Trey Bilbrey: From Marine to Offensive Security

About The Guest: Trey Bilbrey is the Lead of SCYTHE Labs, specializing in Purple Team Exercises, Threat Emulation, Critical Infrastructure, and holistic cyber operations. Trey's 15+ years of industry experience has allowed him to become an excellent educator, defender of networks, and a cultivator of cybersecurity professionals. Prior to joining SCYTHE, Trey held positions at notable organizations such as Hack The Box (HTB Academy content Developer), The Army Corps of Engineers (ICS/SCADA Penetration Testing), and a veteran of the United States Marine Corps (Defensive and Offensive Cyber Operations). Summary: In this episode of the Phillip Wylie Show, Trey Bilbrey shares his unique journey into cybersecurity, highlighting the importance of foundational knowledge and diverse experiences. He discusses the transition from red teaming to purple teaming, emphasizing the benefits of collaboration and community in the field. Trey also offers valuable advice for newcomers, stressing the need to understand the ecosystem before diving into offensive security. The conversation concludes with a call to build connections within the cybersecurity community to enhance collective defense against threats. Key Takeaways: * **Start with a Strong IT Foundation**: Trey emphasizes the importance of gaining experience in IT roles, such as help desk or systems administration, to build a solid understanding before focusing on offensive security. * **Embrace Purple Teaming**: The integration of red and blue team methodologies can significantly enhance an organization's security posture through real-time collaboration and feedback. * **Community and Collaboration**: Building trust and sharing insights within and between organizations can raise security standards and prevent breach incidents through collective defense strategies. * **Navigating Career Waves**: Opportunities often arise unexpectedly; being open to change and ready to evolve is key to a successful career in cybersecurity. * **Value of Threat Informed Defense**: Understanding your infrastructure and potential threats is crucial for implementing effective security measures and focusing your resources where they matter most. Notable Quotes: 1. "It's okay to not know your path right now. Dive in, do something new\...it's going to make you better for it." 2. "If we could bring all of that stuff together, that's really what makes an awesome purple team engagement." 3. "Community—we're all in this together. These threats are working as teams, they're crews, they're all talking, they're all communicating. Why aren't we doing the same?" 4. "If you understand how the ecosystem works...it's going to make you so much better." 5. "We need to engage our local communities...we've got to talk. We got to work together." Resources: https://www.linkedin.com/in/georgebilbrey/ Chapters 00:00 Introduction and Hacker Origin Story 08:38 Exploring Different Areas of Cybersecurity 12:48 The Importance of Hands-On Experience 18:28 Transitioning to Purple Teaming 25:06 Planning and Executing Purple Team Operations 31:04 The Role of Cyber Threat Intelligence 37:41 Building Community and Collaboration