November 3, 2022
by Hacker Valley Blue
Bryson Bort, CEO and Founder of SCYTHE, dons his unicorn getup and joins the pod this week to talk about purple teaming and building businesses with community in mind. After founding GRIMM, his first company, Bryson wanted to carve a path of purple team innovation in cyber and created SCYTHE to do just that. Along the way, Bryson saw a need to further engage the cyber community in education and accessibility, and co-founded the ICS Village to encourage training opportunities and bridge industry skill gaps.
Timecoded Guide:
[00:00] Transitioning from army intelligence into founding GRIMM & SCYTHE
[11:38] Education, certifications, & training efforts with GRIMM & ICS Village
[23:53] Data driven security efforts vs compliance checklists
[32:32] Combining Plex Trac with SCYTHE & MITRE ATT&CK
[41:34] OT vs IT environments & the key to understanding risks for both
[50:50] Cooking up community philanthropy as the Unicorn Chef
Sponsor Links:
Thank you to our friends at Axonius and PlexTrac for sponsoring this episode!
Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask adaptive athlete Amy Bream. Want to learn more about how Amy controls complexity? Watch her video at axonius.com/amy
PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley
How was the transition from Army intelligence into the world of commercial cybersecurity?
Before attending West Point, Bryson had his own cybersecurity experience hacking small devices like calculators as a curious kid. He credits this early curiosity as a foundational knowledge that led him not only to a career in intelligence, but later becoming a founder of cybersecurity companies. Transitioning away from working for the government allowed Bryson to achieve a level of freedom with consulting opportunities that he previous didn’t have.
“From a discipline side, it's a unique experience. I couldn't get it anywhere else. That being said, working with government is working with government. I had fun with the missions, but it was time to go. I wanted to do cyber more on my own terms, which is why I founded GRIMM.”
GRIMM and other projects you’ve worked on seem to see staff training as a priority. Why is that?
As skills gaps widen and employee shortages continue, Bryson explains that companies that don’t provide training opportunities for staff stand out as major barriers to entry in cyber. Bryson’s previous company, GRIMM, and his current one, SCYTHE, both offer mentorship and training opportunities for team members. Expecting to hire someone with all the skills is unrealistic, Bryson explains, and training is necessary for security to manage threats.
“There's more work and need than there are people, which means we need to invest in folks. Most jobs really don't come through cold calls or the web. Most jobs come through relationships. If you know somebody who's interested, help them get into your company.”
Why is that “blue team vs red team” mindset so hard for security practitioners to break out of?
Bryson explains that the error of security practitioners’ ways lies in not seeing security as process improvement. Unfortunately, cybersecurity is still overrun by egotistical employees, relying on whiteness or masculinity to inflate their intelligence and self importance. This only succeeds in creating tension-filled environments where there is no comprehensive assurance of security. Blue teams end up overwhelmed and red teams end up frustrated.
“We don't need the pen tester or the red team to just win. Sure, that feels good, but that's not the point. We cannot be ego driven, we can't be win driven, and we can't continue to just create work that we're throwing on top of people when they already have a day job.”
How do we get more companies to embrace the “purple team” mindset as more than a buzzword?
Sometimes, companies misunderstand the purpose of creating a purple team and force the blue and red teams into the same working space instead of having them work together. Bryson explains that business buy in and leadership focus are essential to the success of any purple team. If the business doesn't want to buy into creating that workflow and leadership doesn’t care about creating a real purple team, nothing good will come of the situation.
“The starting point to any purple team is leadership. If leadership doesn't care, don't bother. At the end of the day, if business doesn’t buy in, it's not going to happen. The purple team process can build that momentum once you've got that, but you can't do it without that buy in.”
---------------
Links:
Keep up with our guest Bryson Bort on Twitter and LinkedIn
Learn more about SCYTHE on LinkedIn and the SCYTHE website
Thank you to our friends at Axonius and Plex Trac for sponsoring this episode!
Connect with Davin Jackson on LinkedIn and Twitter
Watch the live recording of this show on our YouTube
Continue the conversation by joining our Discord
Hear more from Hacker Valley Media and Hacker Valley Blue