Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.


MITRE ATT&CK Defender™ (MAD) ATT&CK® Cyber Threat Intelligence Certification Training

via Cybrary


The ATT&CK® team will help you learn how to leverage ATT&CK® to improve your cyber threat intelligence (CTI) practices.

Target Audience

ATT&CK® for Cyber Threat Intelligence is an intermediate course that focuses on identifying, developing, analyzing, and applying ATT&CK®-mapped intelligence. Participants should have a solid understanding of the ATT&CK® framework. If you’re unfamiliar with ATT&CK®, we suggest that you take MITRE ATT&CK Defender™ (MAD) ATT&CK® Fundamentals prior to this course.


  • An understanding of the ATT&CK® framework through the MITRE ATT&CK Defender™ (MAD) – ATT&CK® Fundamentals course
  • An understanding of security concepts, previous training, or prior CTI field experience

MITRE ATT&CK Cyber Threat Intelligence Certification Course Goals

By the end of this MITRE ATT&CK Cyber Threat Intelligence Certification course, students should be able to:

  • Map to ATT&CK® from both narrative reporting and raw data
  • Effectively store and display ATT&CK®-mapped data
  • Leverage ATT&CK® Navigator for analysis
  • Perform CTI analysis using ATT&CK®-mapped data
  • Provide actionable defensive recommendations based on ATT&CK®-mapped data

Note: Per our partnership agreement with MITRE Engenuity, MITRE will have access to learner usage data.


  • Mapping to ATT&CK® from Narrative Reports
    • Introduction: Challenges, Advantages and the Process of Mapping to ATT&CK®
    • Finding and Researching the Behavior
    • Translating the Behavior into a Tactic
    • Identifying Techniques or Sub-Techniques
    • Mapping to a Narrative Point
    • Hedging Your Biases
  • Mapping to ATT&CK® from Raw Data
    • The Process of Mapping from Raw Data
    • Identify and Research Behaviors
    • Translate Behaviors to Tactics, Techniques and Sub-Techniques
    • Raw Data to Narrative Reporting
  • Storing and Analyzing ATT&CK®-Mapped Data
    • Storing and Displaying ATT&CK®-Mapped Data
    • Expressing and Storing ATT&CK®-Mapped Data
    • Analyzing ATT&CK®-Mapped Data
    • Exercise 3: Comparing Layers in ATT&CK® Navigator
  • Making Defensive Recommendations from ATT&CK®-Mapped Data
    • The Defensive Recommendations Process
    • How Techniques and Sub-Techniques are Being Used
    • Researching Organizational Capabilities and Constraints and Determine Trade-Offs
    • Make Defensive Recommendations

Taught by

Adam Pennington, Amy L. Robertson and Jackie Lasky


Start your review of MITRE ATT&CK Defender™ (MAD) ATT&CK® Cyber Threat Intelligence Certification Training

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.