One week left to register: “Framing the Red Team Engagement” two-hour online mini-course.

In Memory of Dennis Hess Mateski (1942–2013)

Please forgive me for a rare personal post. When I was four or five, I remember asking my Dad to draw me a picture of a P-51. When I woke up the next morning, he had already left for work, but the P-51 was there on the table, finished and lightly colored. The world has certainly changed a lot since then, but I thought I’d try my hand at drawing a P-51 myself, this time on the computer. This P-51 is for you, Dad.

RTJ Mustang 02

Course: Framing the Red Team Engagement (Open)

Sometimes a bit of time spent up front can pay off handsomely later. It’s the old adage “A stitch in time saves nine,” and we believe it applies to red teaming. In our first two-hour course, “Framing the Red Team Engagement,” we introduce our high-level red teaming process model and address the challenge of incorporating your stakeholders’ problems, goals, and metrics in your design. Doing this before you set your red team loose can not only help aim your team in the right direction, it can also help you preserve analytic consistency and transparency throughout the engagement. In addition to discussing red teaming process, we add frames of reference, stakeholder modeling, and objectives trees to your red teaming toolkit. The course is designed for both beginning and experienced red teamers from all domains. To register, go to our WebEx Training Center page and find the course listed on 4 June. This first offering is limited to students in the United States and Canada. The cost per individual is $149.

Course Slide

Webinar: Strategic Red Teaming/ Scenario Planning (Closed)

Regular Red Team Journal readers are probably familiar with our consistent call for better strategic red teaming, and we figure it’s time for us to do something about it. We’ve scheduled a collaborative scenario planning webinar for June 30. We’ll introduce the basic concepts of scenario planning and then jump right into an exercise focused on the broad context of national security. We’re considering running several webinars on different topics and sharing the results on RTJ. (Sorry, but registration is now closed.)

Security Risk Infographic

We drafted this last year and then promptly forgot about it! It’s an infographic that introduces some risk concepts we believe red teamers should understand, and we think it nicely complements our earlier post on risk and red teaming. Click the image below to view the whole infographic.

RTJ Risk Infographic 600 Fade

Red Teaming Myth #4

It’s time for myth #4, and here it is: Red teaming is exclusively a security practice. Yes, red teaming flourishes in the security domain, but we sometimes forget that it’s a general-purpose tool. For example, an undergraduate economics major recently told us that when studying cases of business failure he saw assorted opportunities for red teaming. We couldn’t agree more.1 Red teaming is a practice that applies broadly to all decision making. Pick your domain, and you can apply red teaming to it. Whether you’re facing an adversary, a competitor, or just a decent dose of uncertainty, it almost always pays to employ a degree of devil’s advocacy, if not a more structured form of red teaming. In fact, we recommend adopting a red teamer’s point of view whenever you face a consequential decision.

  1. Carroll and Mui agree as well. Check out the last two chapters of their book Billion Dollar Lessons. []

The Red Teamer’s Go-To Move #4: Understand and Exploit Metrics

A metric is “A system or standard of measurement,”1 and we generally combine a target and a metric to define success or failure. In this way, metrics quantify our goals. For example, we might define success as sales of more than $1 million (the target) dollars (the metric), or we might define failure as damage to at least 10 (the target) systems (the metric). When red teaming, it is essential to understand both the defender’s and the attacker’s metrics. Read on …

  1., definition noun/technical. []

Updated Resources and Navigation

As part of our ongoing Spring-cleaning effort, we’ve revised our Resources page to feature …

  • A new Red Teaming Links page (essentially the old Resources page with new and refreshed links),
  • The RTJ Quotes page,
  • The “See It Like Jones Would” essay series,
  • The Two-Minute Interviews,
  • The Myths of Red Teaming, and
  • The Red Teamer’s Go-To Moves.

You’ll now find the classes of items that warrant their own pages (links, quotes, and the Jones essays) as submenu items under “Resources” tab on the top menu bar. We’ll add pages and menu items for the rest of the series as they grow and require their own pages. Contact us if you know of something of interest to the red teaming community you think we should add to the Red Teaming Links page.

The Red Teamer’s Go-To Move #3: See the System

For Go-To Move #3, we turn to topic of systems thinking and briefly unpack the ability to “See the System.” Rare indeed is the case in which the red teamer’s target is not a system. Much more common are cases in which the red teamer’s target is the whole system or even a system of systems. As a result, red teamers must understand how to approach systems. Read on …

Weekend Update

First, as many of you might’ve read, Google is changing its algorithm to “penalize” sites that are not mobile-friendly. What does that mean for RTJ? We’re updating our site to comply. (If you run a site, be sure to check its compliance with Google’s mobile-friendly test site.) As a result, RTJ might look a bit different for the next few days as we tweak the appearance to our satisfaction, but don’t worry: it’s the same old content with same old red teaming goodness.
      Second, we’ve heard from some of our military readers that they can’t reach the Watermark Institute page on the June offering of the two-day “Becoming Odysseus” course. Although we don’t run that site, we’d like to help troubleshoot this issue, so if it’s happened to you, please let us know. For now, here’s the same information: Read on …