Red teaming is governed by informal and wholly unscientific “laws” based largely on human nature. These laws are driven by paradox and, in many cases, a healthy dose of humor. We state some from a general perspective, some from the perspective of the customer or sponsor, and some from the perspective of the red team. Enjoy. We add to these as the mood strikes. (For an alternative list of rules, try the one at redteams.net.)
A: We’re revising and updating them with the intent of printing a hard-copy deck.
RTJ Red Teaming Law #1 (“Jaunty Man”): The more powerful the stakeholders, the more at stake, the less interest in red teaming. This law trumps all other laws.
RTJ Red Teaming Law #2 (“The Skeptical Eye”): Skeptics make the best red teamers, especially when they’re skeptical of red teaming. Of course, a good red teamer is also skeptical of this law..
RTJ Red Teaming Law #3 (“Blinders”): Think carefully before red teaming yourself. Biases and self-deception ensure that you will always miss something.
RTJ Red Teaming Law #4 (“The Pawn”): Be cautious of the stakeholder who really, really wants to red team; a hidden agenda might be at play. Don’t be a pawn in someone else’s game.
RTJ Red Teaming Law #5 (“The Taunt”): If you want some real red teaming, tell the red team you simply want to confirm that you have no vulnerabilities. Nearly every red team will fall for this one.
RTJ Red Teaming Law #6 (“Bulldog”): Keep your red team on a leash. You don’t want a red team you can leash. Card.
RTJ Red Teaming Law #7 (“Running Scared”): If you’re apprehensive about red teaming, it probably means you need it. You can run but you can’t hide.
RTJ Red Teaming Law #8: Risk is subjective. Oh, and goals are mercurial, perceptions are plastic, knowledge is gettable, time is exploitable … Review this law whenever you think you’ve mastered the practice of red teaming.
RTJ Red Teaming Law #9: Red teaming is not forecasting; red teaming is the art of challenging assumptions and exploring the possible…. although your forecaster will always benefit from talking to your red teamer.
RTJ Red Teaming Law #10: The inferior red teamer defers to reputation and status. The superior red teamer pokes arrogance in the eye (and laughs while doing it). Poke! LOL!
RTJ Red Teaming Law #11 (“Cigar”): The superior red teamer discerns webs of perception, intent, and effect; others just see a cigar. Of course, “sometimes a cigar is just a cigar” (or is it?).
RTJ Red Teaming Law #12 (“The Wizard”): What your customers won’t let you challenge sometimes points directly at their most critical vulnerability. “Pay no attention to that man behind the curtain!”
RTJ Red Teaming Law #13: Exploit collective assumptions, especially when attacker and defender share the same ones. Why would anyone want to throw that ring into Mount Doom?
RTJ Red Teaming Law #14 (“A Secret”): If you have a secret, invest it; don’t cash it in at the first opportunity. The secret that pays dividends over time is usually the most valuable.
RTJ Red Teaming Law #15: The apprentice red teamer thinks like the attacker. The journeyman red teamer thinks like the attacker and the defender. The master red teamer thinks about the attacker and defender thinking about each other. Hire an apprentice to model an unsophisticated adversary. Hire a journeyman to model a sophisticated adversary. Hire a master to model the system.
RTJ Red Teaming Law #16 (“The Gate”): Deception is the gate to superior red teaming; self-deception (in your target) is the key to the gate. Remember, you’re vulnerable to self-deception too.
RTJ Red Teaming Law #17: The superior red teamer learns how things work in the real world, not just how they work on a diagram or presentation slide. The most useful insights often come from the bottom of the org chart. The higher up the org you go, the broader the view but the more filtered the information.
RTJ Red Teaming Law #18 (“Dosage”): Too much red teaming can be as harmful as too little. 4 out of 5 doctors say that overprescribed red teaming can lead to annoyance, apathy, and frustration. (See “Red Teaming: A Balanced View.”)
RTJ Red Teaming Law #19 (“The Tower”): Arrogance is both the nemesis and the target of superior red teaming. Higher, higher, higher!
RTJ Red Teaming Law #20: If you defeat the red team, you still have to defeat the enemy. And if you do not win the war, you can always blame the red team! (Submitted by Riccardo Cappelli.)
RTJ Red Teaming Law #21: Red teamers are not immune to FUD. The seasoned red teamer recognizes it for what it is and manages it rationally. The superior red teamer recognizes it for what it is and exploits it. And to complete the implied syllogism, yes, politicians are superior red teamers.
RTJ Red Teaming Law #22: Unexpected surprise is what happens while you’re waiting for the expected surprise. Think tanks and pundits specialize in expected surprise.
RTJ Red Teaming Law #23 (“FUSAG”): Everything is rarely as it appears to be. Move along; nothing to see here …
RTJ Red Teaming Law #24 (“Medicine”): Tell the red team what you want, and it’ll confirm what you know. Tell the red team what the adversary wants, and it’ll uncover what you don’t want to know (but should). Good red teaming tastes more like medicine than candy.
RTJ Red Teaming Law #25 (“Haystack”): The goal of a red team usually isn’t to find a needle in the haystack, it’s to help you see the haystack. What the … ? Where’d that haystack come from?
RTJ Red Teaming Law #26 (“Sneer”): Never regard your adversary with contempt. No good can come of it. The superiority you feel is not worth the surprise that invariably follows.
RTJ Red Teaming Law #27: The better your red teaming, the faster you’ll grasp what’s happening at the moment of surprise. Don’t let your adversary bewilder you; they’re banking on your panic.
RTJ Red Teaming Law #28 (“Cobra”): A big part of the art of red teaming is learning when to question and challenge and when to decide and act. Reversing them can hurt. Don’t let the moment to strike pass.
RTJ Red Teaming Law #29: Your adversary is never completely wrong, and you are never more than partly right. Contributed by Bill Hudson, RTJ advisor and founder of the ProExporter Network®.
RTJ Red Teaming Law #30: When in doubt, red team it. It’s too bad some decision makers will read this as “When in doubt, don’t red team it.” Contributed by redteams.net.
RTJ Red Teaming Law #31 (“Yin and Yang”): A red team without a blue team is like a blue team without a red. Blue and red represent a reciprocal system of perceptions; one should not be considered without the other.
RTJ Red Teaming Law #32 (“The Target”): No matter what the nature of the game, the red team’s ultimate target should always be the opponent’s mind. Everything else is just technique.
RTJ Red Teaming Law #33 (“Furniture”): Many red teams accept time as part of the furniture and don’t think to rearrange it. Mix it up. Exploit it.
RTJ Red Teaming Law #34 (“Question”): In many ways, the art of red teaming is actually the art of asking the right questions, from the right perspective, at the right time. Ask the wrong questions, and it almost doesn’t matter how well your red team performs.
RTJ Red Teaming Law #35 (“Lion”): Behind every successful red team stands a leader who will not bend to whim, coercion, or fear. We need this sort of leader as much as we need superior red teamers.
RTJ Red Teaming Law #36 (“The Nap”): Complacency is your next adversary’s best friend. Just when (you think) you’ve overcome one threat, two more are hiding right around the corner.
RTJ Red Teaming Law #37 (“Tortoise”): Don’t underestimate your adversary. Will, time, and persistence can compensate for a variety of ostensible weaknesses.
RTJ Red Teaming Law #38 (“Glue”): The status quo sticks like glue to assumptions, plans, and strategies. A good red team is a powerful solvent.
RTJ Red Teaming Law #39 (“Ark”): It’s our sad experience that most people don’t think about red teaming until it’s already been raining for 39 days. The forecast for today is …
RTJ Red Teaming Law #40 (“Der Zauberlehrling”): Take heed; we can build systems of systems of systems, but that doesn’t mean we can always secure them. “Die ich rief, die Geister,/ Werd’ ich nun nicht los.”
RTJ Red Teaming Law #41 (“Cat’s-Paw”): During a crisis, always take a moment to pop up, think of the whole system, and ask yourself what the adversary wants you to think and do. Superior red teams create, leverage, and resist distractions.
RTJ Red Teaming Law #42 (“Choice”): Red team upstream, save a dollar; red team downstream, save a dime. Not red teaming at all? Prepare to pay.
RTJ Red Teaming Law #43 (“Tick Tock”): Of all the stratagems in the red teamer’s toolkit, waiting patiently for the defender to err is sometimes the most artful.
RTJ Red Teaming Law #44 (“Puppeteer”): The superior red teamer is a master puppeteer whose goal is to animate not just the red team but the whole show. Dance, puppet, dance!
RTJ Red Teaming Law #45 (“Blunderland”): When what must be said can’t be said, multiply your risk by ten. If the denial is tainted by arrogance or fear, multiply your risk by ten again.
RTJ Red Teaming Law #46 (“The Impossible”): Think of the “impossible,” then do it. Wolfe storming the Heights of Québec, shallow-water torpedoes at Pearl Harbor, MacArthur at Inchon—nothing hurts like total surprise.
RTJ Red Teaming Law #47 (“Athena”): The apprentice red teamer asserts knowledge. The journeyman red teamer applies knowledge. The master red teamer asks questions. Why is that?
RTJ Red Teaming Law #48 (“Skeleton”): Who would you rather have find your skeletons? Your red team or your adversary? If you hesitated answering, you probably need more help than just a red team can offer.
RTJ Red Teaming Law #49 (“The Long Haul”): An ounce of red teaming is worth a ton of remediation. The impacts of a red team may take months to become evident in the thoughts and processes they affect. (Submitted by USCYBERCOM Red Team.)
RTJ Red Teaming Law #50 (“The Messenger”): It’s the red team’s job to find your weaknesses. Don’t blame them when they do. “Gracious madam, I that do bring the news made not the match.”
RTJ Red Teaming Law #51 (“An Obvious Impossibility”): Sometimes your red team executes an ingenious and borderline-impossible attack. It must not be too impossible if they pulled it off. (Submitted by Neal Bridges.)
RTJ Red Teaming Law #52 (“Roots and Soil”): A healthy culture is essential for successful red teaming. The red teamer’s influence flourishes in rich, collaborative soil, withers in dry.
License: You may use the laws and associated cards to illustrate red teaming concepts in both commercial and noncommercial presentations as long as you attribute the source (Red Team Journal) and URL (http://redteamjournal.com). You may not use the laws or cards in a standalone manner, nor may you package or resell them.
Vintage images on the cards are drawn primarily from the “Internet Archive Book Images” collection, each tagged with “No known copyright restrictions.”