their cybersecurity assessment and improvement practices. Passing this assessment validates that you understand how to execute adversary TTPs that are representative of real-world threats while also balancing realistic emulation against project objectives and time and safety constraints. Meet the training and mastery assessment authors Michael Long II Capability Area Lead, Adversary Emulation at MITRE Michael Long is a Principal Adversary Emulation Engineer at the MITRE Corporation and a former U.S. Army Cyber Operations Specialist. Michael has over 10 years' experience in offensive and defensive cyber operations. Michael leads adversary emulation projects with MITRE to improve the cybersecurity of our nation’s most sensitive and critical networks. Michael has contributed to open-source projects including Metasploit and CALDERA. He is also the maintainer of the Offensive GoLang project. Michael has presented at events including Wild West Hackin’ Fest, DEFCON Adversary Village, and ATT&CKcon. Govardhen Arunagiri Offensive Security Engineer at MITRE Govardhen Arunagiri is an Offensive Security Engineer at the MITRE Corporation and former penetration tester at Praetorian. Govardhen applies his background in offensive cyber security assessments and his experience in adversary emulation to improve the security of sensitive environments both within and external to MITRE. Govardhen earned his B.S. in Computer Engineering from the University of Maryland, College Park, and is currently pursuing his M.S. in Information Security Engineering at the SANS Technology Institute.

The ATT&CK® Adversary Emulation Methodology Certification validates a practitioner’s ability to conduct adversary emulation activities based on real-world threats. The certification affirms mastery at researching, implementing, and ethically executing adversary TTPs to help organizations assess and improve cybersecurity.