S2E8: John D'Abruzzo

In this episode of Resilient Cyber, Chris Hughes talks with John D’Abruzzo about his extensive experience in offensive security, cloud security, and the rise of purple teaming. John shares insights into offensive security strategies, how to effectively implement purple teams, and the essential skills for anyone pursuing a career in penetration testing or red teaming. 💻

🔑 Key Highlights:

• The most common attacks and security gaps in cloud environments (like misconfigured S3 buckets)

• How credential leakage and over-permissioned access are leading causes of breaches

• Top skills needed to succeed in offensive security, including curiosity, deep systems knowledge, and software development

• Recommended resources and training platforms for those interested in offensive security and penetration testing

• How purple teaming bridges the gap between red and blue teams, creating a feedback loop for better security operations

• Using the MITRE ATT&CK framework to measure visibility gaps and develop a proactive security posture

• The value of real-time inspection and response for cyber resilience

John also shares tips on how to start or improve a purple team, including tools like Caldera and Vector for threat simulation and reporting.