CategoryRed Teaming Concepts

Strategic Red Teaming: The Job Description

S

Over the past few years, we’ve read a lot of red team job postings. The vast majority of them were for pentesting positions. That’s well and good, but there’s a different, broader sort of red teaming we believe enterprises should also be conducting. We call it “strategic red teaming,” and it addresses security-related risks across the enterprise from a systems...

The Day Before

T

When it comes to haunting events, we tend to remember the date: Dec. 7 (Pearl Harbor), Nov. 22 (Kennedy assassination), Sept. 11 (World Trade Center attack). As risk and security professionals, we also tend to start working on the problem retroactively the next day, doing our best to make sure something like it doesn’t happen again. What we don’t think about nearly as much is what was happening...

Red Teaming, A to Z

R

Ask 26 red teamers to generate 26 random thoughts on red teaming, and the permutations that would ensue are such that you’d walk away before reading just a small fraction of the total. Just thinking about it is exhausting, so why not read just one (this one)? A: The “red” in “red teaming” traditionally refers to the adversary of interest—the adversary the red team emulates. B: Systems...

Syria: Asking the Right Questions (Before and After)

S

The recent U.S. decision to hit a Syrian air field with cruise missiles has triggered a flurry of questions, both in the United States and abroad. It reminds me of RTJ Red Teaming Law #34 (“Question”): In many ways, the art of red teaming is actually the art of asking the right questions, from the right perspective, at the right time. Ask the wrong questions, and it almost doesn’t matter how well...

Categories

Terms of Use

Please read.