SlideShare a Scribd company logo

Building an InfoSec RedTeam

Dan Vasile
Dan Vasile

Building and maintaining a Red Team & Penetration Testing Team as the driving force of the Security Organizational Structure

BusinessTechnology
1 of 20
InfoSec RedTeam Building and maintaining a Penetration Testing Team as the driving force of the Security Organizational Structure
First Page :Why RedTeam? To rescue MONEY& REPUTATION
First Page :How? By keeping HACKERS away!
Second Page :Definitions RedTeam Independent group that challenges an organization to improve its security. Penetration TestPenetration Test Method of evaluating computer and network security by simulating an attack on a computer system or network from external and internal threats. Security Operations Center Centralized unit in an organization that deals with security issues, on an organizational and technical level.
RedTeam – center of security RedTeam members are cutting-edge technical experts in a multitude of IT domains and are used as consultants by other services within the security department. Alongside with consultancy they also provide: -Training - Mentoring - Guidance - Best practices
Functional relationships The RedTeam provides expert knowledge and share information with all departments across the Security Department. Just to name a few:
Organizing a RedTeam Given the sensitive information the team is handling and the necessary technical skills, gathering and organizing the team is not an easy task. Key-points: •Finding the right team members•Finding the right team members •Finding the most suited organizational structure •Integrating with the current structure •Maintaining the health of the team •Continuous improvement
RedTeam members specs Knowledge set: Operating Systems Networking and Protocols Firewalls DatabasesDatabases Scripting Programming Forensics Characteristics: Good communication Curiosity Willing to learn and share knowledge Interact with the team and the clients
RedTeam members Specific backgrounds: •Network administrator (multiple OSes and infrastructure equipments) •Developer(multiple languages, depending on the organization’s profile) •Quality Assurance (software) •System Architect / Implementer / Consultant (hardware & software)
General organization structures Organization structures according to PMBOK Executive/CISO Executive/CISO RedTeam manager PenTest expert Pentest expert Functional Matrix RedTeam project coordinator PenTest expert Pentest expert Projectized
Specific structure To meet performance criteria for a RedTeam, a specific organization structure is needed. CISO Roles CISO – Team Champion, provides business interface and long term goals RedTeam Manager – Technical Rockstar, oversees and works on all RedTeam Director Project Coordinator PenTest Expert Pentest Expert Pentest Expert RedTeam Manager – Technical Rockstar, oversees and works on all projects, distributes workload, translates business needs into technical details, establishes short and medium term goals Project Coordinator – The Organizer, keeps track of everything PenTest Experts – The Army, the very foundation of the security department, champions, rockstars and organizers altogether, exceptional individuals delivering security services
Penetration tester experts are highly trained individuals with huge egos (a recognized leader of the team is in charge with making everybody happy at the workplace and with each other) Psychological aspects Time for training and research (the experts need to train and to research new subjects to stay at the top of the elite) Creativity (get the experts out of the routine and let them come up with ingenious ideas to solve problems faster and better)
Building a geographically distributed team (working in different corners of the world can be beneficial to cover all clients, but the sharing of knowledge is obstructed and internal fights can occur) Sociological aspects sharing of knowledge is obstructed and internal fights can occur) Different remuneration for the same skill-set (while it’s impossible to have the same remuneration for everybody, it’s a good idea to keep them within the same ranges and at the top of the market rates to keep the experts on your team)
PenTesting Process
Deliverables RedTeam Exercise Reports Penetration Testing Reports Consultancy for fixing the identified vulnerabilitiesConsultancy for fixing the identified vulnerabilities Training for development and networking teams Whitepapers on best practices InfoSec Metrics Advisories for upper management based on all of the above
Internal vs. External RedTeam Advantages Disadvantages Internal RedTeam • Sensitive information never leaves the company • May be biased • Need managementcompany • Knowledge of the internal systems • When not working on a project, the RedTeam can provide other valuable services • Cheap • Need management External contractor • A fresh pair of eyes • Expertise on exotic systems • The company needs to expose sensitive information to a 3rd party • Need to understand the inner- workings of the systems • Expensive
Internal vs. External RedTeam So, where is the break-even point in which an internal RedTeam is the best solution? Small company A smaller company can benefit from periodical penetration test with clear scopes from an external contractor Medium company If the company broke the 100 machines limit, a serious options is to hire a dedicated Penetration Tester and as the size of the network and number of the applications grows to increase the number of security experts and eventually create a RedTeam Enterprise For a large company, the internal RedTeam is a must and the ROI is much better than using an external contractor External contractors can be used periodically in conjunction with an internal RedTeam to provide a black-box, unbiased, external view of critical systems
About the author Dan Catalin VASILE is a security guy with more then 15 years in IT&C, out of which 12 are related to security. He’s been working with start-ups, small companies and industry giants, gathering relevant experience from all of those.gathering relevant experience from all of those. His main areas of interest are around application and network security. He is also involved in local security chapters like OWASP and ISC2 as a meeting organizer, host and presenter. You can contact him at danvasile@pentest.ro http://www.pentest.ro (personal blog)
About the presentation This presentation is the deliverable of a larger research that the author did over the years. The paper is the result of the personal experience of the author.The paper is the result of the personal experience of the author. - Working for various sized companies - Working as a team member, coordinator, leader and director - Seen and have been under different organizational schemes Creating and managing a RedTeam is a difficult task. This presentation brings some light on the issues an organization will face in setting up a Penetration Testing Team.
Thank you danvasile@pentest.ro http://www.pentest.ro

Recommended

Red team Engagement
Red team EngagementRed team Engagement
Red team EngagementIndranil Banerjee
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEAdversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEJorge Orchilles
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFJorge Orchilles
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentTeymur Kheirkhabarov
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework👀 Joe Gray
 
8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 MatrixJorge Orchilles
 
ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...
ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...
ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...JamieWilliams130
 

Recommended

Red team Engagement
Red team EngagementRed team Engagement
Red team EngagementIndranil Banerjee
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEAdversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEJorge Orchilles
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFJorge Orchilles
 
Hunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentHunting for Privilege Escalation in Windows Environment
Hunting for Privilege Escalation in Windows EnvironmentTeymur Kheirkhabarov
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework👀 Joe Gray
 
8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 MatrixJorge Orchilles
 
ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...
ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...
ATT&CKing Your Adversaries - Operationalizing cyber intelligence in your own ...JamieWilliams130
 
Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturityDNIF
 
Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020Jorge Orchilles
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Chris Gates
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
 
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksSANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksMauricio Velazco
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for youToby Kohlenberg
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshopArpan Raval
 
Purple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConPurple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConJorge Orchilles
 
Hunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureHunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureSergey Soldatov
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 
Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testingavioren1979
 
Adversary Emulation - DerpCon
Adversary Emulation - DerpConAdversary Emulation - DerpCon
Adversary Emulation - DerpConJorge Orchilles
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERAErik Van Buggenhout
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheetMichael Gough
 
Purple Team - Work it out: Organizing Effective Adversary Emulation Exercises
Purple Team - Work it out: Organizing Effective Adversary Emulation ExercisesPurple Team - Work it out: Organizing Effective Adversary Emulation Exercises
Purple Team - Work it out: Organizing Effective Adversary Emulation ExercisesJorge Orchilles
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERAErik Van Buggenhout
 
Red Team vs. Blue Team
Red Team vs. Blue TeamRed Team vs. Blue Team
Red Team vs. Blue TeamEC-Council
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Huntingn|u - The Open Security Community
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™Katie Nickels
 
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue TeamersGo Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamersjasonjfrank
 
PTES: PenTest Execution Standard
PTES: PenTest Execution StandardPTES: PenTest Execution Standard
PTES: PenTest Execution StandardSource Conference
 

More Related Content

What's hot

Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturityDNIF
 
Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020Jorge Orchilles
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Chris Gates
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
 
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksSANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksMauricio Velazco
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for youToby Kohlenberg
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshopArpan Raval
 
Purple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConPurple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConJorge Orchilles
 
Hunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureHunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureSergey Soldatov
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 
Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testingavioren1979
 
Adversary Emulation - DerpCon
Adversary Emulation - DerpConAdversary Emulation - DerpCon
Adversary Emulation - DerpConJorge Orchilles
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERAErik Van Buggenhout
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheetMichael Gough
 
Purple Team - Work it out: Organizing Effective Adversary Emulation Exercises
Purple Team - Work it out: Organizing Effective Adversary Emulation ExercisesPurple Team - Work it out: Organizing Effective Adversary Emulation Exercises
Purple Team - Work it out: Organizing Effective Adversary Emulation ExercisesJorge Orchilles
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERAErik Van Buggenhout
 
Red Team vs. Blue Team
Red Team vs. Blue TeamRed Team vs. Blue Team
Red Team vs. Blue TeamEC-Council
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™Katie Nickels
 

What's hot (20)

Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturity
 
Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
 
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksSANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for you
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshop
 
Purple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConPurple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMCon
 
Hunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureHunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows Infrastructure
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
 
Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testing
 
Adversary Emulation - DerpCon
Adversary Emulation - DerpConAdversary Emulation - DerpCon
Adversary Emulation - DerpCon
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERA
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheet
 
Purple Team - Work it out: Organizing Effective Adversary Emulation Exercises
Purple Team - Work it out: Organizing Effective Adversary Emulation ExercisesPurple Team - Work it out: Organizing Effective Adversary Emulation Exercises
Purple Team - Work it out: Organizing Effective Adversary Emulation Exercises
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERA
 
Red Team vs. Blue Team
Red Team vs. Blue TeamRed Team vs. Blue Team
Red Team vs. Blue Team
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Hunting
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
 

Viewers also liked

Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue TeamersGo Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamersjasonjfrank
 
PTES: PenTest Execution Standard
PTES: PenTest Execution StandardPTES: PenTest Execution Standard
PTES: PenTest Execution StandardSource Conference
 
Purple teaming Cyber Kill Chain
Purple teaming Cyber Kill ChainPurple teaming Cyber Kill Chain
Purple teaming Cyber Kill ChainHaydn Johnson
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsRahul Neel Mani
 
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItAMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItNikhil Mittal
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration TestingAndrew McNicol
 
How to Be Awesome on Slideshare
How to Be Awesome on SlideshareHow to Be Awesome on Slideshare
How to Be Awesome on Slideshare24Slides
 
The Essentials of PowerPoint Color Theme
The Essentials of PowerPoint Color ThemeThe Essentials of PowerPoint Color Theme
The Essentials of PowerPoint Color Theme24Slides
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Rahul Neel Mani
 
Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Rahul Neel Mani
 

Viewers also liked (10)

Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue TeamersGo Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
 
PTES: PenTest Execution Standard
PTES: PenTest Execution StandardPTES: PenTest Execution Standard
PTES: PenTest Execution Standard
 
Purple teaming Cyber Kill Chain
Purple teaming Cyber Kill ChainPurple teaming Cyber Kill Chain
Purple teaming Cyber Kill Chain
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
 
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItAMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration Testing
 
How to Be Awesome on Slideshare
How to Be Awesome on SlideshareHow to Be Awesome on Slideshare
How to Be Awesome on Slideshare
 
The Essentials of PowerPoint Color Theme
The Essentials of PowerPoint Color ThemeThe Essentials of PowerPoint Color Theme
The Essentials of PowerPoint Color Theme
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
 
Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game
 

Similar to Building an InfoSec RedTeam

FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019
FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019
FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019Saeid Atabaki
 
Deploying a data centric approach to enterprise agility
Deploying a data centric approach to enterprise agilityDeploying a data centric approach to enterprise agility
Deploying a data centric approach to enterprise agilityComparative Agility
 
No more security empires - The ciso as an individual contributor
No more security empires - The ciso as an individual contributorNo more security empires - The ciso as an individual contributor
No more security empires - The ciso as an individual contributorPriyanka Aash
 
Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution Priyanka Aash
 
It Sales Presentation 2010 03 31
It Sales Presentation 2010 03 31It Sales Presentation 2010 03 31
It Sales Presentation 2010 03 31rhissrich
 
Module 1 - IDP.pptx
Module 1 - IDP.pptxModule 1 - IDP.pptx
Module 1 - IDP.pptxRAJESH S
 
Building digital product masters to prevail in the age of accelerations parts...
Building digital product masters to prevail in the age of accelerations parts...Building digital product masters to prevail in the age of accelerations parts...
Building digital product masters to prevail in the age of accelerations parts...Jeffrey Stewart
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE360 BSI
 
Patternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase DeckPatternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase DeckMaryLudloff
 
Devops for business : Efficiency & Innovation
Devops for business : Efficiency & InnovationDevops for business : Efficiency & Innovation
Devops for business : Efficiency & InnovationSatish Bhatia
 
Intranets on Microsoft SharePoint
Intranets on Microsoft SharePointIntranets on Microsoft SharePoint
Intranets on Microsoft SharePointedynamic
 
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE360 BSI
 
IT Risk Management & Leadership 23 - 26 June 2013 Dubai
IT Risk Management & Leadership 23 - 26 June 2013 DubaiIT Risk Management & Leadership 23 - 26 June 2013 Dubai
IT Risk Management & Leadership 23 - 26 June 2013 Dubai360 BSI
 
Intranet governance - dull but necessary
Intranet governance - dull but necessaryIntranet governance - dull but necessary
Intranet governance - dull but necessaryJason Buck
 
Multisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoftSystems
 
Multisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoftNOIDA
 
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...Falgun Rathod
 

Similar to Building an InfoSec RedTeam (20)

FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019
FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019
FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019
 
Deploying a data centric approach to enterprise agility
Deploying a data centric approach to enterprise agilityDeploying a data centric approach to enterprise agility
Deploying a data centric approach to enterprise agility
 
No more security empires - The ciso as an individual contributor
No more security empires - The ciso as an individual contributorNo more security empires - The ciso as an individual contributor
No more security empires - The ciso as an individual contributor
 
Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution
 
It Sales Presentation 2010 03 31
It Sales Presentation 2010 03 31It Sales Presentation 2010 03 31
It Sales Presentation 2010 03 31
 
Module 1 - IDP.pptx
Module 1 - IDP.pptxModule 1 - IDP.pptx
Module 1 - IDP.pptx
 
Building digital product masters to prevail in the age of accelerations parts...
Building digital product masters to prevail in the age of accelerations parts...Building digital product masters to prevail in the age of accelerations parts...
Building digital product masters to prevail in the age of accelerations parts...
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
 
Patternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase DeckPatternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase Deck
 
Devops for business : Efficiency & Innovation
Devops for business : Efficiency & InnovationDevops for business : Efficiency & Innovation
Devops for business : Efficiency & Innovation
 
Intranets on Microsoft SharePoint
Intranets on Microsoft SharePointIntranets on Microsoft SharePoint
Intranets on Microsoft SharePoint
 
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
 
Isms4
Isms4Isms4
Isms4
 
IT Risk Management & Leadership 23 - 26 June 2013 Dubai
IT Risk Management & Leadership 23 - 26 June 2013 DubaiIT Risk Management & Leadership 23 - 26 June 2013 Dubai
IT Risk Management & Leadership 23 - 26 June 2013 Dubai
 
Intranet governance - dull but necessary
Intranet governance - dull but necessaryIntranet governance - dull but necessary
Intranet governance - dull but necessary
 
Multisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoft@Corporate Presentation
Multisoft@Corporate Presentation
 
Multisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoft@Corporate Presentation
Multisoft@Corporate Presentation
 
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
 
Project report on cctv
Project report on cctvProject report on cctv
Project report on cctv
 
Ramsoft_Brochure-Jul2013
Ramsoft_Brochure-Jul2013Ramsoft_Brochure-Jul2013
Ramsoft_Brochure-Jul2013
 

More from Dan Vasile

Dan Vasile - Risk Calculation and Visualization
Dan Vasile - Risk Calculation and VisualizationDan Vasile - Risk Calculation and Visualization
Dan Vasile - Risk Calculation and VisualizationDan Vasile
 
SC Congress Amsterdam 2016 - IoT Security
SC Congress Amsterdam 2016 - IoT SecuritySC Congress Amsterdam 2016 - IoT Security
SC Congress Amsterdam 2016 - IoT SecurityDan Vasile
 
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...Dan Vasile
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Vasile
 
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Vasile
 
Bug bounty programs
Bug bounty programsBug bounty programs
Bug bounty programsDan Vasile
 

More from Dan Vasile (6)

Dan Vasile - Risk Calculation and Visualization
Dan Vasile - Risk Calculation and VisualizationDan Vasile - Risk Calculation and Visualization
Dan Vasile - Risk Calculation and Visualization
 
SC Congress Amsterdam 2016 - IoT Security
SC Congress Amsterdam 2016 - IoT SecuritySC Congress Amsterdam 2016 - IoT Security
SC Congress Amsterdam 2016 - IoT Security
 
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
 
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
 
Bug bounty programs
Bug bounty programsBug bounty programs
Bug bounty programs
 

Recently uploaded

8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxmbikashkanyari
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africaictsugar
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Seta Wicaksana
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environmentelijahj01012
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Americas Got Grants
 

Recently uploaded (20)

8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africa
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environment
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
 
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
 

Building an InfoSec RedTeam

  • 1. InfoSec RedTeam Building and maintaining a Penetration Testing Team as the driving force of the Security Organizational Structure
  • 2. First Page :Why RedTeam? To rescue MONEY& REPUTATION
  • 3. First Page :How? By keeping HACKERS away!
  • 4. Second Page :Definitions RedTeam Independent group that challenges an organization to improve its security. Penetration TestPenetration Test Method of evaluating computer and network security by simulating an attack on a computer system or network from external and internal threats. Security Operations Center Centralized unit in an organization that deals with security issues, on an organizational and technical level.
  • 5. RedTeam – center of security RedTeam members are cutting-edge technical experts in a multitude of IT domains and are used as consultants by other services within the security department. Alongside with consultancy they also provide: -Training - Mentoring - Guidance - Best practices
  • 6. Functional relationships The RedTeam provides expert knowledge and share information with all departments across the Security Department. Just to name a few:
  • 7. Organizing a RedTeam Given the sensitive information the team is handling and the necessary technical skills, gathering and organizing the team is not an easy task. Key-points: •Finding the right team members•Finding the right team members •Finding the most suited organizational structure •Integrating with the current structure •Maintaining the health of the team •Continuous improvement
  • 8. RedTeam members specs Knowledge set: Operating Systems Networking and Protocols Firewalls DatabasesDatabases Scripting Programming Forensics Characteristics: Good communication Curiosity Willing to learn and share knowledge Interact with the team and the clients
  • 9. RedTeam members Specific backgrounds: •Network administrator (multiple OSes and infrastructure equipments) •Developer(multiple languages, depending on the organization’s profile) •Quality Assurance (software) •System Architect / Implementer / Consultant (hardware & software)
  • 10. General organization structures Organization structures according to PMBOK Executive/CISO Executive/CISO RedTeam manager PenTest expert Pentest expert Functional Matrix RedTeam project coordinator PenTest expert Pentest expert Projectized
  • 11. Specific structure To meet performance criteria for a RedTeam, a specific organization structure is needed. CISO Roles CISO – Team Champion, provides business interface and long term goals RedTeam Manager – Technical Rockstar, oversees and works on all RedTeam Director Project Coordinator PenTest Expert Pentest Expert Pentest Expert RedTeam Manager – Technical Rockstar, oversees and works on all projects, distributes workload, translates business needs into technical details, establishes short and medium term goals Project Coordinator – The Organizer, keeps track of everything PenTest Experts – The Army, the very foundation of the security department, champions, rockstars and organizers altogether, exceptional individuals delivering security services
  • 12. Penetration tester experts are highly trained individuals with huge egos (a recognized leader of the team is in charge with making everybody happy at the workplace and with each other) Psychological aspects Time for training and research (the experts need to train and to research new subjects to stay at the top of the elite) Creativity (get the experts out of the routine and let them come up with ingenious ideas to solve problems faster and better)
  • 13. Building a geographically distributed team (working in different corners of the world can be beneficial to cover all clients, but the sharing of knowledge is obstructed and internal fights can occur) Sociological aspects sharing of knowledge is obstructed and internal fights can occur) Different remuneration for the same skill-set (while it’s impossible to have the same remuneration for everybody, it’s a good idea to keep them within the same ranges and at the top of the market rates to keep the experts on your team)
  • 15. Deliverables RedTeam Exercise Reports Penetration Testing Reports Consultancy for fixing the identified vulnerabilitiesConsultancy for fixing the identified vulnerabilities Training for development and networking teams Whitepapers on best practices InfoSec Metrics Advisories for upper management based on all of the above
  • 16. Internal vs. External RedTeam Advantages Disadvantages Internal RedTeam • Sensitive information never leaves the company • May be biased • Need managementcompany • Knowledge of the internal systems • When not working on a project, the RedTeam can provide other valuable services • Cheap • Need management External contractor • A fresh pair of eyes • Expertise on exotic systems • The company needs to expose sensitive information to a 3rd party • Need to understand the inner- workings of the systems • Expensive
  • 17. Internal vs. External RedTeam So, where is the break-even point in which an internal RedTeam is the best solution? Small company A smaller company can benefit from periodical penetration test with clear scopes from an external contractor Medium company If the company broke the 100 machines limit, a serious options is to hire a dedicated Penetration Tester and as the size of the network and number of the applications grows to increase the number of security experts and eventually create a RedTeam Enterprise For a large company, the internal RedTeam is a must and the ROI is much better than using an external contractor External contractors can be used periodically in conjunction with an internal RedTeam to provide a black-box, unbiased, external view of critical systems
  • 18. About the author Dan Catalin VASILE is a security guy with more then 15 years in IT&C, out of which 12 are related to security. He’s been working with start-ups, small companies and industry giants, gathering relevant experience from all of those.gathering relevant experience from all of those. His main areas of interest are around application and network security. He is also involved in local security chapters like OWASP and ISC2 as a meeting organizer, host and presenter. You can contact him at danvasile@pentest.ro http://www.pentest.ro (personal blog)
  • 19. About the presentation This presentation is the deliverable of a larger research that the author did over the years. The paper is the result of the personal experience of the author.The paper is the result of the personal experience of the author. - Working for various sized companies - Working as a team member, coordinator, leader and director - Seen and have been under different organizational schemes Creating and managing a RedTeam is a difficult task. This presentation brings some light on the issues an organization will face in setting up a Penetration Testing Team.