CategoryRed Teaming Concepts

10 Things You Can Do Right Now to Start Red Teaming (Updated with Infographic)

1

Real-world security teams often lack the time to engage in deep red teaming. We get it, so here’s a set of quick, back-of-the-envelope red teaming drills you can run while running from one crisis to the next. Draw a simple systems diagram: primary functions, inputs, outputs, key interfaces. Does your security team consider and address all of them? If not, why not? List three harmful things you...

Red Teaming: Closing the Gaps

R

Despite the fact that we pride ourselves on thinking laterally and creatively, we red teamers are still human, and as humans, we share a host of “wetware” issues with our non-red teaming colleagues. The difference? We’re aware of the issues (or at least we should be), and we (usually) try to do something about them. Even so, the issues persist...

Gegenspielers Unite!

G

For the past couple of years, I’ve been thinking a lot about red teaming. This might sound funny, since I’ve been thinking and talking about red teaming for 20 years. Perhaps it would be more accurate to say that I’ve been rethinking red teaming. As valuable as I continue to believe the practice is, I’m also coming to believe that it remains immature, in large part because, as proponents and...

The Essence of a Superior Red Teamer

T

We’re sometimes asked “What makes a good red teamer?” While the range of attributes is actually quite broad, it’s possible to distill these attributes to a finite or representative set. The following infographic captures what we believe to be at least a few of the superior red teamer’s most salient attributes. Enjoy! And for accessibility purposes, here’s the...

Red Teaming: Degrees of Influence and Control

R

When red teaming, it’s often useful to model and distinguish elements of the engagement based on the degree of influence or control each actor exercises over these elements. For example, as the red team (RED), I unilaterally control some aspects of the engagement domain. I choose my goals, and I choose how to invest my time and resources. I also choose various aspects of my operational code. I...

Categories

Terms of Use

Please read.