Learning the Trade

In this chapter, the author aims to share a few tools, a few tricks for accelerating the security architecture learning process. Total team learning accelerates through the dynamics of shared sense of purpose and community. Communities also offer significant opportunities to increase skill and to integrate new skills through sharing with others. This aspect of “learning the trade” shouldn’t be overlooked when creating an environment that fosters learning and creativity. A bit of study of both ATT&CK and Common Attack Pattern Enumeration and Classification (CAPEC), might shorten the learning curve about attacks without which security architecture cannot be practiced. Combining the two organizing principles—ATT&CK highlighting that which attackers need to accomplish and CAPEC the techniques to achieve these goals—seems to help author class participants to widen their understanding of attacks. ATT&CK may offer a leg up for beginners, as well as filling in attack categories and exploit types for those who are more experienced.