Learn how to prioritize patching using evidence of real-world exploitation instead of severity scores alone. This module teaches a defender workflow for ranking remediation work by exposure, exploit activity, and asset criticality.
student@hack3rs:~/learning/frameworks$ ls -R
Frameworks and Feeds (Defender Program Track)
This track teaches how to think like an operator when choosing what to patch first, which controls matter most, how to organize a security program, how to map detections to attacker behavior, and how to learn tools correctly from documentation.
These topics are integrated into the learning program because tools alone are not enough. Strong defenders need decision frameworks, prioritization discipline, and a repeatable way to translate evidence into action.
where-this-fits-in-your-program
- $Use after foundational networking and logging modules so the frameworks connect to real evidence.
- $Use alongside tools training to avoid “tool-first, strategy-later” mistakes.
- $Use before building advanced detections, dashboards, and response KPIs.
- $Revisit after incidents to improve governance, prioritization, and coverage decisions.
what-you-will-learn
- $How to prioritize remediation using exploit evidence (KEV-style).
- $How to define realistic baseline controls for small/medium teams.
- $How to use NIST CSF as a working model for operations, not just governance slides.
- $How to use ATT&CK to map detections, telemetry dependencies, and coverage gaps.
- $How to use vendor/community docs to build durable skills and safe workflows.
frameworks-and-feeds.curriculum
Follow the modules in order. They are sequenced to move from operational prioritization and baseline controls into governance structure, threat-informed mapping, and long-term self-learning discipline.
Learn how to build a practical baseline security program when you do not have a large SOC or unlimited budget. This module focuses on high-value controls, sequencing, and operational discipline.
Learn how to use NIST CSF as an operational organizing framework instead of a compliance poster. This module connects CSF functions to real defender work, ownership, and measurable improvements.
Learn how to use ATT&CK as a defender mapping framework to connect observed behavior, detections, and coverage gaps. This module teaches practical technique mapping without turning ATT&CK into checkbox theater.
Learn how to study vendor and community documentation like an operator so you can build reliable workflows, not just memorize commands. This module teaches a repeatable method for turning docs into skill.