Seeing Purple: Hybrid Security Teams for the Enterprise presented at BSidesDetroit 2014

by Mark Kikta,

Summary : The militaries of the world conduct wargames early and often in order to increase readiness in the event of an actual incident. Their job is the security of their respective nations, so for those of us responsible for the security of organizations, why should that be any different? Protecting any sufficiently sized infrastructure is just like protecting a virtual country; there can and will be everything from external, scripted attacks by a 14 year old who just downloaded Metasploit for the first time to a more intimate, internal attack by a disgruntled employee. In either case, and in every one in between, it is helpful to plan, prepare, and execute mitigations for these events. By combining both red and blue team operations into a wargame, you can develop a comprehensive security plan that will not only help you identify holes in your existing procedures, but also help you develop new ones along with keeping all participants at the top of their game. This talk will explore blueprints for creating such a team and how to integrate it into your existing hierarchy. Plus, let’s face it, games are fun.