homepage
Menu
Open menu

Jorge Orchilles

Jorge Orchilles is a leader in cybersecurity and currently serves as a Senior Director at Verizon, where he leads the Readiness and Proactive Security Team. His team specializes in Exposure & Vulnerability Management, Penetration Testing, Red Team, Purple Team, and AI Red Team. 

He is the author of the Purple Team Exercise Framework and creator of the C2 Matrix project. Before joining Verizon, he spent three years as the CTO at SCYTHE and led Citi's offensive security team for over a decade. Jorge is a SANS Principal Instructor, Purple Team Ambassador, and the co-author of SEC565: Red Team Operations and Adversary Emulation™. He actively contributes to a number of projects including MITRE ATLAS, MITRE ATT&CK, Atomic Red Team, and  CVSS. He also authored Microsoft Windows 7 Administrator’s Reference

More About Jorge

Specialties

  • Offensive Operations, Pen Testing, and Red Teaming
Headshot of Jorge Orchilles

Profile

Jorge Orchilles has been immersed in Information Technology (IT) and cybersecurity since 2001. His journey began as a network and system administrator for a small private high school. Recognizing his passion for IT, he founded The Business Strategy Partners in 2002, providing consulting services to residential, small, and medium-sized businesses.

While gaining hands-on experience, Jorge was a full-time student at Florida International University (FIU), where he founded the FIU MIS Club and was later contracted to work on the university’s Active Directory Migration Project. After successfully delivering the project on time, he joined Terremark (a datacenter and cloud services provider later acquired by Verizon) in 2007. There, he played a key role in building and securing Terremark’s Infrastructure as a Service (IaaS) solution, initially called Collocation 2.0, later rebranded as "The Enterprise Cloud" in 2008.

Jorge’s deepening interest in cybersecurity led to his promotion to Security Operations Center (SOC) Analyst in 2009, where he defended critical infrastructure for federal and commercial customers including but not limited to the White House, DOT, VA, GSA, Visa, and Burger King. In 2010, he transitioned to an offensive security role at Citigroup, where he conducted hundreds of application and infrastructure vulnerability assessments and penetration tests. Over the years, his leadership earned him multiple promotions, allowing him to lead various teams within an offensive security unit of over 140 ethical hackers. His leadership roles included managing the Vulnerability Assessment team, Penetration Testing team, creating one of the first internal Red Teams in the Financial Industry, one of the first Purple Teams, building the Coordinated Vulnerability Disclosure program, and Cloud Security program.

Jorge actively contributes to the cybersecurity industry, authoring and co-authoring influential publications, including:

  • The C2 Matrix
  • The Purple Team Exercise Framework
  • A Framework for the Regulatory Use of Penetration Testing in the Financial Services Industry (published by the Global Financial Markets Association)
  • Common Vulnerability Scoring System (CVSS) v3.1 (published by FIRST.org)
  • Contributing to MITRE ATLAS, MITRE ATT&CK, and Atomic Red Team
  • Microsoft Windows 7 Administrator’s Reference (published by Syngress in 2010)

Beyond his written contributions, Jorge is an ISSA Fellow and served on the Board of Directors for the South Florida Chapter of the Information Systems Security Association (ISSA) since 2010, including three years as Chapter President. He also provided strategic security insights as an Advisory Board Member for Intralinks, a company later acquired by Synchronoss for $821 million.

As a SANS Certified Instructor since 2010 and Principal Instructor since 2022, Jorge has taught numerous SANS cybersecurity courses, helping shape the next generation of security professionals.

Jorge holds advanced degrees and certifications from top institutions, including:

  • Advanced Computer Security – Stanford University
  • Master of Science in Management Information Systems – Florida International University
  • Bachelor of Business Administration in Management Information Systems – Florida International University
  • GIAC Exploit Researcher & Advanced Penetration Tester (GXPN)
  • GIAC Defending Advanced Threats (GDAT)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • GIAC Penetration Tester (GPEN)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Certified Incident Handler (GCIH)
  • EC-Council Certified Ethical Hacker (C|EH)
  • Core Impact Certified Professional (CICP)
  • CompTIA Security+ 2008 Edition
  • Cisco Certified Design Associate (CCDA)
  • Cisco Security Solutions and Design Specialist (CSSDS)
  • Microsoft Certified Technology Specialist
    • 70-620 – Microsoft Windows Vista: Configuring
  • Microsoft Certified Professional
    • 70-282 – Designing, Deploying, and Managing Network Solutions
    • 70-284 – Implementing and Managing Microsoft Exchange Server 2003
    • 70-228 – Installing, Configuring, and Administering Microsoft SQL 2000

Additional Contributions By Jorge Orchilles:

Webcasts

What You Need to Know About the Windows DNS Vulnerability - CVE-2020-1350, July 2020

Managing & Showing Value during Red Team Engagements & Purple Team Exercises, July 2020

SANS CyberCast SANS@MIC - C2 Matrix, April 2020

Adversary Emulation and the C2 Matrix, February 2020

Podcasts

Purple is the New Red Teaming, SYN-ACK FIN-ACK

A Day in the Life of a Pentester

Simply Cyber Interview

Cyber Security Interviews

Publications

Vulnerability Management is Hard! How do you prioritize what to patch?

Ethical Hacking Definitions

Purple Team Exercise Tools

Reading for Hackers

Books

Microsoft Windows 7 Administrator's Reference: Upgrading, Deploying, Managing, and Securing Windows 7

Tools & More

C2 Matrix

https://orchilles.com/

You can find Jorge's Youtube channel here.

Jorge's Contributions

Blog
Purple Teaming and Threat-Informed Detection Engineering
In the first two webcasts of this Purple Team series, we covered how to run your first Purple Team Exercise and how to Operationalize your Purple Team. You may have noticed that a common process in Purple Teaming is detection engineering. In this blog, we go into the items discussed in our third...
Jorge Orchilles
Principal Instructor
read more
Blog
Building an Internal Red Team? Go Purple First
If you are asked to build an internal red team program today, start with a Purple Team Exercise to foster collaboration across stakeholders early on.
Jorge Orchilles
Principal Instructor
read more
Blog
Cyber Kill Chain, MITRE ATT&CK, and Purple Team
Understanding how attacks work is critical for defense. It's a common theme in SANS Purple Team courses: offense informs defense and defense informs.
Jorge Orchilles
Principal Instructor
read more
Blog
Penetration Testing: The Shift to Red Team and Purple Team Strategies
Penetration Testing to Red Team is mentality. Red Team is "the practice of looking at a problem or situation from the perspective of an adversary".
Jorge Orchilles
Principal Instructor
read more
Blog
Microsoft SMBv3.11 Vulnerability and Patch CVE-2020–0796 Explained
Update 03/12/2020: Microsoft releases out of band patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 Summary SMBv3.11 has a buffer overflow vulnerability when compression is enabled (default value). Windows 10 and Server use SMBv3.11 and the service runs as...
Jorge Orchilles
Principal Instructor
read more