This time around our Two-Minute Interview features Tom Gorup of Rook Security. Tom was an infantry squad leader in the U.S. Army serving in Iraq and Afghanistan where he received the Purple Heart. After the Army, Tom joined Rook as a security analyst and quickly progressed to his current position of SOC Manager. In this role, Tom oversees the monitoring, scanning, and incident response for hundreds of enterprise-level companies. Additionally, Tom has spearheaded the transition into 24×7 operations and incorporating IT infrastructure library (ITIL) best practices. Tom also worked on the development of multiple proprietary threat intelligence tools. Tom is GCIA certified as well as a participant in GIAC mentor program. Read on …
In conjunction with Redteams.net, we are pleased to announce the First Unofficial Quarterly Red Teaming Day: 1 July 2015. To celebrate, print, cut out, and consider the list of red teaming questions below. Every quarter, we’ll post a new set of questions for you to think about. Given the tremendous need for more and better red teaming, we hope this is one small way to encourage potential red teamers across all domains to pause for a few moments and red team an immediate problem or issue.
The recent red teaming “Smartcard” post reminded us of the “Reciprocal Net Assessment” (RNA) presentation we developed a while ago. We’ve shared it at a couple of seminars, but it’s otherwise been sitting on the shelf. Some of the concepts are actually similar to last year’s Mateski and Devost Black Hat conference presentation. While we don’t plan to post the whole RNA presentation online, we are willing to share it with U.S. military, government, and law enforcement personnel. Contact us with a valid email address, and we’ll send you a copy. All we ask in return is that you not share the presentation without permission and that you share any comments you might have with us.
The “smartcard” seeks to display the essential concepts of red-teaming visually, in a way that is accessible to military planners at all levels.
Read on …
We’re pleased to announce a new webinar, “Red Teaming 101,” to be held 4 August. It’s a one-hour introduction to the concept and practice of modern red teaming designed primarily for the person who wants to learn more about how to apply red teaming to either security or strategy. Also open are our (a) “Structuring the Red Team Engagement” mini-course on 7 July and our “Becoming Odysseus” full two-day course on 10–11 August in Columbia, MD. More details and registration links for all events are available on our training page.
Part II of the “Cybersecurity Infantry” series is now up at OODA Loop. In this installment we look at the challenge of adversaries who take advantage of operating on a different plane.
In his book Military Strategy: A General Theory of Power Control, J. C. Wylie describes two complementary types of strategy: the sequential strategy and the cumulative strategy.
In Wylie’s own words,
The point to be made is this: there are actually two very different kinds of strategies that may be used in war. One is the sequential, the series of visible, discrete steps, each dependent on the one that preceded it. The other is the cumulative, the less perceptible minute accumulation of little items piling one on top of the other until at some unknown point the mass of cumulated actions may be large enough to be critical.1
- Wylie, Military Strategy: A General Theory of Power Control, p. 24. Although he started writing the book in 1953, it wasn’t published until 1967. The version used here was published in 1989 by the U.S. Naval Institute. It includes a new introduction and additional notes and comments from Wylie himself. [↩]
Last week we launched the first of our online “Becoming Odysseus” mini-courses (course summary sheet here). The next course in the series (“Structuring the Red Team Engagement”) is set for 7 July. For those who might hesitate to sign up for the second course after missing the first, don’t worry. Each course is designed to stand alone. In the 7 July course we will talk about how to design a red teaming engagement that minimizes the negative effects of hidden assumptions, hypotheses, and gaps. Among other things, we will introduce the “Mind the Gap” card deck, and each student will receive an electronic copy of the cards.
It’s hard to believe we’re half way to 100, but today marks the debut of Red Teaming Law #50 (“The Messenger”): “It’s the red team’s job to find your weaknesses. Don’t blame them when they do. ‘Gracious madam, I that do bring the news made not the match.’”1
- This quote from Shakespeare’s Antony and Cleopatra alludes to the well-known maxim “don’t shoot the messenger.” [↩]