Defenders must be constantly vigilant in their efforts to protect their organization's environment. Through practice, the defenders can be sharpened by red and purple team exercises. This presentation will explore some case studies where exercise improved the organization's security posture.
As the lead red team consultant and owner of 3L337 Consulting, LLC, Timothy builds purple team breach and attack emulations and leads scenario-based Red Team exercises. He works with highly skilled attack teams to breach organizations with the goal of helping the organization understand weaknesses in their security posture, as well as the impact that a determined, sophisticated adversary could make. Timothy holds dozens of certifications including GPEN, GWAPT, GXPN, GAWN, GPYC, and GWEB. He’s a frequent speaker at ISSA, ICBA and other forums and a member of the GIAC Advisory Board.
A SANS instructor since 2013, Timothy teaches SEC588: Cloud Penetration Testing and SEC542: Web App Penetration Testing and Ethical Hacking, of which he is a co-author. A mentor both in and out of the classroom, Timothy says "there's not much value in putting information in my head if I am not going to share it with those around me. Teaching opens the door to offering what I know to others."