Sign up to save your podcasts
Or
Share Maril Vernon -- You Get What You Inspect, Not What You Expect
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Maril Vernon -- You Get What You Inspect, Not What You Expect
Maril Vernon is passionate about Purple teaming and joins Robert and Chris to discuss the intricacies of purple teaming in cybersecurity. She underscores the significance of fostering a collaborative environment between developers and the security team. Drawing from her experiences, Maril shares the challenge of development overlooking her remediation recommendations. She chose to engage directly with the developers, understanding their perspective and subsequently learning to frame her remediations in developer-centric language. This approach made her recommendations actionable and bridged the communication gap between the two teams.
Maril also looks into the future of purple teaming, envisioning a landscape dominated by automation and AI tools. While these tools will enhance the efficiency of certain tasks, she firmly believes that the human element, especially the creativity and intuition of red teamers, will remain irreplaceable. She envisions a future where dedicated purple teams might be replaced by a more holistic approach, or white teams, emphasizing collaboration across all departments.
Maril's powerful message on the essence of security: "You get what you inspect, not what you expect." She emphasizes the importance of proactive inspection and testing rather than relying on assumptions. And she re-states the centrality of cooperation between teams. Maril's insights serve as a reminder of the dynamic nature of cybersecurity and the need for continuous adaptation and collaboration.
Helpful Links:
- Follow Maril: @shewhohacks
- Purple Team Exercise Framework: https://github.com/scythe-io/purple-team-exercise-framework
- Scythe: https://scythe.io/
- MITRE ATT&CK Framework: https://attack.mitre.org/
- MITRE ATT&CK Navigator: https://github.com/mitre-attack/attack-navigator
- AttackIQ: https://www.attackiq.com/
- SafeBreach: https://www.safebreach.com/
- PlexTrac - https://plextrac.com/
- Atomic Red Team: https://atomicredteam.io/
Book Recommendations:
- Security+ All-in-One Exam Prep: https://www.mheducation.com/highered/product/comptia-security-all-one-exam-guide-sixth-edition-exam-sy0-601-conklin-white/9781260464009.html
- The Pentester BluePrint - https://www.wiley.com/en-us/The+Pentester+BluePrint:+Starting+a+Career+as+an+Ethical+Hacker-p-9781119684305
- The First 90 Days - https://hbr.org/books/watkins
FOLLOW OUR SOCIAL MEDIA:
➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast
Thanks for Listening!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
View all episodes
By Chris Romeo and Robert Hurlbut
5
3636 ratings
Maril Vernon is passionate about Purple teaming and joins Robert and Chris to discuss the intricacies of purple teaming in cybersecurity. She underscores the significance of fostering a collaborative environment between developers and the security team. Drawing from her experiences, Maril shares the challenge of development overlooking her remediation recommendations. She chose to engage directly with the developers, understanding their perspective and subsequently learning to frame her remediations in developer-centric language. This approach made her recommendations actionable and bridged the communication gap between the two teams.
Maril also looks into the future of purple teaming, envisioning a landscape dominated by automation and AI tools. While these tools will enhance the efficiency of certain tasks, she firmly believes that the human element, especially the creativity and intuition of red teamers, will remain irreplaceable. She envisions a future where dedicated purple teams might be replaced by a more holistic approach, or white teams, emphasizing collaboration across all departments.
Maril's powerful message on the essence of security: "You get what you inspect, not what you expect." She emphasizes the importance of proactive inspection and testing rather than relying on assumptions. And she re-states the centrality of cooperation between teams. Maril's insights serve as a reminder of the dynamic nature of cybersecurity and the need for continuous adaptation and collaboration.
Helpful Links:
- Follow Maril: @shewhohacks
- Purple Team Exercise Framework: https://github.com/scythe-io/purple-team-exercise-framework
- Scythe: https://scythe.io/
- MITRE ATT&CK Framework: https://attack.mitre.org/
- MITRE ATT&CK Navigator: https://github.com/mitre-attack/attack-navigator
- AttackIQ: https://www.attackiq.com/
- SafeBreach: https://www.safebreach.com/
- PlexTrac - https://plextrac.com/
- Atomic Red Team: https://atomicredteam.io/
Book Recommendations:
- Security+ All-in-One Exam Prep: https://www.mheducation.com/highered/product/comptia-security-all-one-exam-guide-sixth-edition-exam-sy0-601-conklin-white/9781260464009.html
- The Pentester BluePrint - https://www.wiley.com/en-us/The+Pentester+BluePrint:+Starting+a+Career+as+an+Ethical+Hacker-p-9781119684305
- The First 90 Days - https://hbr.org/books/watkins
FOLLOW OUR SOCIAL MEDIA:
➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast
Thanks for Listening!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More shows like The Application Security Podcast
View all
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
626 Listeners
Smashing Security
312 Listeners
Darknet Diaries
7,879 Listeners
The Blindboy Podcast
1,764 Listeners
The Doctor's Kitchen Podcast
623 Listeners
CISO Series Podcast
189 Listeners
Defense in Depth
74 Listeners