Jorge Orchilles

Jorge Orchilles has been involved in Information Technology since 2001. He began his career as a network and system administrator for a small private high school. Realizing his passion for IT, he founded The Business Strategy Partners in 2002 providing consulting services to residential, small, and medium businesses. While gaining work experience, he was a very involved, full-time student in Florida International University (FIU). He founded the FIU MIS Club and was later contracted to work on the University's Active Directory Migration Project. After successful and on time completion of the project, he was employed by Terremark in 2007, a datacenter and cloud service provider acquired by Verizon. Jorge helped build and secure Terremark's Infrastructure as a Service (IaaS) solution first called Collocation 2.0 and then "The Enterprise Cloud" in 2008.

More About Jorge


Jorge developed a large interest in Information Security and was promoted to a Security Operations Center Analyst position in 2009. After a year of defending critical infrastructure for federal and commercial customers, he moved to an offensive analyst position with Citi in 2010, where he performed hundreds of application and infrastructure vulnerability assessments and penetration tests. His leadership gained him various promotions and opportunities to lead various teams within Citi's offensive information security team of over 140 ethical hackers including the Advanced Penetration Team (Red Team), the Responsible Vulnerability Disclosure program, and the Cloud Security program. After this esteemed tenure he joined SCYTHE where he serves as their Chief Technology Officer.

Jorge is very involved in the information security community, speaking at several events a year, and co-founded The C2 Matrix, an open resource for finding C2 frameworks for application. He's also served on the Board of Directors of the South Florida Chapter of the Information Systems Security Association (ISSA) since 2010, including 3 years as Chapter President. Jorge also served as an Advisory Board member for Intralinks (acquired by Synchronoss for $821 Million) as the Information Security Adviser. Jorge became a SANS Certified Instructor teaching various SANS courses since 2010 and has gone on to author SANS SEC564: Red Team Exercises and Adversary Emulation.

He is a contributing author to A Framework for the Regulatory use of Penetration Testing in the Financial Services Industry published by the Global Financial Markets Association. He is also the author of Microsoft Windows 7 Administrator's Reference published by Syngress in 2010.

Jorge has a post-graduate degree in Advanced Computer Security from Stanford University, Master of Science in Management Information Systems from Florida International University, and a Bachelor of Business Administration in Management Information Systems from Florida International University.

Jorge holds various certifications from SANS GIAC, ISC(2), ISACA, EC-Council, Cisco, Microsoft, and CompTIA:

  • GIAC Exploit Researcher & Advanced Penetration Tester (GXPN)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • GIAC Penetration Tester (GPEN)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Certified Incident Handler (GCIH)
  • EC-Council Certified Ethical Hacker (C|EH)
  • Core Impact Certified Professional (CICP)
  • CompTIA Security+ 2008 Edition
  • Cisco Certified Design Associate (CCDA)
  • Cisco Security Solutions and Design Specialist (CSSDS)
  • Microsoft Certified Technology Specialist
    • 70-620 ? Microsoft Windows Vista: Configuring
  • Microsoft Certified Professional
    • 70-282 ? Designing, Deploying, and Managing Network Solutions
    • 70-284 ? Implementing and Managing Microsoft Exchange Server 2003
    • 70-228 ? Installing, Configuring, and Administering Microsoft SQL 2000

Jorge speaks English, Spanish, and Portuguese in decreasing order of fluency. He also loves to watch and play soccer.



What You Need to Know About the Windows DNS Vulnerability - CVE-2020-1350, July 2020

Managing & Showing Value during Red Team Engagements & Purple Team Exercises, July 2020

SANS CyberCast SANS@MIC - C2 Matrix, April 2020

Adversary Emulation and the C2 Matrix, February 2020


Purple is the New Red Teaming, SYN-ACK FIN-ACK

A Day in the Life of a Pentester

Simply Cyber Interview

Cyber Security Interviews


Vulnerability Management is Hard! How do you prioritize what to patch?

Ethical Hacking Definitions

Purple Team Exercise Tools

Reading for Hackers


Microsoft Windows 7 Administrator's Reference: Upgrading, Deploying, Managing, and Securing Windows 7


C2 Matrix

You can find Jorge's Youtube channel here.