The Cyber5 Podcast

EP23: The Cyber5 – Using Automation for Stronger SOC Collaboration with Scythe CTO Jorge Orchilles

Episode 23 | September 10, 2020

Episode 23 | September 10, 2020

Episode 23 of the podcast covers automation for stronger cyber threat intelligence (CTI), red team, and blue team collaboration with Scythe CTO Jorge Orchilles.

Outline:

  • (01:25) Question 1) Explain the difference between attack simulation techniques and MITRE ATT&CK techniques and elaborate what is more useful for a blue team.
  • (03:04) Question 2) Is an attack simulation more useful to a blue team than threat intelligence?
  • (06:27) Question 3) In your opinion, should MITRE ATT&CK start incorporating red team techniques into their framework(s)? Why or why not?
  • (07:56) Question 4) What’s a role automation can play to better remediate between numerous stakeholders following a red team? What are some of the challenges with automating behavior as well as malicious adversary tools and TTPs? Is it difficult to automate specific cyber actors?
  • (16:53) Question 5) How can red teams and threat intelligence teams be combining their skillsets and efforts more efficiently?