10 Things You Can Do Right Now to Start Red Teaming (Updated with Infographic)


Real-world security teams often lack the time to engage in deep red teaming. We get it, so here’s a set of quick, back-of-the-envelope red teaming drills you can run while running from one crisis to the next.

  1. Draw a simple systems diagram: primary functions, inputs, outputs, key interfaces. Does your security team consider and address all of them? If not, why not?
  2. List three harmful things you could do if you were an insider. How confident are you that you could get away with them? What countermeasures would thwart you?
  3. List three products or services that, if denied, would damage your daily security operations.
  4. List your last three major security events. Ask yourself “Could any of these happen again?” Why or why not?
  5. List three classes of adversary who would like to steal from you or do you harm. Does your security team consider all of them?
  6. If you hire or employ pentesters, ask them what they plan to do next, and why.
  7. Ask yourself, “What could I have done three years ago to enable an attack against the organization today?” What can you do today to foil this upstream strategy?
  8. Assume for a moment that you are an external attacker wishing to harm the organization. List three things the organization could do that would most frustrate your plans.
  9. Think of three things about your security operations that have unsettled you lately. What are they? (Sit quietly for a few moments before answering this one.) What can you do to address them?
  10. List three external events that could occur that would significantly undermine your ability to protect your organization’s people, processes, systems, and data.


Terms of Use

Please read.