1. What Technique Mapping Is (and Is Not)
$ core idea: Technique mapping organizes security controls and detections against common attacker behaviors. It is useful for planning and gap analysis, but it does not guarantee detection of every implementation of a behavior.
$ defender angle: Avoid “green matrix syndrome,” where teams mark a technique as covered because one generic alert exists. Real coverage depends on data quality, tuning, scope, and analyst ability to interpret the signal.
$ prove understanding: Map detections to adversary behaviors/techniques without overclaiming coverage.