Jordan and Kent are back again to continue strengthening organizations’ information security human capital (That’s all you folks!). Organization Leadership and Security Practitioners can gain understanding on the potential designed-to-fail Purple Teams initiatives never reached their full potential. The Duo reviews how systemic organizational career pathing created an insoluble Red vs Blue dichotomy.
MORE IMPORTANTLY: The team is announcing a recipe for Purple Team Wins:
The Atomic Purple Team (Lifecycle) Framework
Organizations struggling to efficiently leverage the skillsets of all information security staff will benefit from considering the Atomic Purple Team Lifecycle Framework’s business-driven workflow. The workflow takes its roots from tested continuous improvement frameworks like ISO9001, ISO27001, Six Sigma, and the like.
Watch how a methodical balance of risk analysis, attack, hunt and defend methodologies, and business considerations can effectively and continually improve an organizations’ security posture. As an added bonus, the framework incorporates concepts of Human Capital Management and knowledge-flow methodologies to encourage tacit knowledge exchange to further organic growth of the skillsets of all those involved in the Atomic Purple Team framework.
But wait, there’s more! Budget headaches? Learn how the Atomic Purple Team framework’s methodical flow also aligns to natural business operations management and reporting. The framework provides a clear path to cabinet-approved Purple Team budget appropriations to ensure long term security posture improvement.
Lastly, Jordan and Kent will demonstrate the Atomic Purple Team Lifecycle in action by running complete live Attack and Hunt/Defend lifecycle(s), all the way to risk management and budgetary thoughts.
Join the Black Hills Information Security Discord discussion server — https://discord.gg/aHHh3u5
Need slides and much more — https://github.com/DefensiveOrigins/A…
0:00 – Family Stories
1:07 – Atomic Purple Team Framework
3:28 – Executive Problem Statement
4:41 – Red Team, Blue Team, Purple Team
7:18 – Who / What is APT?
9:22 – Atomic Purple Team Lifecycle
18:18 – 1. Threat / Risk Assessment (Ingest) Types
19:59 – 2. Planning — What are the Tools
20:50 – 3. Attack / Execute / Engage
21:37 – 4. Hunt and Defend
22:01 – 5. Adjust & Harden
23:14 – 6. Reporting and Request for Deployment
27:07 – Lifecycles Start in Development
28:15 – Lifecycles End in Production
28:44 – APT Lab INfrastructure
29:48 – Off-Roading: Lab Demo
33:21 – Lifecycle Walkthrough — Goal Setting
34:50 – Purple Team Lifecycle Walkthrough
44:02 – Hunt and Defend Methodology
45:02 – Adjusting to Threat
47:21 – APTLC Playbook
48:49 – The Report
53:15 – Lessons Learned
59:25 – Post-Show Questions