45 min
Bridging the Gap & Learning to Fail with Daniel Borges Hacker Valley Blue
-
- Technology
Daniel Borges, Senior Red Team Engineer at CrowdStrike and author of Adversarial Tradecraft in Cybersecurity, brings his unique perspectives on learning, training, and failure to the pod. Collaboration is key in any purple team, and Dan believes collaboration comes from a place of knowledge and understanding— of ourselves, others, and the security tools we use every day. In this episode, Daniel talks about the process of writing a book as a cyber practitioner and where he sees the gaps in purple teaming today.
Timecoded Guide:
[00:00] Pivoting from robotics to computer science to InfoSec
[08:06] Finding a purple team in the Target breach aftermath
[14:19] Understanding the trends of cyber practices & purple teaming
[22:09] Deconflicting & blue team maturity ratings
[30:40] Writing a book that covers blue & red perspectives
[38:43] Failing as an opportunity for upward career mobility
Sponsor Links:
Thank you to our friends at Axonius and Plex Trac for sponsoring this episode!
The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley
PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley
What is one of your purple teaming pet peeves?
In Dan’s experience, a huge purple team pet peeve is how red and blue teams hinder one another. When there isn’t solid communication between red and blue, bad blood is easily bred and the tension of a high-pressure situation, such as an attack incident, becomes so much worse. Jumping into an engagement or a test without communication and cooperation between both sides doesn’t unify, it only divides and burns out practitioners.
“It's extremely important when bringing people in, they know there's going to be an exercise, so they don't think the world is on fire. If you're doing incident response and detection, it's a marathon, not a sprint. You can't be putting out fires every day, you're gonna burn out.”
What are your key takeaways about collaboration from your experiences in purple team settings?
Collaboration, especially between red and blue teams, requires compromise and conscious thought. Instead of the selfish “us vs them” mentality of the red and blue silo structure, a purple team unites everyone on the same team, under the same end goal. Dan also recommends that practitioners stop and think about their reactions when collaborating together. Reactionary behavior hurts your team— and it wastes your time, too.
“Sometimes, you have to let somebody fail. Sometimes, you have to let them do it and learn the lesson and if the impacts are not big enough, it's just better that way. It's just better that they see for themselves why this was a bad idea.”
For those who might be interested in buying your book, Adversarial Tradecraft in Cybersecurity, what can they expect from it?
When Dan began writing his book, he knew he wanted to look at techniques from both red and blue team perspectives. Part of his book is logistical, including how techniques can be applied in general situations. Another part of Dan’s book is about lessons learned, especially from the failures he’s experienced as a practitioner. The final piece, and perhaps the most important, is theory and ideas to consider to expand your perspective on the situations you may encounter in the field yourself.
“[My book] is a lot of lessons learned from my time doing this. I've been attacking somebody and they found my code this way, or how I stopped a real campaign of attackers doing this technique. I think it's a lot of practical advice.”
What advice would you give to anyone looking to get into InfoSec?
InfoSec, or information security, is a field that requires balance to avoid
Daniel Borges, Senior Red Team Engineer at CrowdStrike and author of Adversarial Tradecraft in Cybersecurity, brings his unique perspectives on learning, training, and failure to the pod. Collaboration is key in any purple team, and Dan believes collaboration comes from a place of knowledge and understanding— of ourselves, others, and the security tools we use every day. In this episode, Daniel talks about the process of writing a book as a cyber practitioner and where he sees the gaps in purple teaming today.
Timecoded Guide:
[00:00] Pivoting from robotics to computer science to InfoSec
[08:06] Finding a purple team in the Target breach aftermath
[14:19] Understanding the trends of cyber practices & purple teaming
[22:09] Deconflicting & blue team maturity ratings
[30:40] Writing a book that covers blue & red perspectives
[38:43] Failing as an opportunity for upward career mobility
Sponsor Links:
Thank you to our friends at Axonius and Plex Trac for sponsoring this episode!
The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley
PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley
What is one of your purple teaming pet peeves?
In Dan’s experience, a huge purple team pet peeve is how red and blue teams hinder one another. When there isn’t solid communication between red and blue, bad blood is easily bred and the tension of a high-pressure situation, such as an attack incident, becomes so much worse. Jumping into an engagement or a test without communication and cooperation between both sides doesn’t unify, it only divides and burns out practitioners.
“It's extremely important when bringing people in, they know there's going to be an exercise, so they don't think the world is on fire. If you're doing incident response and detection, it's a marathon, not a sprint. You can't be putting out fires every day, you're gonna burn out.”
What are your key takeaways about collaboration from your experiences in purple team settings?
Collaboration, especially between red and blue teams, requires compromise and conscious thought. Instead of the selfish “us vs them” mentality of the red and blue silo structure, a purple team unites everyone on the same team, under the same end goal. Dan also recommends that practitioners stop and think about their reactions when collaborating together. Reactionary behavior hurts your team— and it wastes your time, too.
“Sometimes, you have to let somebody fail. Sometimes, you have to let them do it and learn the lesson and if the impacts are not big enough, it's just better that way. It's just better that they see for themselves why this was a bad idea.”
For those who might be interested in buying your book, Adversarial Tradecraft in Cybersecurity, what can they expect from it?
When Dan began writing his book, he knew he wanted to look at techniques from both red and blue team perspectives. Part of his book is logistical, including how techniques can be applied in general situations. Another part of Dan’s book is about lessons learned, especially from the failures he’s experienced as a practitioner. The final piece, and perhaps the most important, is theory and ideas to consider to expand your perspective on the situations you may encounter in the field yourself.
“[My book] is a lot of lessons learned from my time doing this. I've been attacking somebody and they found my code this way, or how I stopped a real campaign of attackers doing this technique. I think it's a lot of practical advice.”
What advice would you give to anyone looking to get into InfoSec?
InfoSec, or information security, is a field that requires balance to avoid
45 min