“If you’re not red teaming, you’re just daydreaming.” – Red Team Journal

Eidolons and Banshees

I’ve often wondered how much influence superior red teamers might have had at key points in history. Could a judicious “what if?” question posed to the right person at the right time have closed the door on a doomed adventure or perhaps even deflected a tragic rush to war? (World War I immediately comes to mind.) Of course, these fulcrum moments of counterfactual red teaming history clearly emerge only in hindsight … or do they rather pass momentarily before us at unexpected and inconvenient times—transitory and nearly transparent, eidolons masked by the insistent banshees of urgency, consistency, hubris, and necessity?
      Watching events unfold in the Middle East causes me to wonder how many of these moments will flit across the stage in the next few days and weeks. We will miss them if we fail to start asking the key “what ifs?” right now. Let’s hope decision makers in Washington, Moscow, Ankara, and elsewhere are wiser than their predecessors in August 1914, and let’s hope a few more true red teamers are among them this time around.

10 Principles of Good Red Teaming (2003)

Editor’s note: This is a companion piece to the previous post and was first published on Red Team Journal in June 2003.

A fine line often separates a dynamic red team from a prescripted and predictable red team. Note that the following principles apply not only to red teaming, but to wargames, exercises, and studies in general. Read on …

10 Barriers to Good Red Teaming (2003)

Editor’s note: The following was first published on Red Team Journal in Jan. 2003.

A good red team gets inside the mind of your adversaries and tries to see the world as they do. To run a good red team, you need people who can do this, and–just as important–your team must be free to challenge the way you think. In other words, if you don’t want your adversaries to suprise you, you must first accept some measure of surprise from your red team. Here are 10 reasons why organizations fail to red team well: Read on …

Red Teaming Redux: What’s Changed in 10 Years?

In 2003, the SANS Reading Room published a paper by Chris Peake. In the article, titled “Red Teaming: The Art of Ethical Hacking,” Peake outlined the need and justification for red teaming in, at that time, modern enterprises and information security teams. This isn’t an attempt to repeat his work (all credit for the original article goes to Peake, of course); rather, I think we’ve hit a critical point in cyber security where we can now go back and reevaluate what the perceived roles of infosec red teams were then, how they have evolved into today’s views, and how red teaming might evolving in the future. [click to continue…]

18 Years On and We’re All Red Teamers Now

RTJ1997I launched Red Team Journal in 1997 because I thought the practice of red teaming was underappreciated.1 It’s now 2015, and we’re watching the practice ascend. Micah Zenko’s book Red Team was officially released today, and I expect it to bring well-deserved attention to both red teaming and red teamers. I even saw a tweet a few weeks ago claiming that “red teaming” was a “top cybersecurity buzzword for 2015.” 2 Maybe, maybe not—but the fact remains that more people than ever before are interested in red teaming, and not just for cybersecurity but for all forms of security, business planning, risk analysis, competitive intelligence, and strategic planning. Read on …

  1. My second son was born that year. He’s now in college and can outthink me on most problems! []
  2. See https://twitter.com/Level3/status/651774008594145280/photo/1 []

New Red Team Reading List

Micah Zenko, author of Red Team, has just posted his red team reading list. Definitely give it a look; we found some things that were new to us. While you’re at it, check out our reading lists from 2009, 2012, 2013, and 2015 as well as RedTeam.net’s “mindset” list.
      Also, if you missed our previous Becoming Odysseus mini-courses, we’ve bundled the first two into an accelerated online mini-course. It’s tomorrow (October 27), but there’s still time to sign up!

10 Red Teaming Lessons Learned over 20 Years

I‘ve been a red teamer for 20 years now, perhaps even longer, but I didn’t know what to call it until 1995 when I started working with the Department of Defense. I’ve also been fortunate participate in or lead hundreds of red teams within many divergent disciplines ranging from strategic and tactical cyber to physical security threats like infectious diseases or nuclear power plant targeting to more abstract items like Joint Operating Concepts.
      Over those 20 years, I’ve had the opportunity to work with some of red teaming’s greatest minds like General Van Riper, Jim Miller, Mark Mateski, Neal Pollard, Brian Jenkins, Jeff Cooper, Steve Lukasik, Robert Garigue, Jason Healey, John Sullivan, Robert Bunker, and John Schmitt as well as incredible technologists like Bob Stratton, Chris Goggans, Tom Parker, Sean Malone, Bob Gourley, Jeff Moss, and others. Read on …

Red Teaming Book Club, Anyone?

At our last two-day “Becoming Odysseus” course, the students expressed interest in the idea of an online book club. I’ve been remiss in launching it, but I’m delaying no longer! My plan is to host the kickoff session via WebEx by the end of November. Let me know if you’re interested, and, if you’re so inclined, suggest a book. My first thought is Micah Zenko’s pending book, Red Team. Our WebEx Training Center account has limited space (up to 30), so I can’t guarantee that everyone who’s interested will make the cut, but if the response is strong enough, I can always run multiple sessions.