December 22, 2022

Bridging the Gap & Learning to Fail with Daniel Borges

by Hacker Valley Blue

Listen Now

test
Bridging the Gap & Learning to Fail with Daniel Borges

December 22, 2022 Hacker Valley Blue

00:00:00

Show Notes

Daniel Borges, Senior Red Team Engineer at CrowdStrike and author of Adversarial Tradecraft in Cybersecurity, brings his unique perspectives on learning, training, and failure to the pod. Collaboration is key in any purple team, and Dan believes collaboration comes from a place of knowledge and understanding— of ourselves, others, and the security tools we use every day. In this episode, Daniel talks about the process of writing a book as a cyber practitioner and where he sees the gaps in purple teaming today.

 

Timecoded Guide:

[00:00] Pivoting from robotics to computer science to InfoSec 

[08:06] Finding a purple team in the Target breach aftermath

[14:19] Understanding the trends of cyber practices & purple teaming

[22:09] Deconflicting & blue team maturity ratings

[30:40] Writing a book that covers blue & red perspectives

[38:43] Failing as an opportunity for upward career mobility

 

Sponsor Links:

Thank you to our friends at Axonius and Plex Trac for sponsoring this episode!

The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley

 

What is one of your purple teaming pet peeves? 

In Dan’s experience, a huge purple team pet peeve is how red and blue teams hinder one another. When there isn’t solid communication between red and blue, bad blood is easily bred and the tension of a high-pressure situation, such as an attack incident, becomes so much worse. Jumping into an engagement or a test without communication and cooperation between both sides doesn’t unify, it only divides and burns out practitioners.

“It's extremely important when bringing people in, they know there's going to be an exercise, so they don't think the world is on fire. If you're doing incident response and detection, it's a marathon, not a sprint. You can't be putting out fires every day, you're gonna burn out.”

 

What are your key takeaways about collaboration from your experiences in purple team settings?

Collaboration, especially between red and blue teams, requires compromise and conscious thought. Instead of the selfish “us vs them” mentality of the red and blue silo structure, a purple team unites everyone on the same team, under the same end goal. Dan also recommends that practitioners stop and think about their reactions when collaborating together. Reactionary behavior hurts your team— and it wastes your time, too. 

“Sometimes, you have to let somebody fail. Sometimes, you have to let them do it and learn the lesson and if the impacts are not big enough, it's just better that way. It's just better that they see for themselves why this was a bad idea.”

 

For those who might be interested in buying your book, Adversarial Tradecraft in Cybersecurity, what can they expect from it?

When Dan began writing his book, he knew he wanted to look at techniques from both red and blue team perspectives. Part of his book is logistical, including how techniques can be applied in general situations. Another part of Dan’s book is about lessons learned, especially from the failures he’s experienced as a practitioner. The final piece, and perhaps the most important, is theory and ideas to consider to expand your perspective on the situations you may encounter in the field yourself.

“[My book] is a lot of lessons learned from my time doing this. I've been attacking somebody and they found my code this way, or how I stopped a real campaign of attackers doing this technique. I think it's a lot of practical advice.”

 

What advice would you give to anyone looking to get into InfoSec?

InfoSec, or information security, is a field that requires balance to avoid burnout. Dan advises considering a career in InfoSec as a marathon, not a sprint. While the learning process can be long and difficult, Dan believes that InfoSec, just like purple teaming, isn’t as difficult as someone might think from the outside. If you’re able to think about a problem in a new way and engage your intelligence in your work, you can and will succeed. 

“I think a lot of InfoSec people are just smart people that can sit there and think about a problem. And if that sounds like you, then give it a shot because it's probably easier than you think and we need the people.”

---------------

Links:

Keep up with our guest Daniel Borges on LinkedIn and his blog

Check out Daniel’s book Adversarial Tradecraft in Cybersecurity: Offense versus defense in real-time computer conflict

Thank you to our friends at Axonius and PlexTrac for sponsoring this episode!

Connect with Davin Jackson on LinkedIn and Twitter

Watch the live recording of this show on our YouTube

Continue the conversation by joining our Discord

Hear more from Hacker Valley Media and Hacker Valley Blue

Read more

Recent Episodes

December 22, 2022
by Hacker Valley Blue

Daniel Borges, Senior Red Team Engineer at CrowdStrike and author of Adversarial Tradecraft in Cybersecurity, brings his unique perspectives on learning, training, and failure to the pod. Collaboration is key in any purple team, and Dan believes coll...

December 15, 2022
by Hacker Valley Blue

Jorge Orchilles, Chief Technology Officer at SCYTHE and Principal SANS Instructor, brings his expertise in purple teaming to the pod this week to talk about the uniquely human and the understandably technical parts of red and blue collaboration. As t...

December 8, 2022
by Hacker Valley Blue

Angela Saccone, Community Manager at MetaCTF, Cyber Competitions Coordinator at Women’s Society of Cyberjutsu, and Youtube Content Creator, joins the pod this week to talk about content of all kinds— from cyber competitions to online courses, k-pop d...

December 1, 2022
by Hacker Valley Blue

Eric Thomas, Detection & Response Engineer at HD Supply, brings his 15 years of experience in tech and cyber to the show this week to discuss collaboration— the most essential piece of the purple team formula. Eric walks us through his day-to-day rou...

November 17, 2022
by Hacker Valley Blue

Nick Popovich, Hacker in Residence at PlexTrac, drops by to say hi to the Hacker Valley crew and give some insight into PlexTrac’s purple teaming services. Starting his career in offensive security as a pen tester, Nick gained great insight into purp...

November 10, 2022
by Hacker Valley Blue

Alexia Crumpton, Lead Cybersecurity Engineer at MITRE, joins the pod this week to cover leaving the old ways of cybersecurity behind to embrace the new generation. As both an engineer with MITRE and an educator for future cybersecurity practitioners,...

November 3, 2022
by Hacker Valley Blue

Bryson Bort, CEO and Founder of SCYTHE, dons his unicorn getup and joins the pod this week to talk about purple teaming and building businesses with community in mind. After founding GRIMM, his first company, Bryson wanted to carve a path of purple t...

October 27, 2022
by Hacker Valley Blue

In this episode, we’re joined by Maril Vernon. Maril is a purple team lead and co-host of the Cyber Queens Podcast. From a background in marketing, Maril’s natural curiosity and determination lead her to a new career in cybersecurity with the Air Nat...

April 29, 2022
by Hacker Valley Blue

In this episode, host Davin is joined by Tyson Supasatit, the Director of Product Marketing at Uptycs, to discuss how Upytcs is leveraging the MITRE D3FEND framework to further build upon their defensive capabilities. Tyson shares how Uptycs utilizes...

April 22, 2022
by Hacker Valley Blue

In this episode of Hacker Valley Blue, host Davin is joined by McKenna Yeakey, a Corporate Security Engineer at Plaid, to discuss the importance of human-centric security. Mckenna explores the “human” aspects of her job and why end user impact plays ...