Red Teaming 'Sparks'
We’ve designed the RTJ red teaming “sparks” to ignite your security thinking quickly without a lot of procedural overhead. They’re simple, but simple is often best. View them as prompts to use when your red team has a hard time getting started or when it begins to lose its momentum.
Here are five sparks to get you started. If you’re interested in the complete set, check out our “Becoming Odysseus” course.
Spark 01: Who?
Examples: Who depends on the system? Who’s responsible for defending the system? Who knows how the system really works?
Spark 02: How?
Examples: How could the system fail? How susceptible is the system to error? How might someone misuse the system?
Spark 03: What if?
Examples: What if [X] happens? What if [Y] changes? What if someone changes [Z]?
Spark 04: What next?
Examples: If someone does [X], what might they do next? What can we do now to prepare for our next success or failure?
Spark 05: When?
Examples: When is the system most vulnerable? When did the system last experience a major upgrade, downgrade, or evolution? When did you last talk to the system’s front-line operators?