# What is POAP ?

The **Pyramid of Adversary Profiling** is a **modern cybersecurity framework** designed to provide a **comprehensive, behavioral-driven approach** to understanding and countering cyber threats. Unlike traditional models like the **Pyramid of Pain**, which focuses on **Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs)**—which attackers can easily modify—the **Pyramid of Adversary Profiling** goes deeper by analyzing **who the attacker is, why they act, and how they execute their attacks**.

#### **Structure of the Pyramid**

The pyramid consists of **five hierarchical layers**, each representing a crucial aspect of adversary profiling:

1️⃣ **Who (Adversary Identity)** – Identifies the **threat actor or group** behind an attack.\
2️⃣ **Why (Motivation & Intent)** – Determines the **adversary’s goal**, whether financial gain, espionage, disruption, or activism.\
3️⃣ **What (Targeted Assets)** – Pinpoints the **systems, data, or organizations** that the attacker is focusing on.\
4️⃣ **How (Execution Methods)** – Analyzes the **attack techniques, tools, and methodologies** used.\
5️⃣ **When (Attack Timing)** – Examines the **timing, patterns, and operational cycles** of attacks to predict future threats.

#### **Why It’s Better than the Pyramid of Pain**

✅ **Focuses on Adversary Behavior** – Instead of just blocking **IOCs (IPs, domains, hashes)** that change frequently, it **profiles the attacker’s identity and intent**, which are harder to modify.\
✅ **Predicts Future Threats** – Traditional cybersecurity models are **reactive**, while this approach **anticipates adversary behavior** and adapts defense strategies.\
✅ **Works Against AI-Powered & Adaptive Threats** – Cybercriminals can quickly alter **malware signatures and attack vectors**, but their **underlying motives and operational methods** remain consistent.\
✅ **Effective Against Insider Threats & Ransomware** – Goes beyond external threats by assessing **insider risks, supply chain vulnerabilities, and long-term adversary goals**.