When you play “red” today, you must consider the operational codes of multiple potential adversaries.
Want to be a red teamer? Think like one.
What often drives a decisive rethink isn’t a new “fact” or a new piece of intelligence but a slight shift in someone’s personal lens.
Muddying the waters today is the growing gap between cybersecurity red teamers and red teamers of other kinds.
It is our opinion—and probably our opinion only—that a red teamer will learn more about red teaming by reading the short stories of Jorge Luis Borges than by reading any number of books on technical topics.
The stories we tell, the accounts we relate, the reports we compile—all are unreliable.
Despite the fact that we pride ourselves on thinking laterally and creatively, we red teamers are still human, and as humans, we share a host of "wetware" issues with our non-red teaming colleagues.
Even when your red team is not emulating a specific adversary, remember that you’re still modeling a specific adversary: the one that matches your red team’s skills, preferences, and perspectives.
Red teamers and their clients who face Behemoth and the Leviathan squarely, conceding both risk and opportunity, excel.
Red teaming sounds like fun until you find out you’re not quite as clever as you thought you were.
When red teaming, commercial enterprises need to adopt a strategic perspective of the enterprise.
“Now I know my ABCs, next time won’t you sign with me.”
Red teaming is involves much more than simply launching a red team.