AuthorMark Mateski

Gegenspielers Unite!


For the past couple of years, I’ve been thinking a lot about red teaming. This might sound funny, since I’ve been thinking and talking about red teaming for 20 years. Perhaps it would be more accurate to say that I’ve been rethinking red teaming. As valuable as I continue to believe the practice is, I’m also coming to believe that it remains immature, in large part because, as proponents and...

Syria: Asking the Right Questions (Before and After)


The recent U.S. decision to hit a Syrian air field with cruise missiles has triggered a flurry of questions, both in the United States and abroad. It reminds me of RTJ Red Teaming Law #34 (“Question”): In many ways, the art of red teaming is actually the art of asking the right questions, from the right perspective, at the right time. Ask the wrong questions, and it almost doesn’t matter how well...

When to Red Team: Balancing Costs and Uncertainty


In my last Red Teaming 101 Webinar, I shared a concept that I often discuss in my red teaming courses. It involves the issue of when you should red team the system of interest, where the system is some combination of people, technology, or processes. Like many issues connected with red teaming, the short answer is “it depends,” the middling answer is “it’s a tradespace,” and the long answer...

Why All News Is #FakeNews: A Red Teamer’s Perspective


As a red teamer, I was immediately skeptical of the pop-up sobriquet “fake news.” It’s one of those vague, accusatory phrases more like a playground insult than a real argument. How does one respond to the charge of fake news? With counter-evidence and counter-reasoning? Don’t bother; the thought-stopping power of the label has already done its work.       The...

Con and Hypercon: Cultivating the Eye of the Sly Jester


At Black Hat USA 2014, I shared a diagrammatic method of perceiving what I call con and hypercon.1 A con is just what it sounds like: a state in which one actor attempts to deceive another, most often to do something that benefits the first and hurts the second. Phishing is a con as is “the big store” in the movie The Sting as is—more generally—any case in which one actor willingly...


Terms of Use

Please read.