Threat-Informed Defense and Purple Team Operations: Lessons from the Pentagon and U.S. Cyber Command

The cybersecurity community is evolving from a fortress mentality of “network defense” to a “threat-informed defense” approach to achieve cybersecurity effectiveness, with purple team operations at the center. Why is this happening and what does this transition mean? Over the last decade, the U.S. military has been at the forefront of the transition to threat- informed defense operations, first in the intelligence-operations bond that developed after September 11, 2001, and then in cybersecurity. Traditionally in cybersecurity, “blue” team defenders focused their strategies on meeting baseline cybersecurity best-practices: correcting misconfigurations, administering patches, and deploying commercial products.

Red teams have traditionally been smaller, and testing has occurred periodically and not at the requisite scale to validate the blue team’s defense effectiveness. If blue teams fail to orient towards the most important threats, however, resources are wasted. Absent effective testing, security controls fail.

To improve cybersecurity effectiveness, security teams are transitioning to a threat-informed defense strategy with the MITRE ATT&CK framework, a purple team construct of red and blue teams, and an automated testing platform combined into an engine of optimization.

In this talk, author and former Chief Strategy Officer for Cyber Policy Jonathan Reiber will outline the evolution of threat- informed defense, discuss the value of MITRE ATT&CK and purple team operations, and show security teams how to move forward towards cybersecurity effectiveness. Participants will leave with a clear plan for how to affect change in their organizations and deliver results.

Speakers

Jonathan Reiber
Senior Director, Cybersecurity Strategy and Policy
AttackIQ

Jonathan Reiber is a writer and security strategist based in Oakland, California. From serving in senior positions in the Department of Defense in Barack Obama’s administration to leading cybersecurity strategy for companies in Silicon Valley, his work focuses on building resilience to socio-political disruptions. He advises governments and organizations on the risks of digitization—from online extremism to influence operations to cybersecurity—and the political, policy, and technical solutions required to mitigate them.

A former Chief Strategy Officer for Cyber Policy in the Office of the Secretary of Defense, Jonathan has served as Special Assistant and Speechwriter to the United States’ Deputy Secretary of Defense, Dr. Ashton B. Carter, and previously as Special Assistant to the United States' Principal Deputy Under Secretary of Defense for Policy, Dr. James N. Miller. In both positions he focused his work on foreign and defense policy, strategy, Middle East and Asia-Pacific affairs, and cybersecurity. He campaigned full-time for Barack Obama in 2007-2008.

Prior to U.S. government service, he worked for the United Nations Peacekeeping Mission in Sudan, as a Research Manager at a geological intelligence firm, and as a political and communications advisor to the Episcopal Church. He is a graduate of Middlebury College, where he studied religion and creative writing, and The Fletcher School of Law and Diplomacy, where he studied International Security Policy and U.S. Diplomatic History and served as Editor-in-Chief of The Fletcher Forum of World Affairs.

Sponsor