The July 7 Red Teaming 101 webinar is full, but we’ll be posting another session soon.

Red Teaming Myth #6

Like most of the red teaming myths, this one applies mostly to non-practitioners, those who have never engaged in red teaming and know little about it. To them, red teaming is just a security practice. So while many current red teamers understand that red teaming can apply to much more than security, current data suggests that red teaming as a defined practice continues to remain limited primarily to security and military issues.
      Here’s a restatement that pushes the myth much closer to reality: Most current red teaming focuses on security and military issues, but the practice need not be limited to these. Indeed, the practice—when done prudently and well—offers tremendous value to non-security practitioners, and it’s no exaggeration to state that anyone who makes consequential decisions should engage in some form of red teaming or challenge analysis. Read on …

Join ‘The Polymetis Group’

Last year, we planned to launch an online discussion community called The Polymetis Group. The idea was to host a regular WebEx session for persons interested in improving red teaming. Here’s the original announcement:

We plan to launch TPG2a monthly webinar discussion on red teaming methods (dubbed “The Polymetis Group” for now). We’d like to start with a relatively small group, limited to government, military, and law enforcement professionals in the “Five Eye” countries (US, UK, Canada, Australia, and New Zealand) as well as the RTJ advisors and editors. The first question we would like to address is “How must the practice of red teaming advance if we are to stay ahead of our adversaries?” If it goes well, we’ll consider expanding the membership to additional countries and participants.

Life got in the way, and we never launched the group. Life has stepped aside, and we’re finally launching it on 15 June. It will be limited to pre-approved members, although we are expanding the criteria to include not just government, military, and law enforcement members but also those who red team for them. (We might consider others case-by-case as well.)

27 July Update: Due to the positive response to this announcement, we are closing the group to new applications.

A Note on Our WebEx Events

We enjoy hosting free events for the red teaming community and encourage anyone interested in a Webinar or book club discussion to sign up and join us. We do ask you to complete the basic registration form, which includes your name, job, and location. Just so you know, we’ll reject registrants who don’t bother to complete the form or include only initials for a name or “NA” or “Something” for a job. (“Student” is acceptable.) For what it’s worth, we don’t do anything with your registration info, although the WebEx system uses your email to send you session login details. In other words, you won’t be receiving marketing emails from us.
      Also, only about half of the registrants have attended recent events. Space is limited with our current WebEx account, and we often have people on the event waiting list. If you know you won’t be able to attend an event for which you’ve registered, we encourage you to cancel through WebEx. In the future, we’ll reject registrations of serial non-attenders who fail to cancel. We’re not trying to be jerks, but we do want to ensure that people who want to attend aren’t prevented by registrants who consistently register but fail to attend.

Waverley Root on ‘The Business of Democratic Journalists’

Cover200I encountered the following quote from Waverley Root last night when starting Peter Tompkins’ 1965 book The Murder of Admiral Darlan. I was unable to find the full quote on the Internet and felt obliged to post it here. I present it without excessive comment, only to note (1) how relevant it is to current debates and (2) how closely the classic concept of the intrepid journalist maps to the irrepressible spirit of the superior red teamer (bounded, of course, by appropriate rules of engagement!).

      It is the business of democratic journalists to try to turn the light of day into the dusty corners of secret diplomacy, and to expose to the view of the people the machinations which seek to dispose of them, even in the republics, in defiance of the principle which states that the people should decide their own fate.
      Such journalists are therefore engaged in an unending war against secretive officials. They seek to expose what the officials seek to hide. If they [the journalists] win, the officials of the future will be of a new stripe (of whom we have some already), who will carry on their activities in the full view of the public, hiding nothing from them.
      If the keepers of the secrets win, there will be no more journalists in the future al all, only scribes setting down slavishly what they are told to write. We have some of these already, too.1

  1. Waverley Root, as quoted in Tompkins, p. 15. []

A Short Review of Barton Whaley’s Practice to Deceive

I received a review copy of Barton Whaley’s new book Practice to Deceive from the Naval Institute Press a couple of months ago and have been negligent in not yet sharing my thoughts with RTJ readers.
      Dr. Whaley passed in 2013. I was privileged several years ago to receive some guidance from him on my dissertation and honored for him to review my materials so favorably in his annotated bibliography of deception and counterdeception methods. He had a unique and powerful mind, and I continue to view him as a member of that rarified club that includes both T. E. Lawrence and R. V. Jones. For me, getting a new book authored by Dr. Whaley is a bit like discovering a whole album of previously unreleased material from The Beatles (and I love the The Beatles!). Read on …

Operational Code Analysis for the Real-World Red Team, Part I

Congress is calling on Pentagon red teams to model potential adversaries more accurately. It’s a mandate akin to Sun Tzu’s age-old maxim, “Know thy enemy.” Unfortunately, for every 100 persons who remind us to know our enemy, perhaps five know how to practice it effectively.
      To be fair, it’s a hard problem. Maxims help, but the real world is much more complex than we usually care to admit. Our adversaries are rarely unitary and completely rational. Nearly every adversary sees the world differently. Few adversaries tell the truth, and fewer still perceive the truth. Many are deceived by their own hubris. Some will uncover a short cut we haven’t anticipated. And all of this applies to us in reverse. It’s why we red team, but it’s also why red teaming is so difficult. If we’re honest, understanding reciprocal perceptions in conflict is more akin to a wild scrum of Hungry, Hungry Hippos than an artful game of chess. Know thy enemy? Good luck with that! (Yes, I’m exaggerating, but only just a bit.) Read on …

The Red Teamer’s Book Club, Round VI

Round VI of The Red Teamer’s Book Club will feature the book Find Out Anything from Anyone, Anytime: Secrets of Calculated Questioning from a Veteran Interrogator by James Pyle and Maryann Karinch. As we note in RTJ Red Teaming Law #34 (“Question”), “In many ways, the art of red teaming is actually the art of asking the right questions, from the right perspective, at the right time. Ask the wrong questions, and it almost doesn’t matter how well your red team performs.”
      Join us on 3 June to discuss the book and talk about how asking questions applies to the art of red teaming. Register here.

The Roots of Red Teaming: Praemeditatio Malorum

Roots of Red TeamingOver the years, I’ve been asked my times how red teaming began. I don’t believe there’s an easy answer to the question. Some point to the German Kriegsspiel or earlier variants of battlefield simulation (chess, for example). Micah Zenko in his book Red Team highlights the Catholic practice of employing a devil’s advocate. I’ve recently encountered another example of proto-red teaming: the ancient Stoic practice of praemeditatio malorum.1 Read on …

  1. For the sake of completeness, I must note that (1) the practice wasn’t strictly limited to the Stoics, nor is Stoicism limited to the ancients. []

Informal Survey of Red Teaming Jobs

While I’ve long said that red teaming is useful for more than just security, I believe security red teaming remains by far the dominant form. To test this hypothesis, I surveyed the first five pages of red teaming jobs on
      What I learned informally confirmed my hypothesis. In the first chart, you’ll see that the only non-IT forms of red teaming that appeared were proposal management jobs and jobs that I binned in the “intelligence” category (one involved future technologies and the other described a general intelligence red teaming role). I separated the IT-security jobs—those with the red bars—into categories as best I could based on the job announcements, but the overall trend is clear: roughly 85% of the jobs listed relate directly to IT security. Read on …

  1. I used the following search string: “red team” or “red teams” or “red teaming” or “devil’s advocate” -medical -patient -treatment -nurse []

Talking Red Teaming with Steve Rotkoff

I had the pleasure yesterday of sitting down with Steve Rotkoff, the Director of the U.S. Army’s University of Foreign Military and Cultural Studies (UFMCS—informally dubbed “Red Team University”). Steve updated me on the goals and methods of UFMCS, and we were able to talk at length about the current state of red teaming. He’s a master storyteller with a deep library of red teaming experiences and insights. I’ve long been impressed with Steve and his passion for red teaming and, more broadly, the UFMCS approach to training students to think critically and make better decisions. If you’re not familiar with their critical thinking handbook, be sure to get a copy right now. (And if you believe that red teaming is nothing more than repackaged pentesting, read the first half of the handbook and get back to me.)