Profile
Jorge developed a large interest in Information Security and was promoted to a Security Operations Center Analyst position in 2009. After a year of defending critical infrastructure for federal and commercial customers, he moved to an offensive analyst position with Citi in 2010, where he performed hundreds of application and infrastructure vulnerability assessments and penetration tests. His leadership gained him various promotions and opportunities to lead various teams within Citi's offensive information security team of over 140 ethical hackers including the Advanced Penetration Team (Red Team), the Responsible Vulnerability Disclosure program, and the Cloud Security program. After this esteemed tenure he joined SCYTHE where he serves as their Chief Technology Officer.
Jorge is very involved in the information security community, speaking at several events a year, and co-founded The C2 Matrix, an open resource for finding C2 frameworks for application. He's also served on the Board of Directors of the South Florida Chapter of the Information Systems Security Association (ISSA) since 2010, including 3 years as Chapter President. Jorge also served as an Advisory Board member for Intralinks (acquired by Synchronoss for $821 Million) as the Information Security Adviser. Jorge became a SANS Certified Instructor teaching various SANS courses since 2010 and has gone on to author SANS SEC565: Red Team Operations and Adversary Emulation.
He is a contributing author to A Framework for the Regulatory use of Penetration Testing in the Financial Services Industry published by the Global Financial Markets Association. He is also the author of Microsoft Windows 7 Administrator's Reference published by Syngress in 2010.
Jorge has a post-graduate degree in Advanced Computer Security from Stanford University, Master of Science in Management Information Systems from Florida International University, and a Bachelor of Business Administration in Management Information Systems from Florida International University. He is a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition.
Jorge holds various certifications from SANS GIAC, ISC(2), ISACA, EC-Council, Cisco, Microsoft, and CompTIA:
- GIAC Exploit Researcher & Advanced Penetration Tester (GXPN)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- GIAC Penetration Tester (GPEN)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Certified Incident Handler (GCIH)
- EC-Council Certified Ethical Hacker (C|EH)
- Core Impact Certified Professional (CICP)
- CompTIA Security+ 2008 Edition
- Cisco Certified Design Associate (CCDA)
- Cisco Security Solutions and Design Specialist (CSSDS)
- Microsoft Certified Technology Specialist
- 70-620 ? Microsoft Windows Vista: Configuring
- Microsoft Certified Professional
- 70-282 ? Designing, Deploying, and Managing Network Solutions
- 70-284 ? Implementing and Managing Microsoft Exchange Server 2003
- 70-228 ? Installing, Configuring, and Administering Microsoft SQL 2000
Jorge speaks English, Spanish, and Portuguese in decreasing order of fluency. He also loves to watch and play soccer.
ADDITIONAL CONTRIBUTIONS BY JORGE ORCHILLES:
WEBCASTS
What You Need to Know About the Windows DNS Vulnerability - CVE-2020-1350, July 2020
Managing & Showing Value during Red Team Engagements & Purple Team Exercises, July 2020
SANS CyberCast SANS@MIC - C2 Matrix, April 2020
Adversary Emulation and the C2 Matrix, February 2020
PODCASTS
Purple is the New Red Teaming, SYN-ACK FIN-ACK
A Day in the Life of a Pentester
PUBLICATIONS
Vulnerability Management is Hard! How do you prioritize what to patch?
BOOKS
TOOLS & MORE
You can find Jorge's Youtube channel here.