00:00:00

Show Notes

Ben Opel, Senior Director of Professional Services at Attack IQ and former Marine, joins Chris and Ron to talk about the essentials of purple teaming. Combining the essentials of the red team and the blue team, a purple team offers cybersecurity companies a unique opportunity to create a threat informed security process. Using his time in the Marines and his experience at Attack IQ, Ben walks through purple team philosophy, breach and attack simulations, and shifting from a reactive to a proactive mindset.

 

Timecoded Guide:

[00:00] Past experiences with cybersecurity in the Marine Corp

[04:28] Exposure to purple teaming in defensive cyber ops

[10:26] Implementing breach and attack simulations in defense strategy

[14:38] Threat informed defense and the aftermath of breach simulations

[23:36] Communicating and approaching risk-related decisions 

 

Sponsor Links:

Thank you to our sponsor AttackIQ for bringing this episode to life! 

AttackIQ - better insights, better decisions, and real security outcomes. That's why we partnered with them to create free cybersecurity trainings! Check it out at academy.attackiq.com

 

How did you first get exposed to purple teaming and what are some of the tenants that you hold today?

Ben’s experience in cybersecurity and his journey into purple teaming occurred during his time with the Marine Corps, performing defensive cyber ops. Originally, Ben didn’t even know the term purple team existed when he first encountered it, but his team was already approaching their work that way. Ben explains a core tenant of purple teaming is getting people in the same room and showing them the value their work brings to one another.

“We started building our teams around this multifunctional purple concept of having threat hunters, threat intelligence, red cell, support and mitigation, and forensic cell all in one. All of these capabilities in one team, where they could work synergistically.” 

 

What are the shortcomings and advantages of the purple team philosophy?

Like any philosophy, Ben explains that the hardest part of incorporating a purple team mindset is including it in everything your team does. To aid in this shortcoming, Ben keeps one question in mind: “What can someone do for me, and what can I do for them?” When involved in a purple team, everyone is putting their heads together. Ben explains there’s much less confusion between offensive and defensive professionals in that purple collaborative setting.

“Pure red team ops can be super fun, but you leave every job not sure they're going to actually make something with what you did. I've worked with blue teams who are like, ‘Hey, this was a great report, red, but we made some fixes, but we don't know if these are good.’”

 

How do we get more people into being proactive and adopting the purple team perspective?

A large majority of cybersecurity teams and processes involve reacting to potential threats and incidents. In contrast, purple teaming and threat informed defense strategies emphasize a more proactive mindset. Ben explains that working with a capability like Attack IQ helps teams build confidence in what they can prepare for and prevent. Building confidence in infrastructure and resilience in your team helps a proactive mindset thrive. 

“It’s about giving folks the ability to parse out and understand what's important to them, and to boil that down into, ‘Okay, now, what does that mean when hands on keyboard?’ Making that available, making that easily digestible. It's an education problem in this realm.”

 

What would be your first piece of advice for the person about to embark on discovering or explaining breaches and attacks in relation to their organization?

Ben explains that explaining breaches and helping others in your organization understand attack risks starts with showing. He explains that revealing how easily these things can happen and in what situation certain events could be particularly harmful opens the eyes of members of your team to what their threats look like. Instead of catering to doom and gloom, analyze your cyber threat risk with practicality and literal examples. 

“If I had to say that I had a specialty forced upon me by the Marine Corps, it was that. It was going over to peers and telling them that this is something that's good, bringing my red team in and letting them poke around, letting my blue team plug in to their network from some strange IP that they've never seen before.”

---------------

Links:

Keep up with our guest Ben Opel on LinkedIn

Learn more about Attack IQ on LinkedIn and the Attack IQ website

Connect with Ron Eddings on LinkedIn and Twitter

Connect with Chris Cochran on LinkedIn and Twitter

Purchase a HVS t-shirt at our shop

Continue the conversation by joining our Discord

Check out Hacker Valley Media and Hacker Valley Studio

Recent Episodes

February 27, 2024

Creating Value in the Cyber

Industry with Nick Lantuh

Nick Lantuh, CEO of Interpres Security, joins Ron Eddings on the mic at Hacker Valley’s “On the Big Screen” event to talk about how Nick’s previous career experience have given him unique insight into the cyber...

February 20, 2024

AI & Phishing: Fighting Fire with

Fire

In this episode, Host Ron Eddings is joined by Vishal Dixit, Co-founder & CTO at Graphus Inc., and Sven Bechmann, Senior Product Manager of Email Security at Kaseya to dig into how phishing attacks are evol...

February 14, 2024

Andrew Forgie's Path From Apache

Mechanic to Cybersecurity Sales ...

In this episode, Andrew Forgie takes us on his journey from his early days as an Apache helicopter mechanic in the military to his current role as a regional sales manager in cybersecurity.  Andrew shares his t...

February 6, 2024

Zinet Kemal's Journey From

Ethiopian Immigrant to TEDx Spea...

In this episode of Hacker Valley Studio, we dive into the inspiring journey of Zinet Kamal, an immigrant from Ethiopia who has carved a niche for herself in cybersecurity. Despite starting her journey with limi...

January 30, 2024

Paving the Path for CISOs of the

Future with Gary Hayslip

In this episode, Host Ron Eddings catches up with repeat guest, Gary Hayslip, CISO at SoftBank Investment Advisors and co-author of CISO Desk Reference guide. Gary explains that the varied nature of his current...

January 23, 2024

The Untold Story of Browser Risks:

Pioneering Enterprise Browser Se...

In this episode, Host Ron Eddings and guest Or Eshed, CEO of Layer X, discuss how changes in IT infrastructure, employee behavior and malicious tech have created an era where browser security is a must. Or deta...

January 16, 2024

Cyber Defense Reinvented: The New

Era of Attack Surface Management...

In this episode, Host Ron Eddings talks with guest Isaac Clayton, Senior Research Engineer at NetSPI. Ron and Isaac discuss the importance of ASM for organizations of all sizes, the challenges of asset identifi...

January 9, 2024

Cyber Resilience Unpacked: Securing

Tomorrow Today with Bill Bernard

In this episode, Host Ron Eddings dives deep into crafting a resilient cybersecurity approach with guest speaker Bill Bernard, VP of Security Strategy at Deepwatch. Bill discusses the necessity of understanding...

January 2, 2024

Looking Backward to GROW Forward in

Cybersecurity in 2024

In this episode, we’ll take a walk down memory lane. Hacker Valley looks back to 2023 to bring you some of the best clips with great advice and insight into being more creative, reflective, and resourceful with...

December 19, 2023

What’s Lurking In Your Containers?

AMBERSQUID Operations, Freejacki...

In this episode, Host Ron Eddings, discusses new tactics of adversaries with Director of Threat Research at Sysdig, Michael Clark. Michael digs into the cloud and shares trends about the AMBERSQUID operation an...

WORK WITH US

PODCASTS + SPEAKING + EVENTS

Are you the best kept secret in cybersecurity? Let's change that by partnering together for podcast ads, social campaigns, and your next event or keynote. Send us your details to get started.