Latest stories

The Red Teamer’s Manifesto


The red teamer is that rare contrarian who cares more about getting the job done right than poking someone in the eye or winning the corporate game. Red teamers mine information from everywhere (but view all information as suspect). Red teamers know when to talk and when to listen (and generally listen more than they talk). Red teamers realize everyone holds a skewed perspective (even themselves)...

Systems-Aware Red Teaming (Link)


There’s never been a better time for a systems approach to security. Collectively, organizations are spending a king’s ransom on tactical, reactive security, and there’s no end in sight. We’ve designed our new approach, Systems-Aware Red Teaming (SysART), to help clients leverage a small investment into a much larger strategic payoff. Read more about SysART at Reciprocal Strategies, our sister...

Same Words, New Meaning


I recently finished re-reading Deighton’s Samson novels, and now I’m re-reading the le Carré Smiley series. The words on the page haven’t changed in the years since I first read them, though I’ve changed a great deal; as a result, these are no longer the same books, at least to me. I find myself reading them less for the plot and more for the settings and characters. If I recall correctly, for...

Managing the Engagement Model (Link)


All adversarial assessments (red teaming, pentesting, threat modeling) knowingly or unknowingly employ an engagement model, defined here as a set of implicit and explicit parameters governing the nature, scope, and procedures of the assessment. Managing the engagement model is a key to success in nearly all forms of adversarial assessment. Ignoring and skipping aspects of the model can lead to...


Terms of Use

Please read.