SHOW NOTES

In episode 2 of the Threat Detection Report miniseries on SecOps Weekly security expert Jorge Orchilles join Red Canary’s Keith McCammon to discuss how security teams can effectively use the Threat Detection Report, for purple tam exercises and adversary emulation.

Jorge explains his team’s approach to operationalizing purple team activities, from reviewing threat intelligence and analyzing TTPs to testing procedures and documenting results. He emphasizes the importance of having a database to track what has been tested, using tools like Vector and Atomic Red Team, and focusing on collaborative rather than adversarial approaches.

The discussion covers practical frameworks like the Purple Team Exercise Framework, the value of industry-specific threat intelligence, and the importance of continuous testing alongside formal quarterly exercises. The conversation also addresses the cultural aspects of purple teaming, emphasizing that these exercises should be collaborative training rather than blame-focused activities, with teams working together like boxing partners preparing for real adversaries.

Timestamps:

• 00:00: Introduction
• 01:11: Welcome to SecOps Weekly!
• 02:10: How teams are using the report
• 05:17: Purple Team Exercise Framework (PTEF)
• 10:27 : Components of a purple team
• 24:54: Tools to help you get started