New to red teaming? Start here.

Red Teaming and ‘The Library of Babel’

Jorge Luis Borges’ short story “The Library of Babel” is not easy to forget. Once you’ve read it, the concept will stick in your brain and pop up at random times to trigger satisfyingly unresolvable and byzantine musings.
      I encourage you to read the story. In a nutshell, it involves an allegedly infinite library of all possible books, shelf upon shelf, stacked in endless hexagons. Most of the books appear to be utter nonsense. Scattered among the nonsense, however, are assumed to be a few of tremendous value. The librarians who inhabit the infinite library are free to spend their lives seeking meaning in the library. To experience a bit of the frustration and wonder one of these imaginary librarians might feel, take a moment to browse or even search the online Library of Babel.) This blog post, for example, was there before I started writing it. It’s actually a bit unsettling.1 Read on …

  1. You can search up to 3,200 characters, so technically I suppose we can verify that 3,200-character chunks of this blog post are there. []

American Icon

I’m very much looking forward to the next Red Teamer’s Book Club session on the 18th of this month. Our next book, American Icon by Bryce Hoffman, raises a host of issues—leadership, culture, information sharing—that directly affect red teaming. While the book certainly stands on its own, it also nicely complements our last book, Stanley McChrystal’s Team of Teams, and our April book, Jörg Muth’s Command Culture. Even if you don’t think you can finish the book in time, you’re still welcome to join the session. Register here. And remember, the author will be joining us.

A Belated Review of Stanley McChrystal’s Team of Teams

Every month since last November, I’ve hosted an afternoon session of The Red Teamer’s Book Club. Last month we discussed Team of Teams by General (Ret.) Stanley McChrystal with Tantum Collins, David Silverman, and Chris Fussell. As seems now to be typical, the conversation during the session ranged widely, sometimes addressing red teaming directly and other times branching into related topics. The overall reaction to the book was very positive. What follows is my review, although it was certainly informed by the book club discussion.
      Here’s my conclusion up front: I very much enjoyed the book; every red teamer should read it. I’ll tell you why in a moment, but first I’ll share my main reservation. Read on …

The Red Teamer’s Book Club, Rounds IV, V, and VI

We completed another successful session of The Red Teamer’s Book Club last Friday (Round III). Round IV is scheduled for Feb. 18, and we’ll be talking about Bryce Hoffman’s book American Icon: Alan Mulally and the Fight to Save Ford Motor Company. Bryce will be joining us, so it’s a great chance to dive into the book’s lessons.
      Round V is scheduled for March 24, and the book is Andreas Kluth’s Hannibal and Me: What History’s Greatest Military Strategist Can Teach Us About Success and Failure. If you want to really get ahead, Round VI (to be held in April) will feature the book Command Culture: Officer Education in the U.S. Army and the German Armed Forces, 1901-1940, and the Consequences for World War II by Jörg Muth.
      To register for a session, go to our WebEx Training Center page.

Hire the Right Red Team Leader

I recently saw a job announcement for a red team leader at a well-known and widely respected financial firm. The requirements for the position included a long list of technical skills and certifications. None of the requirements addressed the “softer” skillset that characterizes the superior red teamer: tactics and strategy, systems thinking and analysis, risk analysis, social engineering, and a well-grounded sense of time (where we’ve been and where we’re heading). I immediately wondered, “How much of what passes for red teaming in the cybersecurity world is technically proficient but operationally immature?” I suspect that the percentage is much higher than we’d care to admit.
      But until we recognize the problem, it’s unlikely that we’ll solve it. Here’s the problem … Read on …

‘Becoming Odysseus’ Red Teaming Course Dates

The next Becoming Odysseus course dates are March 15 and 22. These will be online sessions, and students can opt to take either day or both days. If you’re wondering if it’s worth your time and money, consider some recent feedback:

The Becoming Odysseus course is an eye-opener which genuinely applies to countless domains, from (business) intelligence, strategy, and planning to information security. Dr. Mateski is a great teacher who manages to convey complex ideas in simple terms. I highly recommend his training.

Register at our WebEx Training Center site.

The Red Teamer’s Book Club, Round IV

While Round III is still next week, we’re also very excited about Round IV. As was the case in Round I (Red Team by Micah Zenko), the book’s author will be joining us. This time around, it’s Bryce Hoffman, bestselling author of American Icon: Alan Mulally and the Fight to Save Ford Motor Company. We’ve often said that many of the best red teaming lessons come from non-traditional domains, and this is a prime example. Whether you’re a battle-scarred red teamer or a curious novice, you won’t want to miss this session. To register for either Round III or IV, head over to our WebEx Training Center site.

Growing Up a Red Teamer

The route I have taken as a red teamer has been a very interesting one. Last year, I attended a “Becoming Odysseus” course hosted by The Watermark Institute and Dr. Mark Mateski (founder of Red Team Journal). It’s highly recommended, and while our class of 12 varied, we all had a knack for alternative analyses. One of the most important discussion points I felt was the point by one of my classmates that “children make excellent red teamers.” Her point triggered a realization that I had been embedded in this mindset for much longer than a year, but actually since growing up. Many factors growing up helped cultivate my red team mindset: books, films, games, interactions, and cause-and-effect situations. While I cannot speak for others, I can speak for the path that led me to become dedicated to red teaming. Read on …

Top 10 2015 Red Team Journal Posts

It’s always fun to review the year’s most popular posts. While the “Laws of Red Teaming” remains our most popular page, the following list tabulates 2015’s top 10 posts:

  1. Red Teaming ‘Smartcard‘” by Garri Benjamin Hendell,
  2. 10 Red Teaming Lessons Learned over 20 Years” by Matt Devost,
  3. The Red Teamer’s Go-To Move #1: The Lifecycle Lens” by RTJ,
  4. Red Teaming Myth #1” by RTJ,
  5. The Red Teamer’s Go-To Move #4: Understand and Exploit Metrics” by RTJ,
  6. Red Teaming: Why We’re (Mostly) Getting It Wrong” by RTJ,
  7. From Wartime Sabotage to Modern Bureaucracy” by RTJ,
  8. The Superior Red Teamer’s Learning Checklist” by RTJ,
  9. Red Teams: How Understanding Small-Scale Terrorism Can Improve Cybersecurity Agility” by Neal Bridges, and
  10. Characterizing the Adversary or Competitor: Positive and Negative Space” by RTJ.