10-17, 18:00–18:50 (America/New_York), Track 2 (206a)
Language: English
Is your security testing keeping pace with modern adversaries? It's time to break down the silos between your red and blue teams and build a unified, capability-driven defense. This session provides key insights for enhancing your security posture through purple teaming from lessons learned during years of consulting experience. We'll share critical lessons from the field on how to evolve your exercises from simple assessments to powerful capability-building workshops. Learn from concrete examples on how to effectively improve purple team exercises, increase collaboration, perform gap analysis, and level up your entire security posture.
Adversaries are growing more sophisticated by the day, demanding a fundamental change in how organizations defend. Purple teaming is one way to help improve detection and response capabilities and team collaboration. This session shares critical insights and lessons learned from purple teaming engagements firsthand, illustrating a practical approach for purple teaming and addressing common challenges encountered in practice.
We’ll demonstrate how to develop relevant Tactics, Techniques, and Procedures (TTPs) tailored to your organization. We will also discuss the evolution from broad assessments to targeted exercises focused on capability development. Learn actionable guidance for better preparing and executing your purple teams based on experience from numerous, unique purple teams performed across industry sectors. For experienced teams, discover how to improve your purple teams, advance TTPs, and perform gap analysis. We’ll also discuss ways to integrate publicly available tools throughout the purple team lifecycle, enabling organizations of all sizes.
This presentation offers valuable takeaways for every role: Red teamers will gain insights for more effective emulations, while blue teamers will learn practical tips and integration techniques. Finally, management will understand the strategic value and ROI of a mature purple team program.
Will Summerhill is a Senior Consultant with Mandiant Canada (part of Google Cloud) on the Red Team. Will frequently performs red teams, purple teams, and penetration testing assessments and is a practice lead at Mandiant for purple teaming. Will has been in offensive security consulting for over 8 years and has 10 years of information security experience combined. He's taught a penetration testing course at the college level and teaches an internal red teaming course to clients.