Talk Title: (re)Building a Blue Team (Chapter 4) – The Color Purple

Talk Abstract:

Co-Presented with Josh Ryder, In today's ever-changing cybersecurity landscape, collaboration emerges as an imperative. Dive into the intertwined journeys of the Red, Blue, and Purple teams at Meta, tracing our historical roots to reveal the distinct yet synergistic roles of each team. We candidly discuss our triumphs, spotlighting key Red Team Operations and our mirroring of real-world threat actors, while also addressing challenges like operational strain and unexpected repercussions.

We'll delve into the evolution of Meta's Purple Team, highlighting its pivotal role in bridging the collaboration gap between the Offensive Security Group and XDR. This synergistic approach enabled us to better address security challenges and fostered an environment of trust, partnership, and shared learning. Furthermore, we will spotlight initiatives such as TTPForge and ForgeArmory, emblematic of our commitment to enhancing the global cybersecurity discourse.

Concluding with a look at the future, we lay down our roadmap. From building security regression pipelines to understanding where we fit into various security frameworks like MITRE ATT&CK and OWASP Top Ten, we aim to further fortify our defenses and share our learnings. Join us as we narrate our story, shedding light on the importance of adaptability, collaboration, and evolution in the world of cybersecurity.