Authors: Natalia Ciapponi, Maristela Ames
DFRWS USA 2025 — “History in the Making” — Jubilee 25th Anniversary
Abstract
In a world of ever-evolving threats, organizations must think smarter, act faster, and collaborate better to stay ahead. This workshop dives into the power of purple teaming as a transformative approach to bolster security across diverse defense systems. Together, we’ll explore how offensive and defensive teams can unite to test real-world scenarios, uncover blind spots, and fine-tune detection and response mechanisms. Using actionable insights, practical frameworks, and real-world case studies, attendees will leave equipped to bridge the gap between theory and execution. Discover how purple teams can not only adapt to the latest threats but also anticipate them, ensuring you are always one step ahead of the adversary.
Biographies
 Natalia Ciapponi is a Threat Researcher and Purple Team Lead at Arctic Wolf, with over 15 years of experience in the software development industry and more than 8 years specializing in cybersecurity. She holds a Master’s degree in Computer Information Systems and currently leads adversary simulation initiatives focused on emulating real-world threat actors, including ransomware groups and APTs. Her work bridges offensive techniques with detection engineering, helping organizations assess and strengthen their security posture. Natalia has led her organization’s participation in MITRE ATT&CK Evaluations across both enterprise and MDR tracks and previously served as a technical lead for EDR detection content. She designs and executes tailored Purple Team exercises, translates threat intelligence into actionable testing scenarios, and collaborates closely with cross-functional teams to drive research and internal enablement. Outside of work, Natalia is a passionate trail runner, wife, and proud mom of a curious toddler. |
 Maristela Ames is a Security Researcher at Arctic Wolf with over 20 years of experience in computer science, including approximately 15 years focused on cybersecurity. Her areas of expertise include Threat Emulation, Threat Research, Purple Team exercises, Blue Team operations, and the MITRE ATT&CK framework. She actively researches threat actors and advanced persistent threats (APTs), emulating realistic attack scenarios to enhance security products and defensive capabilities. Maristela has participated in five MITRE Enterprise evaluations and one MITRE MDR evaluation, representing different security vendors as a threat hunter. This experience has provided her with specialized expertise in preparing teams for third-party evaluations by conducting Purple Team exercises that drive successful MITRE outcomes. Metrics-oriented, she gathers insights that support strategic decision-making to improve the organization’s cybersecurity posture, and she is recognized for her collaborative approach across multiple teams. Outside of work, she finds inspiration and balance through her passion for arts and music. |