December 15, 2022
by Hacker Valley Blue
Jorge Orchilles, Chief Technology Officer at SCYTHE and Principal SANS Instructor, brings his expertise in purple teaming to the pod this week to talk about the uniquely human and the understandably technical parts of red and blue collaboration. As the Purple Team Ambassador at SANS, Jorge lives for all things purple team, pioneering the purple team framework used in different SANS courses. This week, Jorge talks about transitioning from tech to security and remembering we all are working for the same goal.
[00:00] Growing up in tech & discovering the cybersecurity world
[13:52] Moving from SOC & ethical hacking to pen testing
[26:25] Encountering the human side of a purple team engagement
[32:02] Proactive cybersecurity collaboration with PlexTrac & SCYTHE
[45:57] Transitioning from red vs purple to purple through knowing all sides
Thank you to our friends at Axonius and Plex Trac for sponsoring this episode!
The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley
PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley
What was your experience writing a book as you got into working security?
As a system admin just starting to get into SOC, Jorge agreed to write a book on Windows 7. In the course of just a few months, Jorge ended up writing a book, finishing up his Master’s degree, and working the night shift for his new SOC job. This type of grind paid off for Jorge’s career, but he doesn’t miss the amount of stress and strain he felt by trying to get everything done at once--- a common feeling amongst overworked tech employees.
“It was a great experience [writing a book], but at the same time, I was finishing my Master's, and I just got the SOC job, so I had to work three months of night shift, and it was like 7pm to 7am. So, that night shift along with the Masters, along with writing a book was just a lot.”
What was the moment that the purple team idea clicked for you?
In 2016, Jorge encountered a purple team activity for the first time as an employee at Citigroup. Back then, Jorge explains that the term “purple team” didn’t even exist yet, and their exercises were instead referred to as collaborative red team engagements. Still, the concept of purple teaming immediately piqued Jorge’s interest, especially when he began to encounter the personal collaborative efforts of purple teaming within the rigid world of cyber and tech.
“A lot of people think purple teaming is just these collaborative, hands-on exercises, but there's a psychological part of purple teaming no one ever talks about and that is the understanding that we are all human, we all have different goals, we all work for the same company.”
What are things that we could do or exercises to perform to create a bonding experience in a purple team exercise?
Purple teaming is much more than seating your red team and blue team in the same room. Jorge explains that goals for purple team engagements have to be thoroughly defined and understood by members of the team before the engagement begins. Through his work with SCYTHE and SANS, Jorge often encounters practitioners and managers with the wrong perspective on purple teaming, thinking it's just a forced effort instead of an active collaboration.
“The overall goals need to be covered first. What is the goal? Is it to run an adversary emulation together so that the blue learns from the red and the red learns for the blue? Or, is it to foster a collaborative culture? Because those two goals are different.”
What advice do you have for a security practitioner making that transition from red and blue team to a purple team?
Jorge has two pieces of advice for up -and-coming practitioners looking to make the most of purple team opportunities: remember the human element and learn as much as you can. Remembering the human element reminds you that everyone you work with, blue or red teamer, is a real person striving to make your company a more secure place to work. Learning as much as you can allows for a well-rounded approach in everything you do, from red to blue and everything in between.
“I do think that if you want to be good at either offense or defense, you have to understand the other side. It’s hard to be a defender if you have absolutely no idea what the attackers are doing, and it's hard to be an attacker if you have no idea what the defenders are doing.”
Keep up with our guest Jorge Orchilles on LinkedIn, Twitter, and his personal website
Learn more about SCYTHE on LinkedIn and the SCYTHE website
Find out more about SANS course on the SANS website
Check out Jorge’s Purple Team Exercise Framework
Thank you to our friends at Axonius and PlexTrac for sponsoring this episode!
Connect with Davin Jackson on LinkedIn and Twitter
Watch the live recording of this show on our YouTube
Continue the conversation by joining our Discord
Hear more from Hacker Valley Media and Hacker Valley Blue
Daniel Borges, Senior Red Team Engineer at CrowdStrike and author of Adversarial Tradecraft in Cybersecurity, brings his unique perspectives on learning, training, and failure to the pod. Collaboration is key in any purple team, and Dan believes coll...
Jorge Orchilles, Chief Technology Officer at SCYTHE and Principal SANS Instructor, brings his expertise in purple teaming to the pod this week to talk about the uniquely human and the understandably technical parts of red and blue collaboration. As t...
Angela Saccone, Community Manager at MetaCTF, Cyber Competitions Coordinator at Women’s Society of Cyberjutsu, and Youtube Content Creator, joins the pod this week to talk about content of all kinds— from cyber competitions to online courses, k-pop d...
Eric Thomas, Detection & Response Engineer at HD Supply, brings his 15 years of experience in tech and cyber to the show this week to discuss collaboration— the most essential piece of the purple team formula. Eric walks us through his day-to-day rou...
Nick Popovich, Hacker in Residence at PlexTrac, drops by to say hi to the Hacker Valley crew and give some insight into PlexTrac’s purple teaming services. Starting his career in offensive security as a pen tester, Nick gained great insight into purp...
Alexia Crumpton, Lead Cybersecurity Engineer at MITRE, joins the pod this week to cover leaving the old ways of cybersecurity behind to embrace the new generation. As both an engineer with MITRE and an educator for future cybersecurity practitioners,...
Bryson Bort, CEO and Founder of SCYTHE, dons his unicorn getup and joins the pod this week to talk about purple teaming and building businesses with community in mind. After founding GRIMM, his first company, Bryson wanted to carve a path of purple t...
In this episode, we’re joined by Maril Vernon. Maril is a purple team lead and co-host of the Cyber Queens Podcast. From a background in marketing, Maril’s natural curiosity and determination lead her to a new career in cybersecurity with the Air Nat...
In this episode, host Davin is joined by Tyson Supasatit, the Director of Product Marketing at Uptycs, to discuss how Upytcs is leveraging the MITRE D3FEND framework to further build upon their defensive capabilities. Tyson shares how Uptycs utilizes...
In this episode of Hacker Valley Blue, host Davin is joined by McKenna Yeakey, a Corporate Security Engineer at Plaid, to discuss the importance of human-centric security. Mckenna explores the “human” aspects of her job and why end user impact plays ...