Thanks for your interest in Purple Hats Conference! Although the conference is over, we are happy to share that all of the sessions have been migrated over to our YouTube channel. Check out sessions you may have missed, re-watch a favorite one, and send a colleague a link to content that you found particularly interesting! Be sure to subscribe to our channel for more exciting cybersecurity discussions.

Leveraging breach simulation tools are becoming a must when it comes to constant validation of what a companies defensive technologies can and cannot stop. Combining that with experienced red teamers bring it to the next level as complex and innovative attacker techniques, tactics, and procedures can be added to the arsenal already present in many BAS platforms before wide distribution. This enables companies in testing their security tool suite against new and emerging malware before the unlikely event an attacker gains access.

Quentin Rhoads-Herrera
Director of Professional Services

We are now living in the golden age of ransomware, with the wide availability of Ransomware as a Service and the shift to double extortion tactics from attackers. With the traditional threat of ransomware still front and center and the added threat of data for sale on underground marketplaces, how can security leaders best plan for the year ahead? In this discussion, we’ll review the latest threats from ransomware actors and how to stay safe.

  • Learn about the latest ransomware trends
  • Dissect discoveries from Cybereason's Nocturnus team
  • Become empowered to defend against ransomware
Maggie MacAlpine
Security Strategist, Office of the CSO

In this session, we’ll explore Collaborative penetration testing, which is also known as a purple team assessment. This test goes to the next level, where the attackers are working shoulder to shoulder (or in pandemic times such as now, leveraging collaborative tools to accomplish the same goal, but from remote locations) with the defenders.

Victor Wieczorek
Vice President, Application Security and Threat & Attack Simulation

As the SIEM is an aggregation point seeking to identify connections is seemingly disparate information, security experts, security partners and practitioner communities all contribute to better detection, response and management of security events. Let’s chat about community and partnerships, what is working and new opportunities.

Eric Burkholder
Senior Program Manager

Developing your digital business means developing new web and mobile applications, migrating to cloud, and evolving DevSecOps practices to accelerate time to market. Yet cyberattackers have aggressively been targeting your software supply chain, including open-source repositories, to use your software as a malware distribution platform. With today’s software more reliant on third-party and open-source software, your software development lifecycle (SDLC) demands more checks to validate the integrity of your build process to ensure customers trust your releases and fulfill software assurance requirements.

In this session, we’ll discuss:

  • How to secure your supply chain with rapid analysis, authoritative file intelligence, and increased threat visibility
  • How to integrate security monitoring and application lifecycle security into your SDLC
  • How to apply tools like YARA to retroactively scan for your risks across your release history
  • How ReversingLabs analysis and tactics exposed the origins and scope of the SunBurst attack
Chip Epps
Director, Product & Solution Marketing (CISSP)

CISOs, CIOs, and other IT/InfoSec decision-makers are regularly bombarded with innumerable data points, vulnerabilities, IoCs, and other pieces of “intelligence” that can often confuse priorities instead of making them clearer. While the difference between “information” and “intelligence” differs depending on who you ask, a unifying concept is that the purpose of intelligence is to inform decision-making and drive the “when’s” and “how’s” of operations. By processing BAS outcomes into novel visual graphs and analyzing the info within, we can find meaningful intelligence in large datasets, prioritize remediations, and drive true intelligence-based decision making.

This session focuses on continuous improvement of the Purple Team lifecycle as a key strategy for operationalizing the recent executive order on improving the Nations’ cybersecurity. Our panel of industry and government cybersecurity specialists will explore perspectives on zero trust and measuring control efficacy through the purple team lifecycle.

Darren House
Chief Cybersecurity Advisor
Jason Mueller
Director of Systems Engineering
Gerald J. Carron III
Chief Information Officer
Mark Emery
Managing Partner

Government agencies implement continuous monitoring as part of their regulatory compliance initiatives. Following guidelines such as NIST 800-37 to perform these activities, continuous monitoring helps organizations to gain “visibility into organizational assets, awareness of threats and vulnerabilities, and visibility into the effectiveness of deployed security controls.” According to MITRE, "Threat-informed defense applies a deep understanding of adversary tradecraft and technology to protect against, detect, and mitigate cyber-attacks.” This presentation discusses cyber threat-informed defense activities and how these can be incorporated into the continuous security monitoring process to protect corporate assets from advanced attacks and insider threats proactively.

Jeremy Martin
Senior Penetration Tester & Forensic Examiner

5 ways to enhance the precision and velocity of your security team by using automation, artificial intelligence and machine learning to defeat the attacks of tomorrow and prevent the mistakes of the past.

Dave Gold
VP, Business Strategy

Ready to get “schooled?” Come learn all about AttackIQ Academy, an educational hub featuring classes, hands-on labs, tailored learning paths and more to help you accelerate the practice of threat-informed defense in your organization. We’ll walk you through some Academy highlights, how best to interact with the hub, talk a bit about the importance of continuing your cybersecurity education, and get your feedback on what else you’d like to see.

Keith Wilson
Director, Cybersecurity Education

With AttackIQ Attack Graphs, anatomic testing of ML/AI-based security controls is now a real possibility. An intuitive interface with conditional and decision-tree workflows allows extremely complex adversarial techniques and procedures to be created by operators of all skill levels with ease. Discover the ins and outs of Attack Graphs in this session and find out how you can emulate complex, multi-stage adversary campaigns in your own organization.

Joe Yudenfreund
Director of Product