Blue Team | From Exploit to Enterprise Risk: Scaling Purple Team Insights to Protect the Mission 🎙️ Anthony Switzer, Cybersecurity Executive, EY 📍 Presented at SANS Hack & Defend Summit 2025 Technical findings alone don't drive change-risk-informed insights do. In this talk, we'll explore how red and purple team activities can evolve from isolated exercises into enterprise-level enablers that directly inform mission resilience, operational risk decisions, and business prioritization. Drawing from field-proven engagements and large decentralized enterprises, we'll demonstrate how to transform adversary emulation results into structured, risk-aligned actions that matter to both SOC analysts and executive decision-makers. We'll walk through: - A real-world assumed breach scenario across hybrid cloud and identity systems - How purple teaming validated defensive assumptions and control effectiveness - Using AI to consolidate and prioritize vulnerabilities at scale - Mapping findings to enterprise risk frameworks--FISMA, NIST RMF, and Zero Trust - Driving remediation decisions based on mission impact, not just CVSS scores This session will show how aligning technical findings to business risk enables security teams to speak the language of the board, prioritize what matters, and sustain security improvements long after the red team engagement ends. Key Takeaways: - A proven method for scaling red/purple team outcomes into enterprise risk language - Strategies to quantify impact across cloud, endpoint, and identity surfaces - A blueprint for bridging tactical findings with executive decision-making - Lessons from large enterprise-scale engagements on operationalizing risk-driven defense Whether you're defending, attacking, or advising, this talk will arm you with the strategies to translate technical signal into mission-aligned security value.