With over 15 years in IT/Cyber, I have had plenty of chances to do awesome things, break alot of stuff, and learn from the chaos. This talk is a culmination of that knowledge and meant to provide others with actionable thoughts that they can implement with their security programs regardless of what "Team" they play for. Wether you are on Red, Blue, or otherwise, we are all one team trying to defend our organizations the best we can. We are all purple in the end.
- Key points:
red: Scope is everything. Stick to it and build trust over time. Don't try to be an APT overnight.
red: Have your testing compliment each other (pentest for vulns and external/initial access, Purple assessments for post access)
red: Assumed Breach is the best route. Saves time, money, and frustration.
red: Be creative, Don't forget to be a threat. Creativity and unique thinking will take you far.
blue: Everyone is so caught up in the whoami that they forget to ask how am I. (state is just as important when looking for the threat)
blue: You Can't be expected to know everything... But you should know your assets. (hardware and software inventory)
blue: The Best time to practice your hunt/IR prcedures is now. Don't put it off until you actually need to perform.
blue: Logs or it didn't happen. Nothing worse than finding out your logs aren't aggregated.. ( validate your logs are functioning, being aggregated, and tuned on a regular schedule.)
General: 1 in the hand is better than 2 in the bush. ( Focus on defending against your known threat now instead of panicing about potential risks or vulnerabilities.)

Take Aways:
- Learn from our experience and level up your security program.
- Take back actionable tasks/ideas you can implement with your teams immediately.