Join us for in-depth talks, exclusive networking, and world-class training at Security Awareness Summit Dec 1-4!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Purple Team: How to Achieve Threat Informed Defense

  • Friday, June 05, 2020 at 1:00 PM EDT (2020-06-05 17:00:00 UTC)
  • Chris Kennedy, Ben Opel, Alissa Torres


  • AttackIQ

You can now attend the webcast using your mobile device!



Divided red and blue teams are a thing of the past. The purple team construct, in which red and blue teams form a joint operation to create a continuous feedback loop, is essential to an effective threat-informed defense strategy.

Most security teams recognize this imperative, but still have questions. Just what is required to kick off a purple team program? And what are milestones on the roadmap for purple team maturation?

Join us for a discussion on the critical elements in successful implementation of purple team in a modern security program. This is a great opportunity to evaluate your current program's progress with our Purple Team Best Practice checklist.

Speaker Bios

Chris Kennedy

Chris is the CISO and VP, Customer Success at AttackIQ. He is an impassioned security executive that has a proven track record in building and delivering enterprise security programs for some of the most important critical infrastructure organizations in the world. As a military officer, Chris led the initial development of the US Marine Corps’ global incident response organization, held various roles in defense contracting including delivering the US Department of Treasury’s Cybersecurity Operations program, driving cyber security, and products and services. He most recently helped Bridgewater Associates, the largest hedge fund in the world, secure their enterprise.

Ben Opel

Ben Opel is an experienced cyberspace operations leader with a proven track record in building high-performing teams and pushing the limits of cyber defense procedure and practice for some of the world's most critical and specialized organizations covering the full scope of network operations and infrastructure technologies. As one of the first US Marine Corps Cyberspace Operations Officers, Ben spearheaded the initial development of the US Marine Corps core cyberspace defense doctrine, held founding roles in US national and special operations cyberspace defense organizations, drove organizational and technical modernization, and laid the groundwork for the Marine Corps' formal Operations in the Information Environment.

Alissa Torres

Alissa Torres is a SANS analyst and certified SANS instructor specializing in advanced computer forensics and incident response (IR). She has extensive experience in information security in the government, academic and corporate environments. Alissa has served as an incident handler and as a digital forensic investigator on an internal security team. She has taught at the Defense Cyber Investigations Training Academy (DCITA), delivering IR and network basics to security professionals entering the forensics community. A GIAC Certified Forensic Analyst (GCFA), Alissa holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+ certifications.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.