"I've been fortunate enough to manage a red team program for several years
and since it's inception it has gone through many changes. What started
out as adhoc engagements trying to see how far we could get/what problems
we could find, turned into a mechanism to work more closely, and regularly
with operations/it teams. More importantly, it's an approach to get
operations teams to want to work with your security org more closely. This
post will not discuss technical approaches to red teaming, it will discuss
various strategies for making your program more impactful to the business.
Below are my thoughts based on working with very talented red teamers, and
operations teams. "
http://www.cgisecurity.com/2018/05/my-experiences-leading-purple-team.html
Regards,
Robert A.
http://www.webappsec.org/
http://www.cgisecurity.com/
http://www.qasec.com/
"I've been fortunate enough to manage a red team program for several years
and since it's inception it has gone through many changes. What started
out as adhoc engagements trying to see how far we could get/what problems
we could find, turned into a mechanism to work more closely, and regularly
with operations/it teams. More importantly, it's an approach to get
operations teams to want to work with your security org more closely. This
post will not discuss technical approaches to red teaming, it will discuss
various strategies for making your program more impactful to the business.
Below are my thoughts based on working with very talented red teamers, and
operations teams. "
http://www.cgisecurity.com/2018/05/my-experiences-leading-purple-team.html
Regards,
Robert A.
http://www.webappsec.org/
http://www.cgisecurity.com/
http://www.qasec.com/
