Talk presented by Josmell Chavarri (Information Security Professional at Pyxis) & Edgar Salazar (Offensive Security Tech Lead at Pyxis) – at Open Tech 2025, held on Saturday, September 6, 2025.
In an increasingly hostile digital landscape, controlled cyberattack simulations allow defensive teams to practice, fail, and improve without putting real systems at risk.
This talk explored—from both offensive and defensive perspectives—how an attack is planned, executed, detected, and responded to, revealing early indicators, critical roles, and key opportunities to strengthen organizational resilience. Pyxis promotes this conversation and supports organizations seeking to mature their defensive capabilities through realistic, simulation-based practices.
Cybersecurity carries a truth that’s a little (or very) frightening:
Attackers train every day. Defenders… whenever they can.
That asymmetry explains why so many incidents manage to slip into corporate environments. Not always because of missing tools, but because of a much more human problem: lack of practice.
With that premise—and a good dose of their trademark humor—Josmell Chavarri and Edgar Salazar opened their talk at Open Tech 2025. Their message was clear:
“We don’t need to wait for a real attack to learn. We can simulate it. We can make mistakes without losing anything. We can rehearse before it hurts.”
And that kicked off a journey that blended offensive pedagogy, defensive insight, battlefield anecdotes, and a live technical demonstration that left the audience thinking, “Wow… this happens way more often than I thought.”
Today’s digital ecosystem is a silent jungle. It makes no noise… until it does.
Threats multiply, automate, and professionalize:
And the list grows every month.
Meanwhile, organizations do their best—installing patches, checking logs, responding to alerts—until an incident exposes a hard truth:
Theory isn’t enough. In security, whoever doesn’t train… loses.
That’s why attack simulation becomes a strategic tool. It allows teams to:
As Edgar put it:
“We can have the best firewall on the planet… and still, the first real incident will catch us with wires crossed if no one knows what to do.”
Attack to Learn, Defend to Survive**
One of the strongest components of the talk was the interplay between the offensive (Red Team) and defensive (Blue Team) perspectives.
Far from being separate worlds, they were presented as two complementary sides of the same coin.
Josmell began by explaining how a modern attack is structured. No Hollywood theatrics—the real thing is far more methodical.
An attacker typically:
All following well-known frameworks like the Cyber Kill Chain or the MITRE ATT&CK matrix.
And the key insight:
This knowledge isn’t “just for hackers.” Understanding it is essential for any defensive team that wants to anticipate threats.
As Josmell joked:
“If you want to defend your house, at least know where the thieves come in.”
From the defensive trenches, Edgar explained how an attack—any attack—leaves traces.
Even skilled attackers make noise.
Problems arise when no one is looking, correlating, or understanding what they’re seeing.
Suspicious signs include:
Small signals… but enough to prevent a disaster if detected early.
Defense, Edgar said, is a game of being “semi-paranoid without fully collapsing.”
A highlight of the talk was the overview of real criminal groups currently affecting organizations worldwide.
Akira
Kinsing
What do these groups have in common?
As Josmell put it:
“They’re not geniuses. They’re efficient. And if we don’t train, they win by walkover.”
Where Offense and Defense Work Together**
This is where the Purple Team comes into play.
Not a mythical “hybrid expert,” but a collaborative practice where offensive and defensive teams work side by side.
They described it simply:
Edgar summed it up beautifully:
“We don’t need a unicorn that does everything. We need teams that speak the same language.”
The room was calm.
Until Caldera, the simulation tool, took the stage.
In just a few minutes:
All signals that—when correlated—told the story of a full attack.
Meanwhile, Wazuh lit up with alerts that, when interpreted correctly, allowed immediate response.
More than one person in the audience wondered:
“How many times has something like this happened in my infrastructure… and no one noticed?”
By this point, the conclusion was inevitable:
You can’t defend what you never train.
Simulations allow teams to:
They are a gym for defensive teams.
Or, in Josmell’s words:
“Attackers practice daily. We should at least practice a little.”
In the coming years, attacks will become:
And yet the talk closed on a hopeful message:
Defenses can evolve too.
With the right tools, collaboration, ongoing simulations, and strategic focus, organizations can become significantly more resilient.
The talk ended with a phrase that captured the spirit of the day:
Simulating isn’t playing. Simulating is preparing. And preparing is the best defense we have.
With a 360° potential, our solutions matrix accompanies the lifecycle of any project, with skills and experience in Development, Design, Q&A, Devops, Operation & Deploy, and Architecture
We are here to help you!
You can leave us your query or recommendation through this form.
I accept the terms & conditions and I understand that my data will be hold securely in accordance with the privacy policy.