2026-03-13 –, Breakout
Nearly a decade of CREST’s influence has pushed the adoption of threat-informed security and helped miking the concept of “kill-chain” popular. MITRE contributed to systematically organize and document attacks across the kill-chain for strategic planning and atomic simulations are the tool to validate controls.
Still, many organizations struggle to prioritize available threat intelligence and turn simulation outcomes into actions. This gap underscores the need for a better Purple Team. One that doesn’t just produce a report, but actually helps improve defenses.
Purple Teams should be a downplayed “glorified” Red Team where the SOC knows that something is about to happen, learns about the attack technique and tries to catch it live. That’s not the point, nor it is running a series of planned and “continuously repeated” atomic tests; a BAS tool will produce “continuously the same results”. Purple Teams take a broader, more collaborative path aiming to cover a wider range of threats and focusing on strategic efficiency, producing artefacts that can be reinjected into operations for long-term value.
Purple teaming is rapidly becoming the best approach to validate controls, measure cybersecurity resilience, and improve Security Operations. It is stepping up as go-to tool for Threat Informed and “continuous” as-sessments.
This talk will demystify Purple Teaming discussing how it should be, stripping away the commercial fluff that’s built up after years, and propose a model that actually makes sense in real-world offensive security while staying true to its original spirit: collaborative, threat-informed, and continuous testing.
Red is the New Blue is a provocative talk meant to spark critical thinking in the audience, helping them evalu-ate the real value of a Purple Team discerning from the noise introduced by vendors who rebranded basic atomic testing tools as full-blown, “continuous” solutions neatly integrated into SOAR platforms.
The talk highlights how important offensive security research (the red) is when it comes to enhancing security operations (the blue. The essence of attack simulations is about people and tools, not only tools; it’s hu-mans-still. Purple Teaming is here to stay, and the journey has only just begun!
Vito Rallo is Cyber security expert, visionary innovator, speaker, and Managing Director at Crimson7, with a long history in consulting and an experienced technical profile. Vito has been leading Redteam and pro-active delivery services within global organizations and is actively involved in research and cyber innovation.
Vito has worked for more than 25 years in technology, eighteen of which he's spent in the field of cybersecuri-ty with Financial, Industrial, and Utility sectors, and with a wide network of cybersecurity professionals. He has worked in both, offensive (pentest) proactive and reactive (incident response) security. He is a public event and keynote speaker; Vito is used to give talks at security conferences or roadshows.