Seeing Purple: Hybrid Security Teams for the Enterprise presented at BSidesNashville 2014

by Mark Kikta,

Summary : The militaries of the world conduct wargames in order to increase their readiness in the event of an actual incident. The job is to provide security for their respective nations. For those of us responsible for the security of organizations, why should our methods be any different? Protecting any sufficiently sized infrastructure is just like protecting a virtual country; there can be everything from minor skirmishes by untrained personnel (skiddies) to attacks by nation states (APTs) to attacks from within (insider threat). It is paramount that security teams plan, prepare, and execute mitigations for these events. By combining both red and blue team operations in your organization, you can develop comprehensive security exercises that will not only help you identify holes in your existing procedures, but also help you develop new ones all while keeping your team at the top of their game. This talk will explore blueprints for creating such a team, how to integrate it into your existing hierarchy, and how to make it fun!