December 1, 2022
by Hacker Valley Blue
Eric Thomas, Detection & Response Engineer at HD Supply, brings his 15 years of experience in tech and cyber to the show this week to discuss collaboration— the most essential piece of the purple team formula. Eric walks us through his day-to-day routine as an engineer and provides us with his own unique insight into his current company's purple team process. Additionally, Eric teaches us about his unique approach to training future professionals with red and blue team skills and philosophies.
[00:00] Transitioning from a tech/IT environment into cyber engineering
[12:03] Walking through the day-to-day of a defense and response engineer
[16:48] Collaborating with the DETH purple team
[29:27] Developing security protocols for IoT and OT devices
[39:33] Going beyond the "back in my day" training stereotype
[51:22] Being the not-so-smartest person in the room
Thank you to our friends at Axonius and PlexTrac for sponsoring this episode!
The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley
PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley
What is the collaboration between red and blue teams like in your current role as a detection and response engineer?
Although Eric is humble enough to admit that the purple team processes in his current work are not his singular idea, he will admit that he led the charge for a more collaborative environment. Leading this initiative started with the desire for a better SOC team. Eric's collaboration wasn't formal at all— he would simply ask other departments for help with their expertise— but this process led to a massively successful process that continues to this day.
"My idea was, if we're trying to detect adversarial behavior, we have a resource internally. Who are experts at adversarial behavior? Why try to figure this out ourselves, right? It started off as a very informal thing. It started off as [collaborative] teams."
Can you give a brief description of what IoT devices are and what type of testing you do with them?
IoT is more than another acronym in the cyber industry— it refers to the Internet of Things, or the way everyday devices connect to the internet and to each other. The concept of IoT heavily connects to OT, or operational technology. Unfortunately, because these are lesser known systems, they're less secure and less understood by security teams. Eric's team of consultants aims to fix that issue, providing security protocols where there are none.
"We have the technology and the mechanisms to protect our traditional IT. When it comes to OT and Internet of Things (IoT devices), this has been significantly overlooked. What we're seeing is a push to get security professionals more interested in protecting these devices."
How are you training future professionals and teaching them to do things differently from the problematic ways you learned back in the day?
It's almost too easy to slip into the problematic "back in my day" mindset of an experienced professional, but Eric actively combats the idea that the old ways of doing security were better when training students. Instead, Eric advocates for students to take a different, more unified approach to their learning process. Aspiring professionals shouldn't work in a silo and should instead be exposed to red and blue team processes during their learning journey.
"Don’t go into the silo, build your network, talk to people across the aisle, it's gonna make you a better pen tester. That’s what I tell [upcoming professionals], that the more blue team friends you have, it's going to make you a better pen tester.”
What advice do you have for any up-and-coming security folks who want to move into the industry?
Collaboration is the name of the game, and Eric wants up-and-coming security practitioners to approach collaboration from a place of learning. No matter how knowledgeable or skilled you are in a certain process or technology, remember that you’re not the smartest person in the room in every situation. Be curious about the work of others around you, and don’t be afraid to ask questions and learn from your peers, no matter what team they’re on.
"If you can learn anything from my story, it's that you should collaborate, network, and talk to people. Never go into a room where you know you're going to be the smartest person, and never think you're the smartest person in the room, because then you won't ask questions."
Watch the live recording of this show on our YouTube
Continue the conversation by joining our Discord
Daniel Borges, Senior Red Team Engineer at CrowdStrike and author of Adversarial Tradecraft in Cybersecurity, brings his unique perspectives on learning, training, and failure to the pod. Collaboration is key in any purple team, and Dan believes coll...
Jorge Orchilles, Chief Technology Officer at SCYTHE and Principal SANS Instructor, brings his expertise in purple teaming to the pod this week to talk about the uniquely human and the understandably technical parts of red and blue collaboration. As t...
Angela Saccone, Community Manager at MetaCTF, Cyber Competitions Coordinator at Women’s Society of Cyberjutsu, and Youtube Content Creator, joins the pod this week to talk about content of all kinds— from cyber competitions to online courses, k-pop d...
Eric Thomas, Detection & Response Engineer at HD Supply, brings his 15 years of experience in tech and cyber to the show this week to discuss collaboration— the most essential piece of the purple team formula. Eric walks us through his day-to-day rou...
Nick Popovich, Hacker in Residence at PlexTrac, drops by to say hi to the Hacker Valley crew and give some insight into PlexTrac’s purple teaming services. Starting his career in offensive security as a pen tester, Nick gained great insight into purp...
Alexia Crumpton, Lead Cybersecurity Engineer at MITRE, joins the pod this week to cover leaving the old ways of cybersecurity behind to embrace the new generation. As both an engineer with MITRE and an educator for future cybersecurity practitioners,...
Bryson Bort, CEO and Founder of SCYTHE, dons his unicorn getup and joins the pod this week to talk about purple teaming and building businesses with community in mind. After founding GRIMM, his first company, Bryson wanted to carve a path of purple t...
In this episode, we’re joined by Maril Vernon. Maril is a purple team lead and co-host of the Cyber Queens Podcast. From a background in marketing, Maril’s natural curiosity and determination lead her to a new career in cybersecurity with the Air Nat...
In this episode, host Davin is joined by Tyson Supasatit, the Director of Product Marketing at Uptycs, to discuss how Upytcs is leveraging the MITRE D3FEND framework to further build upon their defensive capabilities. Tyson shares how Uptycs utilizes...
In this episode of Hacker Valley Blue, host Davin is joined by McKenna Yeakey, a Corporate Security Engineer at Plaid, to discuss the importance of human-centric security. Mckenna explores the “human” aspects of her job and why end user impact plays ...