CACTUSCON: The Full Purple Juice, Not the Watered Down Stuff
When: February 6, 2021 3:00pm-4:00pm ET
- Bryson Bort, R Street Institute
- Jorge Orchilles , Chief Technology Officer of SCYTHE and co-creator of the C2 Matrix project
This talk is a real use case of a 6 week Purple Team Exercise performed for a client that allowed us to share their story. Everyone has heard of Purple Team by now, but how many have been able to quantify the value? In this talk, we cover the time we were asked to perform all the roles of a Purple Team: Cyber Threat Intelligence, Red Team, Blue Team, and Exercise Coordination. We were asked to emulate various adversaries, with an increasing order of sophistication, while implementing defenses for the adversary TTPs. We were also asked to not spend a single dollar on new technology. Instead, we had to tune the current security controls.
This talk will cover those 6 weeks. Our baseline showed 94% of adversary behaviors/TTPs were not detected. At the end of the engagement, 64% of TTPs were detected. How did we accomplish this? Come to our talk and we will share the details.
Jorge Orchilles is the Chief Technology Officer of SCYTHE and co-creator of the C2 Matrix project. He is a SANS Certified Instructor and the author of Security 564: Red Team Exercises and Adversary Emulation. He was a founding member of MITRE Engenuity Center of Threat-Informed Defense. He is a Fellow at the Information Systems Security Association (ISSA) and National Security Institute. Prior, Jorge led the offensive security team at Citi for over 10 years.
He also co-authored Common Vulnerability Scoring System (CVSS) and A Framework for the Regulatory Use of Penetration Testing in the Financial Services Industry, and author of Microsoft Windows 7 Administrator’s Reference. Jorge holds post-graduate degrees from Stanford and Florida International University in Advanced Computer Security & Master of Science. Jorge speaks English, Spanish, and Portuguese, in decreasing levels of fluency. When he’s not hacking, teaching, or writing, you’ll find him watching and playing soccer.
Bryson Bort is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a Senior Fellow for Cybersecurity and National Security at R Street and the National Security Institute and an Advisor to the Army Cyber Institute and DHS/CISA. Prior, Bryson led an elite offensive capabilities development group. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. Bryson received his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point. He holds a Master’s Degree in Telecommunications Management from the University of Maryland, a Master’s in Business Administration from the University of Florida, and completed graduate studies in Electrical Engineering and Computer Science at the University of Texas.
Recent Work from the Federal Affairs Team