Jorge Orchilles

Jorge Orchilles has been involved in Information Technology since 2001. He is the Chief Technology Officer of SCYTHE and co-creator of the C2 Matrix project and author of the Purple Team Exercise Framework. He is a SANS Certified Instructor and co-author of SEC565: Red Team Operations and Adversary Emulation. He was a founding member of MITRE Engenuity Center of Threat-Informed Defense and is a Fellow at the Information Systems Security Association (ISSA) and National Security Institute. Prior to joining SCYTHE, Jorge led the offensive security team at Citi for over 10 years.

More About Jorge


Jorge developed a large interest in Information Security and was promoted to a Security Operations Center Analyst position in 2009. After a year of defending critical infrastructure for federal and commercial customers, he moved to an offensive analyst position with Citi in 2010, where he performed hundreds of application and infrastructure vulnerability assessments and penetration tests. His leadership gained him various promotions and opportunities to lead various teams within Citi's offensive information security team of over 140 ethical hackers including the Advanced Penetration Team (Red Team), the Responsible Vulnerability Disclosure program, and the Cloud Security program. After this esteemed tenure he joined SCYTHE where he serves as their Chief Technology Officer.

Jorge is very involved in the information security community, speaking at several events a year, and co-founded The C2 Matrix, an open resource for finding C2 frameworks for application. He's also served on the Board of Directors of the South Florida Chapter of the Information Systems Security Association (ISSA) since 2010, including 3 years as Chapter President. Jorge also served as an Advisory Board member for Intralinks (acquired by Synchronoss for $821 Million) as the Information Security Adviser. Jorge became a SANS Certified Instructor teaching various SANS courses since 2010 and has gone on to author SANS SEC565: Red Team Operations and Adversary Emulation.

He is a contributing author to A Framework for the Regulatory use of Penetration Testing in the Financial Services Industry published by the Global Financial Markets Association. He is also the author of Microsoft Windows 7 Administrator's Reference published by Syngress in 2010.

Jorge has a post-graduate degree in Advanced Computer Security from Stanford University, Master of Science in Management Information Systems from Florida International University, and a Bachelor of Business Administration in Management Information Systems from Florida International University.

Jorge holds various certifications from SANS GIAC, ISC(2), ISACA, EC-Council, Cisco, Microsoft, and CompTIA:

  • GIAC Exploit Researcher & Advanced Penetration Tester (GXPN)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • GIAC Penetration Tester (GPEN)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Certified Incident Handler (GCIH)
  • EC-Council Certified Ethical Hacker (C|EH)
  • Core Impact Certified Professional (CICP)
  • CompTIA Security+ 2008 Edition
  • Cisco Certified Design Associate (CCDA)
  • Cisco Security Solutions and Design Specialist (CSSDS)
  • Microsoft Certified Technology Specialist
    • 70-620 ? Microsoft Windows Vista: Configuring
  • Microsoft Certified Professional
    • 70-282 ? Designing, Deploying, and Managing Network Solutions
    • 70-284 ? Implementing and Managing Microsoft Exchange Server 2003
    • 70-228 ? Installing, Configuring, and Administering Microsoft SQL 2000

Jorge speaks English, Spanish, and Portuguese in decreasing order of fluency. He also loves to watch and play soccer.



What You Need to Know About the Windows DNS Vulnerability - CVE-2020-1350, July 2020

Managing & Showing Value during Red Team Engagements & Purple Team Exercises, July 2020

SANS CyberCast SANS@MIC - C2 Matrix, April 2020

Adversary Emulation and the C2 Matrix, February 2020


Purple is the New Red Teaming, SYN-ACK FIN-ACK

A Day in the Life of a Pentester

Simply Cyber Interview

Cyber Security Interviews


Vulnerability Management is Hard! How do you prioritize what to patch?

Ethical Hacking Definitions

Purple Team Exercise Tools

Reading for Hackers


Microsoft Windows 7 Administrator's Reference: Upgrading, Deploying, Managing, and Securing Windows 7


C2 Matrix

You can find Jorge's Youtube channel here.

Jorge's Contributions