Tagred teaming

10 Things You Can Do Right Now to Start Red Teaming

1

Real-world security teams often lack the time to engage in deep red teaming. We get it, so here’s a set of quick, back-of-the-envelope red teaming drills you can run while running from one crisis to the next. Draw a simple systems diagram: primary functions, inputs, outputs, key interfaces. Does your security team consider and address all of them? If not, why not? List three harmful things you...

Behemoth and Leviathan

B

As nice as it would be to fit the systems we red team into a convenient box, it will never happen, and we have the Behemoth and the Leviathan to thank for that.       This past weekend, I read Harold Kushner’s The Book of Job: When Bad Things Happened to a Good Person. In the book, Kushner describes the Behemoth and the Leviathan in terms that are relevant to red...

Red Teaming: Behind the Bluster

R

Red teaming sounds cool, right? So why isn’t everyone doing it? A lot of reasons exist, one of which is the simple fact that people often don’t want to learn what they don’t know. This very human behavior is the basis of RTJ Red Teaming “Law” No. 1 (“The Jaunty Man”). Yes, valid reasons not to red team exist, but to get at those, you first need to...

Strategic Red Teaming: The Job Description

S

Over the past few years, we’ve read a lot of red team job postings. The vast majority of them were for pentesting positions. That’s well and good, but there’s a different, broader sort of red teaming we believe enterprises should also be conducting. We call it “strategic red teaming,” and it addresses security-related risks across the enterprise from a systems...

The Day Before

T

When it comes to haunting events, we tend to remember the date: Dec. 7 (Pearl Harbor), Nov. 22 (Kennedy assassination), Sept. 11 (World Trade Center attack). As risk and security professionals, we also tend to start working on the problem retroactively the next day, doing our best to make sure something like it doesn’t happen again. What we don’t think about nearly as much is what was happening...

Categories

Terms of Use

Please read.