Adversary Village

Andrew Costis

Senior Cyber Threat Consultant at AttackIQ

Andrew has 20+ years of industry experience, and recent roles include threat research, reverse engineering malware, tracking ransomware campaigns, incident response and discovering new malware campaigns. Andrew has been invited to give various talks at Black Hat, B-Sides, CyberRisk Alliance, SecurityWeekly, ITPro, BrightTalk, SC Magazine, VMware World and others.

Talk: Down The Rabbit Hole: 10 Lessons Learned from a Year in the Trenches
Adversary Simulation Adversary Story

Are you new to the world of Threat and Adversary Emulation, Breach and Attack Simulation and/or Purple Teaming? A little over a year ago, I was too, and so there I began my journey down the rabbit hole into this new, hot, and upcoming area of cybersecurity. One year later, upon reflection, I asked myself what advice I could share to my past self as well as other defenders out there. What are some of the major obstacles to overcome when trying to implement purple teaming? What factors are often overlooked when using breach and attack simulation? What assumptions are typically made about threat emulation? And what could you do differently to start demonstrating value quicker? In this presentation I will be sharing my top 10 lessons learned from the trenches, with the aim of helping you to prepare, plan and ponder my recommendations with your existing Breach and Attack Simulation and/or Purple Teaming project. Regardless of what tool, platform, or framework you use, whether you are technical or not, or if you are red, blue, or purple, this neutral presentation aims to provide some useful, practical advice and guidance in the hope that all attendees can benefit from.