Cybrary, and MITRE Engenuity announced a partnership to offer MITRE ATT&CK Defender (MAD), a new online training and certification solution designed to enable defenders to gain the advantage over cyber adversaries. MAD is anchored by knowledge from the source, the authors of MITRE ATT&CK, and training is freely available to the community through Cybrary's cybersecurity training and MITRE Engenuity's continuing service to the public good.

The skills gap among cybersecurity professionals means organizations are unable to keep pace with threats. To better prepare them against agile and evasive adversaries, MAD focuses on teaching and certifying cybersecurity practitioners in the real-world application of ATT&CK for threat-informed defense. According to MITRE, MAD is unique in that the credentials carry no set expiration date, instead requiring recertification as the threat environment changes. Practitioners will have to recertify within 90 days of an update to the curriculum to ensure MAD certified defenders continuously stay ahead of adversaries as the threat landscape evolves over time.

"We're thrilled to work with MITRE Engenuity to add more technical content and timely resources for our entire community," said Cybrary co-founder and CEO Ryan Corey. "As cyber threats become both more frequent and sophisticated, this new MAD program is a great way for industry professionals to enhance their skills to address the latest attack techniques and strategies."

"Over the years, we've seen the security community embrace our MITRE ATT&CK framework, but many practitioners have struggled to confidently and practically apply it in their work to gain an advantage. With the launch of MAD, practitioners will have access to learn and master the application of the ATT&CK knowledgebase to get ahead of adversaries," said Steve Luke, director of content, MITRE ATT&CK Defender. "In collaboration with Cybrary, we're confident in our ability to strengthen the community and make a positive impact to shrink the skills gap."

MITRE Engenuity commissioned Cybersecurity Insiders for a recent survey "The State of MITRE ATT&CK Threat Defense in 2021." The survey of 290 IT security professionals found that:

  • Although 82 percent of respondents said they know about the MITRE ATT&CK framework, only 8 percent reported that they are using the ATT&CK framework regularly;
  • 84 percent noted they have not mapped their data and analytics to ATT&CK techniques;
  • 83 percent of respondents said they feel confident that they could utilize ATT&CK, but 62 percent rarely or never use it;
  • 80 percent of survey participants have shown interest in ATT&CK training while only 10 percent accessed formal training;
  • 86 percent said they would like to learn more about how to apply ATT&CK; and
  • 70 percent of hiring managers seek out employees who have the skill to apply ATT&CK, and 73 percent of respondents found it valuable to have credentials validating mastery in applying ATT&CK.

Yair Manor, Co-Founder and CTO at CardinalOps, says, "We applaud MITRE and Cybrary for recognizing that even an industry-leading framework, such as ATT&CK, will never reach its full potential without collateral such as certification programs to support it. With that said, knowledge, training, and certifications for ATT&CK are necessary but they are not sufficient. We expect the next hurdle for adoption to be the lack of tooling and automation for the (manual and mundane) security engineering processes, which are required to achieve comprehensive threat coverage optimization."

In keeping with its efforts to make cyberspace safer for all, MITRE Engenuity is making courses freely available in the Cybrary catalog. The initial catalog will include three courses and will expand during the year:

  • ATT&CK Fundamentals – how ATT&CK and a threat-informed mindset can help focus our efforts toward understanding and improving how our defenses actually fare against real-world adversaries
  • ATT&CK SOC Assessments – how to leverage ATT&CK to conduct Security Operations Center (SOC) assessments
  • ATT&CK Cyber Threat Intelligence – how to apply ATT&CK to improve threat intelligence practices.

Stefano De Blasi, Threat Researcher at Digital Shadows, notes, "Security professionals understand that the cyber threat landscape moves quickly and requires them to stay abreast of the latest threat actors' campaigns and their favorite TTPs. MITRE and Cybrary are also aware of this and their unique approach to the dynamic landscape is a testament to that. Renewing previously obtained certifications is hardly an exciting endeavor, but a much needed one. This course's renewal rate will likely depend on the cadence of curriculum updates and whether the value obtained by re-certification outweighs the importance of seeking other certifications."

Brandon Hoffman, Chief Information Security Officer at Netenrich, says, "On one hand, I think this is a good thing to help make people stay relevant and stay aware of the critical changes. As noted, these tactics can change frequently and rapidly so there is the potential to turning people off from a recertification point of view. Many people feel the same way about certifications as they do university degrees to a point. The notion of spending time to get certified and having to rectify several times a year can seem too onerous. Additionally, many people need designated time and possibly money from their management to work on certifications. If they need to factor that in to this equation, recertification could present a real challenge."

Individuals and teams can now subscribe to the MITRE ATT&CK Defender training and certification product to learn ATT&CK, earn badges and certifications, and keep up to date as the threat landscape changes. For more information, visit