November 3, 2022
by Hacker Valley Blue
Bryson Bort, CEO and Founder of SCYTHE, dons his unicorn getup and joins the pod this week to talk about purple teaming and building businesses with community in mind. After founding GRIMM, his first company, Bryson wanted to carve a path of purple team innovation in cyber and created SCYTHE to do just that. Along the way, Bryson saw a need to further engage the cyber community in education and accessibility, and co-founded the ICS Village to encourage training opportunities and bridge industry skill gaps.
[00:00] Transitioning from army intelligence into founding GRIMM & SCYTHE
[11:38] Education, certifications, & training efforts with GRIMM & ICS Village
[23:53] Data driven security efforts vs compliance checklists
[32:32] Combining Plex Trac with SCYTHE & MITRE ATT&CK
[41:34] OT vs IT environments & the key to understanding risks for both
[50:50] Cooking up community philanthropy as the Unicorn Chef
Thank you to our friends at Axonius and PlexTrac for sponsoring this episode!
Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask adaptive athlete Amy Bream. Want to learn more about how Amy controls complexity? Watch her video at axonius.com/amy
PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley
How was the transition from Army intelligence into the world of commercial cybersecurity?
Before attending West Point, Bryson had his own cybersecurity experience hacking small devices like calculators as a curious kid. He credits this early curiosity as a foundational knowledge that led him not only to a career in intelligence, but later becoming a founder of cybersecurity companies. Transitioning away from working for the government allowed Bryson to achieve a level of freedom with consulting opportunities that he previous didn’t have.
“From a discipline side, it's a unique experience. I couldn't get it anywhere else. That being said, working with government is working with government. I had fun with the missions, but it was time to go. I wanted to do cyber more on my own terms, which is why I founded GRIMM.”
GRIMM and other projects you’ve worked on seem to see staff training as a priority. Why is that?
As skills gaps widen and employee shortages continue, Bryson explains that companies that don’t provide training opportunities for staff stand out as major barriers to entry in cyber. Bryson’s previous company, GRIMM, and his current one, SCYTHE, both offer mentorship and training opportunities for team members. Expecting to hire someone with all the skills is unrealistic, Bryson explains, and training is necessary for security to manage threats.
“There's more work and need than there are people, which means we need to invest in folks. Most jobs really don't come through cold calls or the web. Most jobs come through relationships. If you know somebody who's interested, help them get into your company.”
Why is that “blue team vs red team” mindset so hard for security practitioners to break out of?
Bryson explains that the error of security practitioners’ ways lies in not seeing security as process improvement. Unfortunately, cybersecurity is still overrun by egotistical employees, relying on whiteness or masculinity to inflate their intelligence and self importance. This only succeeds in creating tension-filled environments where there is no comprehensive assurance of security. Blue teams end up overwhelmed and red teams end up frustrated.
“We don't need the pen tester or the red team to just win. Sure, that feels good, but that's not the point. We cannot be ego driven, we can't be win driven, and we can't continue to just create work that we're throwing on top of people when they already have a day job.”
How do we get more companies to embrace the “purple team” mindset as more than a buzzword?
Sometimes, companies misunderstand the purpose of creating a purple team and force the blue and red teams into the same working space instead of having them work together. Bryson explains that business buy in and leadership focus are essential to the success of any purple team. If the business doesn't want to buy into creating that workflow and leadership doesn’t care about creating a real purple team, nothing good will come of the situation.
“The starting point to any purple team is leadership. If leadership doesn't care, don't bother. At the end of the day, if business doesn’t buy in, it's not going to happen. The purple team process can build that momentum once you've got that, but you can't do it without that buy in.”
Watch the live recording of this show on our YouTube
Continue the conversation by joining our Discord
Daniel Borges, Senior Red Team Engineer at CrowdStrike and author of Adversarial Tradecraft in Cybersecurity, brings his unique perspectives on learning, training, and failure to the pod. Collaboration is key in any purple team, and Dan believes coll...
Jorge Orchilles, Chief Technology Officer at SCYTHE and Principal SANS Instructor, brings his expertise in purple teaming to the pod this week to talk about the uniquely human and the understandably technical parts of red and blue collaboration. As t...
Angela Saccone, Community Manager at MetaCTF, Cyber Competitions Coordinator at Women’s Society of Cyberjutsu, and Youtube Content Creator, joins the pod this week to talk about content of all kinds— from cyber competitions to online courses, k-pop d...
Eric Thomas, Detection & Response Engineer at HD Supply, brings his 15 years of experience in tech and cyber to the show this week to discuss collaboration— the most essential piece of the purple team formula. Eric walks us through his day-to-day rou...
Nick Popovich, Hacker in Residence at PlexTrac, drops by to say hi to the Hacker Valley crew and give some insight into PlexTrac’s purple teaming services. Starting his career in offensive security as a pen tester, Nick gained great insight into purp...
Alexia Crumpton, Lead Cybersecurity Engineer at MITRE, joins the pod this week to cover leaving the old ways of cybersecurity behind to embrace the new generation. As both an engineer with MITRE and an educator for future cybersecurity practitioners,...
Bryson Bort, CEO and Founder of SCYTHE, dons his unicorn getup and joins the pod this week to talk about purple teaming and building businesses with community in mind. After founding GRIMM, his first company, Bryson wanted to carve a path of purple t...
In this episode, we’re joined by Maril Vernon. Maril is a purple team lead and co-host of the Cyber Queens Podcast. From a background in marketing, Maril’s natural curiosity and determination lead her to a new career in cybersecurity with the Air Nat...
In this episode, host Davin is joined by Tyson Supasatit, the Director of Product Marketing at Uptycs, to discuss how Upytcs is leveraging the MITRE D3FEND framework to further build upon their defensive capabilities. Tyson shares how Uptycs utilizes...
In this episode of Hacker Valley Blue, host Davin is joined by McKenna Yeakey, a Corporate Security Engineer at Plaid, to discuss the importance of human-centric security. Mckenna explores the “human” aspects of her job and why end user impact plays ...