Advanced Persistent Threat (APT) is a class of network attacks when attackers utilize malware or stealthy tools to hide their actions in a network and systems over a prolonged period so that they can eventually achieve strategic goals such as causing substantial damage to the victim organization by data exfiltration. Although APT has long been a research subject, it continues to be a serious threat for many organizations. For cybersecurity education, APT is a good example for students to relate to the risk of organizational networks, the vulnerabilities of the systems and the skills needed to analyze and secure the networks. Recent research and development in APT detection are good educational resources. MITRE has released the ATT&CK knowledge base of adversary tactics and techniques based on real-world observations. Lockheed Martin’s Cyber Kill Chain identifies what adversaries must complete to achieve their goals. Both are good reference models to understand the techniques being used and how APT progresses. However, few education materials have been developed to teach cybersecurity students in understanding such serious threats and how to best protect their network to reduce the risk. The goal of this presentation is to bridge the gap by exploring educational materials that are suitable for a college level cybersecurity course by integrating state-of-the-art research results as well as industry practice. During this presentation, we will first explain the nature of APT, their characteristics, a comparison between APT and traditional attacks, and the different stages of APT planning. We will then discuss the knowledge and skills needed to conduct analyses on both a system and a network and map these skills to topics in network security courses. In addition, we will identify educational platforms and resources for this topic. Finally, we will discuss how such a knowledge domain fits into a cybersecurity curriculum.