Cybersecurity Videos
  • All Technology
  • AI
  • Autonomy
  • B2B Growth
  • Big Data
  • BioTech
  • ClimateTech
  • Consumer Tech
  • Crypto
  • Cybersecurity
  • DevOps
  • Digital Marketing
  • Ecommerce
  • EdTech
  • Enterprise
  • FinTech
  • GovTech
  • Hardware
  • HealthTech
  • HRTech
  • LegalTech
  • Nanotech
  • PropTech
  • Quantum
  • Robotics
  • SaaS
  • SpaceTech
AllNewsDealsSocialBlogsVideosPodcastsDigests

Cybersecurity Pulse

EMAIL DIGESTS

Daily

Every morning

Weekly

Sunday recap

NewsDealsSocialBlogsVideosPodcasts
CybersecurityVideosBlue Team | From Exploit to Risk: Scaling Purple Team Insights
EnterpriseCybersecurity

Blue Team | From Exploit to Risk: Scaling Purple Team Insights

•February 17, 2026
0
SANS Institute
SANS Institute•Feb 17, 2026

Why It Matters

By reframing exploits as business risks and focusing on root-cause remediation, organizations can improve executive buy-in, streamline audits, and ensure vulnerabilities are actually fixed rather than repeatedly reported. That alignment increases security effectiveness and reduces organizational risk exposure.

Summary

Anthony Switzer argues for “first-principle purple teaming,” a methodology that converts red-team and pentest findings into actionable business risk and mission impact. He stresses translating technical detections (e.g., Active Directory exploits, MITRE mappings) into language executives and auditors understand, and addressing root causes rather than surface fixes. The approach emphasizes building trust between offensive and defensive teams, prioritizing remediation, and preventing repeat findings that end up shelved. Switzer frames this as essential to making security assessments drive measurable business decisions and continuous improvement.

Original Description

Blue Team | From Exploit to Enterprise Risk: Scaling Purple Team Insights to Protect the Mission
🎙️ Anthony Switzer, Cybersecurity Executive, EY
📍 Presented at SANS Hack & Defend Summit 2025
Technical findings alone don't drive change-risk-informed insights do. In this talk, we'll explore how red and purple team activities can evolve from isolated exercises into enterprise-level enablers that directly inform mission resilience, operational risk decisions, and business prioritization.
Drawing from field-proven engagements and large decentralized enterprises, we'll demonstrate how to transform adversary emulation results into structured, risk-aligned actions that matter to both SOC analysts and executive decision-makers.
We'll walk through:
- A real-world assumed breach scenario across hybrid cloud and identity systems
- How purple teaming validated defensive assumptions and control effectiveness
- Using AI to consolidate and prioritize vulnerabilities at scale
- Mapping findings to enterprise risk frameworks--FISMA, NIST RMF, and Zero Trust
- Driving remediation decisions based on mission impact, not just CVSS scores
This session will show how aligning technical findings to business risk enables security teams to speak the language of the board, prioritize what matters, and sustain security improvements long after the red team engagement ends.
Key Takeaways:
- A proven method for scaling red/purple team outcomes into enterprise risk language
- Strategies to quantify impact across cloud, endpoint, and identity surfaces
- A blueprint for bridging tactical findings with executive decision-making
- Lessons from large enterprise-scale engagements on operationalizing risk-driven defense
Whether you're defending, attacking, or advising, this talk will arm you with the strategies to translate technical signal into mission-aligned security value.
0

Comments

Want to join the conversation?

Loading comments...