Hacker Valley Blue By cover art

Hacker Valley Blue

By: Hacker Valley Media
Listen for free

  • Summary

  • Exploring the defensive side of cybersecurity through the eyes of the experts and innovators.
    Copyright 2021 All rights reserved.
    Show more Show less
Episodes
  • Bridging the Gap & Learning to Fail with Daniel Borges

    Bridging the Gap & Learning to Fail with Daniel Borges
    Dec 22 2022
    Daniel Borges, Senior Red Team Engineer at CrowdStrike and author of Adversarial Tradecraft in Cybersecurity, brings his unique perspectives on learning, training, and failure to the pod. Collaboration is key in any purple team, and Dan believes collaboration comes from a place of knowledge and understanding— of ourselves, others, and the security tools we use every day. In this episode, Daniel talks about the process of writing a book as a cyber practitioner and where he sees the gaps in purple teaming today. Timecoded Guide: [00:00] Pivoting from robotics to computer science to InfoSec [08:06] Finding a purple team in the Target breach aftermath [14:19] Understanding the trends of cyber practices & purple teaming [22:09] Deconflicting & blue team maturity ratings [30:40] Writing a book that covers blue & red perspectives [38:43] Failing as an opportunity for upward career mobility Sponsor Links: Thank you to our friends at Axonius and Plex Trac for sponsoring this episode! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley What is one of your purple teaming pet peeves? In Dan’s experience, a huge purple team pet peeve is how red and blue teams hinder one another. When there isn’t solid communication between red and blue, bad blood is easily bred and the tension of a high-pressure situation, such as an attack incident, becomes so much worse. Jumping into an engagement or a test without communication and cooperation between both sides doesn’t unify, it only divides and burns out practitioners. “It's extremely important when bringing people in, they know there's going to be an exercise, so they don't think the world is on fire. If you're doing incident response and detection, it's a marathon, not a sprint. You can't be putting out fires every day, you're gonna burn out.” What are your key takeaways about collaboration from your experiences in purple team settings? Collaboration, especially between red and blue teams, requires compromise and conscious thought. Instead of the selfish “us vs them” mentality of the red and blue silo structure, a purple team unites everyone on the same team, under the same end goal. Dan also recommends that practitioners stop and think about their reactions when collaborating together. Reactionary behavior hurts your team— and it wastes your time, too. “Sometimes, you have to let somebody fail. Sometimes, you have to let them do it and learn the lesson and if the impacts are not big enough, it's just better that way. It's just better that they see for themselves why this was a bad idea.” For those who might be interested in buying your book, Adversarial Tradecraft in Cybersecurity, what can they expect from it? When Dan began writing his book, he knew he wanted to look at techniques from both red and blue team perspectives. Part of his book is logistical, including how techniques can be applied in general situations. Another part of Dan’s book is about lessons learned, especially from the failures he’s experienced as a practitioner. The final piece, and perhaps the most important, is theory and ideas to consider to expand your perspective on the situations you may encounter in the field yourself. “[My book] is a lot of lessons learned from my time doing this. I've been attacking somebody and they found my code this way, or how I stopped a real campaign of attackers doing this technique. I think it's a lot of practical advice.” What advice would you give to anyone looking to get into InfoSec? InfoSec, or information security, is a field that requires balance to avoid burnout. Dan advises considering a career in InfoSec as a marathon, not a sprint. While the learning process can be long and difficult, Dan believes that InfoSec, just like purple teaming, isn’t as difficult as someone might think from the outside. If you’re able to think about a problem in a new way and engage your intelligence in your work, you can and will succeed. “I think a lot of InfoSec people are just smart people that can sit there and think about a problem. And if that sounds like you, then give it a shot because it's probably easier than you think and we need the people.” --------------- Links: Keep up with our guest Daniel Borges on LinkedIn and his blog Check out Daniel’s book Adversarial Tradecraft in Cybersecurity: Offense versus defense in real-time computer conflict Thank you to our friends at Axonius and PlexTrac for sponsoring this episode! Connect with Davin Jackson on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue ...
    Show more Show less
    45 mins
  • Becoming a Purple Team Ambassador with SCYTHE’s Jorge Orchilles

    Becoming a Purple Team Ambassador with SCYTHE’s Jorge Orchilles
    Dec 15 2022
    Jorge Orchilles, Chief Technology Officer at SCYTHE and Principal SANS Instructor, brings his expertise in purple teaming to the pod this week to talk about the uniquely human and the understandably technical parts of red and blue collaboration. As the Purple Team Ambassador at SANS, Jorge lives for all things purple team, pioneering the purple team framework used in different SANS courses. This week, Jorge talks about transitioning from tech to security and remembering we all are working for the same goal. Timecoded Guide: [00:00] Growing up in tech & discovering the cybersecurity world [13:52] Moving from SOC & ethical hacking to pen testing [26:25] Encountering the human side of a purple team engagement [32:02] Proactive cybersecurity collaboration with PlexTrac & SCYTHE [45:57] Transitioning from red vs purple to purple through knowing all sides Sponsor Links: Thank you to our friends at Axonius and Plex Trac for sponsoring this episode! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley What was your experience writing a book as you got into working security? As a system admin just starting to get into SOC, Jorge agreed to write a book on Windows 7. In the course of just a few months, Jorge ended up writing a book, finishing up his Master’s degree, and working the night shift for his new SOC job. This type of grind paid off for Jorge’s career, but he doesn’t miss the amount of stress and strain he felt by trying to get everything done at once--- a common feeling amongst overworked tech employees. “It was a great experience [writing a book], but at the same time, I was finishing my Master's, and I just got the SOC job, so I had to work three months of night shift, and it was like 7pm to 7am. So, that night shift along with the Masters, along with writing a book was just a lot.” What was the moment that the purple team idea clicked for you? In 2016, Jorge encountered a purple team activity for the first time as an employee at Citigroup. Back then, Jorge explains that the term “purple team” didn’t even exist yet, and their exercises were instead referred to as collaborative red team engagements. Still, the concept of purple teaming immediately piqued Jorge’s interest, especially when he began to encounter the personal collaborative efforts of purple teaming within the rigid world of cyber and tech. “A lot of people think purple teaming is just these collaborative, hands-on exercises, but there's a psychological part of purple teaming no one ever talks about and that is the understanding that we are all human, we all have different goals, we all work for the same company.” What are things that we could do or exercises to perform to create a bonding experience in a purple team exercise? Purple teaming is much more than seating your red team and blue team in the same room. Jorge explains that goals for purple team engagements have to be thoroughly defined and understood by members of the team before the engagement begins. Through his work with SCYTHE and SANS, Jorge often encounters practitioners and managers with the wrong perspective on purple teaming, thinking it's just a forced effort instead of an active collaboration. “The overall goals need to be covered first. What is the goal? Is it to run an adversary emulation together so that the blue learns from the red and the red learns for the blue? Or, is it to foster a collaborative culture? Because those two goals are different.” What advice do you have for a security practitioner making that transition from red and blue team to a purple team? Jorge has two pieces of advice for up -and-coming practitioners looking to make the most of purple team opportunities: remember the human element and learn as much as you can. Remembering the human element reminds you that everyone you work with, blue or red teamer, is a real person striving to make your company a more secure place to work. Learning as much as you can allows for a well-rounded approach in everything you do, from red to blue and everything in between. “I do think that if you want to be good at either offense or defense, you have to understand the other side. It’s hard to be a defender if you have absolutely no idea what the attackers are doing, and it's hard to be an attacker if you have no idea what the defenders are doing.” --------------- Links: Keep up with our guest Jorge Orchilles on LinkedIn, Twitter, and his personal website Learn more about SCYTHE on LinkedIn and the SCYTHE website Find out more about SANS course on the SANS website Check out ...
    Show more Show less
    49 mins
  • Transitioning from Blue to Red Teaming with Angela Saccone

    Transitioning from Blue to Red Teaming with Angela Saccone
    Dec 8 2022
    Angela Saccone, Community Manager at MetaCTF, Cyber Competitions Coordinator at Women’s Society of Cyberjutsu, and Youtube Content Creator, joins the pod this week to talk about content of all kinds— from cyber competitions to online courses, k-pop dance videos to Python programming videos. Angela talks about her experiences from a red and a blue perspective, her drive to educate future cybersecurity practitioners, and why it's important to be transparent about the daily routine of cyber professionals. Timecoded Guide: [00:00] Getting involved in cyber with a communication-focused mindset [10:18] Falling in love with blue team & red team aspects of the cyber field [18:23] Collaborating in cyber competitions for Cyberjutsu [26:11] Mentoring the next generation of purple teamers [35:55] Learning something new with cloud software & purple teaming Sponsor Links: Thank you to our friends at Axonius and PlexTrac for sponsoring this episode! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley Did you learn anything while being in CIO/CISO type roles that helped you better understand how to communicate with management and c-level executives? Working with upper-level management and c-level executives early in her career gave Angela a unique perspective on the importance of communication. Instead of focusing too heavily on jargon and technology-heavy vocabulary, Angela takes a more personalized, understanding tone with her c-level interactions. Bring those technical concepts into real-world examples in order to achieve that effective communication from the practitioner level through the c-suite. “We're all in this together. That sounds so cheesy, but that's really what it is, at the end of the day. Communicating is really important, and also, don’t use so much jargon. You have to learn how to bring technical concepts into everyday plain English. That's not easy, but it's a skill.” When you had those purple team exercises, how much more of a benefit was that as opposed to when you're just working with your individual team? Cyber competitions were Angela’s gateway drug to purple teaming. Experiencing such a collaborative yet competitive environment taught Angela to think in terms of real-world scenarios for red and blue team exercises. She learned to push her perspective beyond her individual team and consider each side of the red vs blue debate, which has made her a more well-rounded, collaborative, and educated cyber practitioner. “If I'm blue, I need to think red. I need to think about how they're getting in. How are they getting privilege escalation? With the red team, we need to think blue, in my opinion, because we need to think about: How are they defending? We need to dig in deeper.” What inspired you to start cyber content creation with your YouTube channel? Angela was originally exposed to content creation through MetaCTF, who asked her to create CTF walkthroughs on their YouTube channel. What started off as an experiment in expertise became a major passion for Angela, who was bitten by the content creator bug. She’s since adapted her YouTube channel to focus on day-in-the-life vlogs and videos about her career as a community manager and her volunteer work with the Women’s Society of Cyberjutsu. “I've always been this example for my social media audience, and even in person, where people are always asking me for help on cyber concepts. Instead of me just verbally saying it, I feel like video is the next best thing. It was really just to help people and also help myself.” What advice would you give someone in tech looking to transition into a purple teaming, collaborative environment? Although the idea of entering an environment that’s collaborative might be daunting to those who have spent time in the red vs blue silo, Angela advocates for practitioners to always learn and grow. Expanding your knowledge and opening your mind to new experiences helps you achieve a new level with your career. Leveling up together should be the goal for all cybersecurity practitioners, regardless of if you’re red, blue, or somewhere in between. “We have so many different resources to help people get involved, so it's good to just not be afraid. I know it's easier said than done but don't be afraid to fail and don't be afraid to succeed as well. Own it. Own those small victories, every small win is a win.” --------------- Links: Keep up with our guest Angela Saccone on LinkedIn, YouTube, and her website Connect with Davin Jackson on LinkedIn and Twitter Watch the live recording of this show on ...
    Show more Show less
    42 mins
Show more Show less

What listeners say about Hacker Valley Blue

Average customer ratings

Reviews - Please select the tabs below to change the source of reviews.

Audible.com reviews
No Reviews are Available