Join us 11–12 Aug. for the two-day “Becoming Odysseus” red teaming course in Columbia, MD.

Always Contextualize Your Red Team Engagements

Despite the fact that we’ve now posted 50 red teaming “laws,” we hope that our readers understand that the superior red teamer should contextualize every red team engagement (within the obvious constraints of budget and schedule). Yes, it’s tempting to commoditize your approach and get in and out as efficiently as possible, but by overdoing it you risk delivering a misleading assessment to your client. Read on …

A Trip Down Memory Lane

On a whim, I decided to visit the Wayback Machine today, and guess what I found? Global OPFOR, the best wargaming/red teaming idea that few in 2015 have ever heard about. The original concept wasn’t my idea, but I did help develop and (try to) sell it. Why haven’t you heard of it before? Well, that’s a story I’d love to tell but probably shouldn’t. Instead, I’ll simply leave you with the archived Web site description: On to the screen shot …

Webinar: Second Scenario Planning Exercise

We recently spent a couple of hours online with a group interested and talented folks discussing scenario planning. You can read more about it here. We’ve scheduled the second session for 14 July. Please join us if you can! (We are limiting registration to keep the exercise manageable.)

Conference Report: ‘Body Search 2015 London’

Promoting an understanding Conference Logoof individual criminal, organized trafficker, and terrorist group utilization of near-the-body and in-the-body techniques to smuggle illicit narcotics and weapons though security checkpoints and then highlighting responses to such activities was the focus of a recent international conference. At its heart, much of this gathering drew upon red teaming, alternative analysis, and practical lessons learned. These were utilized in order to characterize adversarial actions and behaviors that could then be creatively approached in order to generate mitigation and response strategies. Read on …

‘Mind the Gap’ Cards, Ver. 1.0

We’ve mentioned before that we were working on them, but the “Mind the Gap” red teaming cards are finally ready for prime time! While we make nearly all of what we do available for free on the site, the cards are available only to those who take either the full two-day “Becoming Odysseus” course or our second online mini-course. (We just finished a course on 7 July, so watch for the next offering.)
Sample

      The cards are designed to help designers of red team, pen testing, and wargame engagements define the gap between the perceived “real world” and the engagement design. Failure to define this gap explicitly can lead to a range of downstream problems, resulting in findings and recommendations that can—in the worst case—mislead the client.

Strategic Red Teaming/Scenario Planning Webinar Results

Thanks to those who joined us yesterday for the webinar. We’re biased, of course, but we think it went quite well.
      For those who couldn’t make it, we spent the first 40 minutes or so talking about how to run a scenario planning exercise and the remainder of the time brainstorming. The slide below outlines the exercise:

Exercise Outline Read on …

Two-Minute Interview: Tom Gorup

This time around our Two-Minute Interview features Tom Gorup of Rook Security. Tom was an infantry squad leader in the U.S. Army serving in Iraq and Afghanistan where he received the Purple Heart. After the Army, Tom joined Rook as a security analyst and quickly progressed to his current position of SOC Manager. In this role, Tom oversees the monitoring, scanning, and incident response for hundreds of enterprise-level companies. Additionally, Tom has spearheaded the transition into 24×7 operations and incorporating IT infrastructure library (ITIL) best practices. Tom also worked on the development of multiple proprietary threat intelligence tools. Tom is GCIA certified as well as a participant in GIAC mentor program. Read on …