Threat-Informed Detection Engineering

  • Thursday, 12 May 2022 10:30AM EDT (12 May 2022 14:30 UTC)
  • Speakers: Jorge Orchilles, Chris Peacock, Adversary Emulation - Detection Engineer at SCYTHE

Have you conducted a purple team exercise that’s left you wanting greater detection coverage? Perhaps it’s to catch threat actors earlier in the attack. Maybe, it’s to cover more detection opportunities in case a threat changes some procedures. In any instance, detection engineering should be driven by intelligence to ensure coverage of real-world threats targeting your organization.

This webinar will cover the detection engineering process and how operationalized purple teaming drives it. Every environment is unique and needs custom detections tailored to the environment and its threats. Operationalized purple teaming shows us, with a certain degree of confidence, what it would look like if a threat were to attack. Purple team emulations allow Blue Teams and Detection Engineers to check log sources and develop detections around common questions like, “is it normal for the targeted process to behave this way in our environment?” Join us to learn more about threat-informed detection engineering and how it fits into Purple Teaming.

Chris Peacock

Chris is an Adversary Emulation - Detection Engineer at SCYTHE, specializing in Purple Team Exercises and Detection Engineering. His previous experience includes multiple roles such as Cyber Threat Intelligence Analyst, Cyber Threat Hunter, Tier 3 SOC Analyst, Incident Responder, Cyber Security Consultant, and Purple Team Lead. He previously worked at Raytheon Intelligence & Space as well as General Dynamics Ordnance and Tactical Systems. Additionally, he has experience in multiple industries, including Energy, Finance, Healthcare, Technology, and Defense. Current certifications include GCTI, GCFA, GCED, eJPT, and CSIS.



View the first in this webcast series: Running Your First Purple Team Exercise: Understand the Cyber Kill Chain, Cyber Threat Intelligence, Emulation, and Response

View the second in this webcast series: Operationalized Purple Teaming


Related Content