Language: English
10-11, 14:00–14:50 (America/New_York), Track 1 (206b)
Testing in a vacum is handy for discovering things that need fixing, and it's a lot of help for the vulnerability managers and security teams out there. Training your defenders is also pretty great, for obvious reasons. What if you could combine both into a single activity? What if that activity ALSO could help frame some of the crazy risks that the people you work for are facing right now? In this talk we'll cover the basics of what a purple team activity looks like, why you'd want to run one, and how to make sure it supports other testing and improvement efforts within your company.
-
Intro (who, why, etc) (3 minutes)
-
Terminology and a bit of a level setting exerise: Purple, Red, blue, various mutations, what they mean (5 minutes)
-
Structure and strategy (11 minutes)
- What the exercise should look like - How to pick your targets - Who to include, and when - Bringing in leadership, and why it might be good
-
One week of absolute weirdness (11 minutes)
- The actual exercise - Almost breaking stuff: Rules of engagement - Actually breaking stuff: backup plans and monitoring - Defender games: this isn't a test, it's an adventure
-
Desired outcomes: Training, testing, and risk awareness (10 min)
- Detection logic and human elements: follow ups, containment tactics, etc - Reporting, and who should see what - Testing playbooks using mid-session goals - Involving crisis response teams (not just DFIR and cybersecurity)
I have 20+ years of experience in a few different security fields as a manager, a senior analyst, Incident Response lead and senior consultant. I've also worked on the IT side of the house, and doing 'physical' security work, as a venue and personal security manager and planner.
My other career interests include city planning and development (CPTED and networked cities), photojournalism, audiovisual work and media production- I've been included in teams working in all of these fields over the c