Taguncertainty

When to Red Team: Balancing Costs and Uncertainty

W

In my last Red Teaming 101 Webinar, I shared a concept that I often discuss in my red teaming courses. It involves the issue of when you should red team the system of interest, where the system is some combination of people, technology, or processes. Like many issues connected with red teaming, the short answer is “it depends,” the middling answer is “it’s a tradespace,” and the long answer...

‘Seven-Place Accuracy with Bum Data’

At times during this election season I felt as if I were living in a house of mirrors. With leaks, allegations, and counter-allegations sprouting like weeds, I wondered how, as a citizen, I could discern anything close to the truth. As red teamers, we often face a similar dilemma. Sometimes we just don’t know enough to draw actionable conclusions from the available information. Sometimes all the...

The Dangerous ‘Illusion of Certainty’ (Updated)

T

You’ve probably met the red teamer who believes that red teaming cures all ailments without introducing any side effects. Beware this red teamer.       Seasoned red teamers understand that mismanaged red teaming can potentially introduce just as much uncertainty as it claims to reduce (if not more), leading to a very real and potentially dangerous false...

Why We Red Team: The Tyranny of Uncertainty

W

As red teamers, we sometimes assume that the need for red teaming is self-evident, and, given this assumption, we proceed to promote the practice through example and anecdote (the more entertaining, the better): “Look what happened to Company X! They forgot to red team, poor fools,” or “You won’t believe what our extremely clever red team uncovered!” While anecdotes...

Categories

Terms of Use

Please read.