Beyond the kill chain: the model dates from 2011 and is built around perimeter intrusion and malware. It maps a phishing-and-malware attack well, but fits awkwardly around credential-only attacks with no malware, insider threats, cloud-native compromises, and supply-chain attacks. Treat it as a teaching scaffold and a way to structure defenses by stage — then reach for MITRE ATT&CK (a matrix of real adversary tactics and techniques, not a linear chain) when you need to map actual behavior, and the Unified Kill Chain when an attack does not fit seven tidy steps.