Red Teaming, A to Z
Ask 26 red teamers to generate 26 random thoughts on red teaming, and the permutations that would ensue are such that you'd walk away before reading just a small fraction of the total. Just thinking about it is exhausting, so why not read just one (this one)?
A: The “red” in “red teaming” traditionally refers to the adversary of interest—the adversary the red team emulates.
B: Systems thinking is among the core set of key red teaming skills.
C: Many pentesters are red teamers, but not all red teamers are pentesters.
D: Some observers equate red teaming with critical thinking; many traditional red teamers consider this characterization to be too broad.
E: Red teamers learn quickly that red teaming takes dedication and commitment; not everyone appreciates having assumptions challenged.
F: Understanding traditional Western and Eastern modes of thought can greatly enhance a red teamer’s ability to frame and address issues.
G: The “team” in “red teaming” is sometimes overlooked. Working as part of a team brings insight and balance to red teaming efforts.
H: The best red teamers know when to set ego aside; aggressive, know-it-all red teamers can often do more harm than good.
I: Interest in red teaming is currently growing by leaps and bounds.
J: Red teaming isn’t just for security; the tools and techniques apply equally to just about any form of strategy development.
K: At the very least, red teaming and devil’s advocacy are close cousins. Depending on who you ask, they might even be the same thing.
L: No two red teamers are likely to agree on everything; a fact worth remembering when listening to a red team's findings and recommendations.
M: Every red teamer carries some cultural baggage; the best ones are aware of it and account for it.
N: The best red teamers know how to listen.
O: Red teaming isn’t a silver bullet, and the best red teamers understand and are willing to talk about its limitations.
P: It pays to remember that the real world embodies more complexity and uncertainty than any red team can ever master.
Q: Wargaming can be a useful complement or adjunct to traditional red teaming; it helps introduce greater reciprocity to the analysis.
S: Red teaming isn’t necessarily something you do just once; the world changes, and the best red teamers do their best to adjust.
T: Even the best red teaming can fall flat in a culture that refuses to listen to anything but the “company line.”
U: Many if not most red teamers begin their careers doing something else, and red teaming as a whole benefits tremendously from the perspectives and knowledge they bring to the practice.
V: It never hurts to red team the red team; what the red team says should be viewed as critically as what the red team itself critiques.
W: All red teamers should do what they can to avoid contributing to the practice’s potential “buzzword” status by not overstating what red teaming can do..
X: The best red teamers know how and when to doubt themselves.
Y: Beware the red teamers who talk too much and too openly about their red teaming exploits.
Z: As "sexy" as red teaming might sound to outsiders and newbies, it's often hard work; what's more, not every personality is suited to the practice, which necessarily requires the red teamer to live with and address resistance.