Learn real-world cyber security skills directly from top industry experts during SANS Live Training events. Explore options.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Practical tips to build a successful purple team

  • Wednesday, August 14, 2019 at 10:30 AM EDT (2019-08-14 14:30:00 UTC)
  • Erik Van Buggenhout

You can now attend the webcast using your mobile device!



The Purple Team Summit will bring together leading security practitioners to explore practical uses of threat emulation tactics, detection capabilities, and security controls. Experts will draw upon their own experiences and share current purple team concepts that you can implement within your own security program.

Purple Team is a hot topic! Many organizations (small to large) are attempting to implement purple team techniques to improve their overall cyber security posture. But what is purple teaming? How can we concretely start doing it? Amongst others, we will try to respond to the following questions:

  • How does purple team compare to red team?
  • How can we improve the "red-blue" feedback loop?
  • What tools are available that can support our purple team efforts?
  • How can we leverage MITRE ATT&CK?
  • What profiles do I need to perform purple teaming?
  • What are some key metrics and KPI's for your purple team efforts? (or: how to gain management support?)

Speaker Bio

Erik Van Buggenhout

Erik Van Buggenhout is the lead author of SEC599 - Defeating Advanced Adversaries and SEC699 - Purple Team Tactics. In addition to SEC599 and SEC699, Erik teaches SEC560 - Network Penetration Testing & Ethical Hacking and SEC542 - Web Application Penetration Testing & Ethical Hacking. In addition to his work with SANS, Erik is the co-founder of Belgian cyber security firm NVISO. Together with his team of 70+ technical experts, Erik delivers a wide array of technical security services, including penetration testing, security monitoring & incident response.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.