Villages, Unicorns, & the Not-So-Mythical Purple Team with SCYTHE’s Bryson Bort episode artwork

EPISODE · Nov 3, 2022 · 59 MIN

Villages, Unicorns, & the Not-So-Mythical Purple Team with SCYTHE’s Bryson Bort

from Hacker Valley Blue · host Hacker Valley Media

Bryson Bort, CEO and Founder of SCYTHE, dons his unicorn getup and joins the pod this week to talk about purple teaming and building businesses with community in mind. After founding GRIMM, his first company, Bryson wanted to carve a path of purple team innovation in cyber and created SCYTHE to do just that. Along the way, Bryson saw a need to further engage the cyber community in education and accessibility, and co-founded the ICS Village to encourage training opportunities and bridge industry skill gaps.   Timecoded Guide: [00:00] Transitioning from army intelligence into founding GRIMM & SCYTHE [11:38] Education, certifications, & training efforts with GRIMM & ICS Village [23:53] Data driven security efforts vs compliance checklists  [32:32] Combining Plex Trac with SCYTHE & MITRE ATT&CK [41:34] OT vs IT environments & the key to understanding risks for both [50:50] Cooking up community philanthropy as the Unicorn Chef   Sponsor Links: Thank you to our friends at Axonius and PlexTrac for sponsoring this episode! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask adaptive athlete Amy Bream. Want to learn more about how Amy controls complexity? Watch her video at axonius.com/amy  PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley    How was the transition from Army intelligence into the world of commercial cybersecurity?  Before attending West Point, Bryson had his own cybersecurity experience hacking small devices like calculators as a curious kid. He credits this early curiosity as a foundational knowledge that led him not only to a career in intelligence, but later becoming a founder of cybersecurity companies. Transitioning away from working for the government allowed Bryson to achieve a level of freedom with consulting opportunities that he previous didn’t have. “From a discipline side, it's a unique experience. I couldn't get it anywhere else. That being said, working with government is working with government. I had fun with the missions, but it was time to go. I wanted to do cyber more on my own terms, which is why I founded GRIMM.”   GRIMM and other projects you’ve worked on seem to see staff training as a priority. Why is that? As skills gaps widen and employee shortages continue, Bryson explains that companies that don’t provide training opportunities for staff stand out as major barriers to entry in cyber. Bryson’s previous company, GRIMM, and his current one, SCYTHE, both offer mentorship and training opportunities for team members. Expecting to hire someone with all the skills is unrealistic, Bryson explains, and training is necessary for security to manage threats. “There's more work and need than there are people, which means we need to invest in folks. Most jobs really don't come through cold calls or the web. Most jobs come through relationships. If you know somebody who's interested, help them get into your company.”   Why is that “blue team vs red team” mindset so hard for security practitioners to break out of?  Bryson explains that the error of security practitioners’ ways lies in not seeing security as process improvement. Unfortunately, cybersecurity is still overrun by egotistical employees, relying on whiteness or masculinity to inflate their intelligence and self importance. This only succeeds in creating tension-filled environments where there is no comprehensive assurance of security. Blue teams end up overwhelmed and red teams end up frustrated. “We don't need the pen tester or the red team to just win. Sure, that feels good, but that's not the point. We cannot be ego driven, we can't be win driven, and we can't continue to just create work that we're throwing on top of people when they already have a day job.”   How do we get more companies to embrace the “purple team” mindset as more than a buzzword? Sometimes, companies misunderstand the purpose of creating a purple team and force the blue and red teams into the same working space instead of having them work together. Bryson explains that business buy in and leadership focus are essential to the success of any purple team. If the business doesn't want to buy into creating that workflow and leadership doesn’t care about creating a real purple team, nothing good will come of the situation. “The starting point to any purple team is leadership. If leadership doesn't care, don't bother. At the end of the day, if business doesn’t buy in, it's not going to happen. The purple team process can build that momentum once you've got that, but you can't do it without that buy in.” --------------- Links: Keep up with our guest Bryson Bort on Twitter and LinkedIn Learn more about SCYTHE on LinkedIn and the SCYTHE website Thank you to our friends at Axonius and Plex Trac for sponsoring this episode! Connect with Davin Jackson on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Hear more from Hacker Valley Media and Hacker Valley Blue

Bryson Bort, CEO and Founder of SCYTHE, dons his unicorn getup and joins the pod this week to talk about purple teaming and building businesses with community in mind. After founding GRIMM, his first company, Bryson wanted to carve a path of purple team innovation in cyber and created SCYTHE to do just that. Along the way, Bryson saw a need to further engage the cyber community in education and accessibility, and co-founded the ICS Village to encourage training opportunities and bridge industry skill gaps.   Timecoded Guide: [00:00] Transitioning from army intelligence into founding GRIMM & SCYTHE [11:38] Education, certifications, & training efforts with GRIMM & ICS Village [23:53] Data driven security efforts vs compliance checklists  [32:32] Combining Plex Trac with SCYTHE & MITRE ATT&CK [41:34] OT vs IT environments & the key to understanding risks for both [50:50] Cooking up community philanthropy as the Unicorn Chef   Sponsor Links: Thank you to our friends at Axonius and PlexTrac for sponsoring this episode! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask adaptive athlete Amy Bream. Want to learn more about how Amy controls complexity? Watch her video at axonius.com/amy  PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley    How was the transition from Army intelligence into the world of commercial cybersecurity?  Before attending West Point, Bryson had his own cybersecurity experience hacking small devices like calculators as a curious kid. He credits this early curiosity as a foundational knowledge that led him not only to a career in intelligence, but later becoming a founder of cybersecurity companies. Transitioning away from working for the government allowed Bryson to achieve a level of freedom with consulting opportunities that he previous didn’t have. “From a discipline side, it's a unique experience. I couldn't get it anywhere else. That being said, working with government is working with government. I had fun with the missions, but it was time to go. I wanted to do cyber more on my own terms, which is why I founded GRIMM.”   GRIMM and other projects you’ve worked on seem to see staff training as a priority. Why is that? As skills gaps widen and employee shortages continue, Bryson explains that companies that don’t provide training opportunities for staff stand out as major barriers to entry in cyber. Bryson’s previous company, GRIMM, and his current one, SCYTHE, both offer mentorship and training opportunities for team members. Expecting to hire someone with all the skills is unrealistic, Bryson explains, and training is necessary for security to manage threats. “There's more work and need than there are people, which means we need to invest in folks. Most jobs really don't come through cold calls or the web. Most jobs come through relationships. If you know somebody who's interested, help them get into your company.”   Why is that “blue team vs red team” mindset so hard for security practitioners to break out of?  Bryson explains that the error of security practitioners’ ways lies in not seeing security as process improvement. Unfortunately, cybersecurity is still overrun by egotistical employees, relying on whiteness or masculinity to inflate their intelligence and self importance. This only succeeds in creating tension-filled environments where there is no comprehensive assurance of security. Blue teams end up overwhelmed and red teams end up frustrated. “We don't need the pen tester or the red team to just win. Sure, that feels good, but that's not the point. We cannot be ego driven, we can't be win driven, and we can't continue to just create work that we're throwing on top of people when they already have a day job.”   How do we get more companies to embrace the “purple team” mindset as more than a buzzword? Sometimes, companies

NOW PLAYING

Villages, Unicorns, & the Not-So-Mythical Purple Team with SCYTHE’s Bryson Bort

0:00 59:53

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

2 Old Ladies Walking Rozee 2 Old Ladies Walking features the journeys, insights, and light conversation between Liz and Rosie, two women of a certain age who live in the Hudson Valley of New York. From pelvic floor challenges and life with young adult children to food, bird calls, fear of “mad lamb” disease, and myriad topics in between, we cover it all while walking on the scenic trails of the northeast, or wherever our travels take us. Join us and have a listen! You Bet Your Garden Lehigh Valley Public Media “You Bet Your Garden” touted as an hour of “chemical-free horticultural hijinks,” is a weekly, nationally syndicated broadcast hosted by Mike McGrath. It is produced in the studios of PBS39 in Bethlehem, PA. This weekly call-in program offers ‘fiercely organic’ advice to gardeners far and wide. Blue Light News Archive Blue Light News is an innovative new Internet radio show devoted to covering the news of Unicoi County in a unique and interesting way. Celebration of Life Church Bozeman COLC It is our desire at Celebration of Life Church to reach into Bozeman and the entire Gallatin Valley with the Gospel of Jesus Christ and impact it for the Kingdom of God; to go beyond the four walls of the church and touch people in our community with the love of God; and to share the goodness of God in such a way that it will draw all men into a loving relationship with the One True Living God. We also desire to train up in the Word of God and encourage them to take the Gospel message to our community through various outreaches and evangelism. Enjoy our podcast and feel free to visit us.

Frequently Asked Questions

How long is this episode of Hacker Valley Blue?

This episode is 59 minutes long.

When was this Hacker Valley Blue episode published?

This episode was published on November 3, 2022.

What is this episode about?

Bryson Bort, CEO and Founder of SCYTHE, dons his unicorn getup and joins the pod this week to talk about purple teaming and building businesses with community in mind. After founding GRIMM, his first company, Bryson wanted to carve a path of purple...

Can I download this Hacker Valley Blue episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!