SANS OnDemand: Extended Access, Hands-On Labs, and SME Support


To attend this webcast, login to your SANS Account or create your Account.

The SANS Purple Team Curriculum - SEC599 and SEC699

  • Wednesday, December 11th, 2019 at 10:30 AM EST (15:30:00 UTC)
  • Erik Van Buggenhout
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


Purple is on the rise: An increasing number of organizations is realizing a purple team approach can offer increased added value over the traditional red vs blue dynamic. The SANS purple team curriculum now includes SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses and SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection. SANS also recently launched its very own Purple Team Summit, where many industry experts presented what's new in the world of purple teaming. But what does this all mean? Purple Teaming is set to grow in 2020!

Join us for an informative webcast on both courses, where author, Erik Van Buggenhout highlights the differences and intended audiences for both! He will explore and discuss each path and spend a great deal of time on the questions that will assist you, and your organization find the right course. Additionally, during this webcast Erik will dive into the content and labs of both Purple Team courses.

Speaker Bio

Erik Van Buggenhout

Erik Van Buggenhout is the lead author of SEC599 - Defeating Advanced Adversaries. In addition to SEC599, Erik teaches SEC560 - Network Penetration Testing & Ethical Hacking and SEC542 - Web Application Penetration Testing & Ethical Hacking. He has been involved with SANS since 2009, first as a Mentor, working his way to Community Instructor in 2012 and finally becoming a Certified Instructor in 2016.

Erik loves explaining deeply technical concepts by using war stories, adding a few funny anecdotes here and there. As a testimony of his technical expertise, he has obtained the GSE, GCIA, GNFA, GPEN, GWAPT, GCIH, and GSEC certifications.

In addition to his work with SANS, Erik is the co-founder of Belgian cyber security firm NVISO, which focuses on high-end cyber security services, specializing in government, defense and the financial sector. Together with his team of 20+ technical experts, Erik delivers a wide array of technical security services, including penetration testing, security monitoring & incident response.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.