SlideShare a Scribd company logo

Building an InfoSec RedTeam

Dan Vasile
Dan Vasile

Building and maintaining a Red Team & Penetration Testing Team as the driving force of the Security Organizational Structure

BusinessTechnology
1 of 20
InfoSec RedTeam Building and maintaining a Penetration Testing Team as the driving force of the Security Organizational Structure
First Page :Why RedTeam? To rescue MONEY& REPUTATION
First Page :How? By keeping HACKERS away!
Second Page :Definitions RedTeam Independent group that challenges an organization to improve its security. Penetration TestPenetration Test Method of evaluating computer and network security by simulating an attack on a computer system or network from external and internal threats. Security Operations Center Centralized unit in an organization that deals with security issues, on an organizational and technical level.
RedTeam – center of security RedTeam members are cutting-edge technical experts in a multitude of IT domains and are used as consultants by other services within the security department. Alongside with consultancy they also provide: -Training - Mentoring - Guidance - Best practices
Functional relationships The RedTeam provides expert knowledge and share information with all departments across the Security Department. Just to name a few:
Organizing a RedTeam Given the sensitive information the team is handling and the necessary technical skills, gathering and organizing the team is not an easy task. Key-points: •Finding the right team members•Finding the right team members •Finding the most suited organizational structure •Integrating with the current structure •Maintaining the health of the team •Continuous improvement
RedTeam members specs Knowledge set: Operating Systems Networking and Protocols Firewalls DatabasesDatabases Scripting Programming Forensics Characteristics: Good communication Curiosity Willing to learn and share knowledge Interact with the team and the clients
RedTeam members Specific backgrounds: •Network administrator (multiple OSes and infrastructure equipments) •Developer(multiple languages, depending on the organization’s profile) •Quality Assurance (software) •System Architect / Implementer / Consultant (hardware & software)
General organization structures Organization structures according to PMBOK Executive/CISO Executive/CISO RedTeam manager PenTest expert Pentest expert Functional Matrix RedTeam project coordinator PenTest expert Pentest expert Projectized
Specific structure To meet performance criteria for a RedTeam, a specific organization structure is needed. CISO Roles CISO – Team Champion, provides business interface and long term goals RedTeam Manager – Technical Rockstar, oversees and works on all RedTeam Director Project Coordinator PenTest Expert Pentest Expert Pentest Expert RedTeam Manager – Technical Rockstar, oversees and works on all projects, distributes workload, translates business needs into technical details, establishes short and medium term goals Project Coordinator – The Organizer, keeps track of everything PenTest Experts – The Army, the very foundation of the security department, champions, rockstars and organizers altogether, exceptional individuals delivering security services
Penetration tester experts are highly trained individuals with huge egos (a recognized leader of the team is in charge with making everybody happy at the workplace and with each other) Psychological aspects Time for training and research (the experts need to train and to research new subjects to stay at the top of the elite) Creativity (get the experts out of the routine and let them come up with ingenious ideas to solve problems faster and better)
Building a geographically distributed team (working in different corners of the world can be beneficial to cover all clients, but the sharing of knowledge is obstructed and internal fights can occur) Sociological aspects sharing of knowledge is obstructed and internal fights can occur) Different remuneration for the same skill-set (while it’s impossible to have the same remuneration for everybody, it’s a good idea to keep them within the same ranges and at the top of the market rates to keep the experts on your team)
PenTesting Process
Deliverables RedTeam Exercise Reports Penetration Testing Reports Consultancy for fixing the identified vulnerabilitiesConsultancy for fixing the identified vulnerabilities Training for development and networking teams Whitepapers on best practices InfoSec Metrics Advisories for upper management based on all of the above
Internal vs. External RedTeam Advantages Disadvantages Internal RedTeam • Sensitive information never leaves the company • May be biased • Need managementcompany • Knowledge of the internal systems • When not working on a project, the RedTeam can provide other valuable services • Cheap • Need management External contractor • A fresh pair of eyes • Expertise on exotic systems • The company needs to expose sensitive information to a 3rd party • Need to understand the inner- workings of the systems • Expensive
Internal vs. External RedTeam So, where is the break-even point in which an internal RedTeam is the best solution? Small company A smaller company can benefit from periodical penetration test with clear scopes from an external contractor Medium company If the company broke the 100 machines limit, a serious options is to hire a dedicated Penetration Tester and as the size of the network and number of the applications grows to increase the number of security experts and eventually create a RedTeam Enterprise For a large company, the internal RedTeam is a must and the ROI is much better than using an external contractor External contractors can be used periodically in conjunction with an internal RedTeam to provide a black-box, unbiased, external view of critical systems
About the author Dan Catalin VASILE is a security guy with more then 15 years in IT&C, out of which 12 are related to security. He’s been working with start-ups, small companies and industry giants, gathering relevant experience from all of those.gathering relevant experience from all of those. His main areas of interest are around application and network security. He is also involved in local security chapters like OWASP and ISC2 as a meeting organizer, host and presenter. You can contact him at danvasile@pentest.ro http://www.pentest.ro (personal blog)
About the presentation This presentation is the deliverable of a larger research that the author did over the years. The paper is the result of the personal experience of the author.The paper is the result of the personal experience of the author. - Working for various sized companies - Working as a team member, coordinator, leader and director - Seen and have been under different organizational schemes Creating and managing a RedTeam is a difficult task. This presentation brings some light on the issues an organization will face in setting up a Penetration Testing Team.
Thank you danvasile@pentest.ro http://www.pentest.ro

Recommended

Red team Engagement
Red team EngagementRed team Engagement
Red team Engagement
Indranil Banerjee
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
👀 Joe Gray
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEAdversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSE
Jorge Orchilles
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
Dhruv Majumdar
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
Sunny Neo
 
Red Team vs. Blue Team
Red Team vs. Blue TeamRed Team vs. Blue Team
Red Team vs. Blue Team
EC-Council
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEF
Jorge Orchilles
 
So you want to be a red teamer
So you want to be a red teamerSo you want to be a red teamer
So you want to be a red teamer
Jorge Orchilles
 

Recommended

Red team Engagement
Red team EngagementRed team Engagement
Red team Engagement
Indranil Banerjee
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
👀 Joe Gray
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEAdversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSE
Jorge Orchilles
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
Dhruv Majumdar
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
Sunny Neo
 
Red Team vs. Blue Team
Red Team vs. Blue TeamRed Team vs. Blue Team
Red Team vs. Blue Team
EC-Council
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEF
Jorge Orchilles
 
So you want to be a red teamer
So you want to be a red teamerSo you want to be a red teamer
So you want to be a red teamer
Jorge Orchilles
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down Intruders
Infosec
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hacking
Vikram Khanna
 
Purple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConPurple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMCon
Jorge Orchilles
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
Sqrrl
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
Katie Nickels
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
SCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim SchulzSCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim Schulz
Jorge Orchilles
 
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE - ATT&CKcon
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked Look
Jason Lang
 
Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testing
avioren1979
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Jorge Orchilles
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Splunk
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
Sirius
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
Ben Boyd
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE - ATT&CKcon
 
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue TeamersGo Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
jasonjfrank
 
PTES: PenTest Execution Standard
PTES: PenTest Execution StandardPTES: PenTest Execution Standard
PTES: PenTest Execution Standard
Source Conference
 

More Related Content

What's hot

Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down Intruders
Infosec
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Purple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConPurple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMCon
Jorge Orchilles
 
SCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim SchulzSCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim Schulz
Jorge Orchilles
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Jorge Orchilles
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
Sirius
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE - ATT&CKcon
 

What's hot (20)

Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down Intruders
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hacking
 
Purple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConPurple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMCon
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
 
SCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim SchulzSCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim Schulz
 
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked Look
 
Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testing
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
 

Viewers also liked

PTES: PenTest Execution Standard
PTES: PenTest Execution StandardPTES: PenTest Execution Standard
PTES: PenTest Execution Standard
Source Conference
 

Viewers also liked (10)

Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue TeamersGo Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
 
PTES: PenTest Execution Standard
PTES: PenTest Execution StandardPTES: PenTest Execution Standard
PTES: PenTest Execution Standard
 
Purple teaming Cyber Kill Chain
Purple teaming Cyber Kill ChainPurple teaming Cyber Kill Chain
Purple teaming Cyber Kill Chain
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
 
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItAMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration Testing
 
How to Be Awesome on Slideshare
How to Be Awesome on SlideshareHow to Be Awesome on Slideshare
How to Be Awesome on Slideshare
 
The Essentials of PowerPoint Color Theme
The Essentials of PowerPoint Color ThemeThe Essentials of PowerPoint Color Theme
The Essentials of PowerPoint Color Theme
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
 
Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game
 

Similar to Building an InfoSec RedTeam

Building digital product masters to prevail in the age of accelerations parts...
Building digital product masters to prevail in the age of accelerations parts...Building digital product masters to prevail in the age of accelerations parts...
Building digital product masters to prevail in the age of accelerations parts...
Jeffrey Stewart
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
360 BSI
 
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
360 BSI
 
IT Risk Management & Leadership 23 - 26 June 2013 Dubai
IT Risk Management & Leadership 23 - 26 June 2013 DubaiIT Risk Management & Leadership 23 - 26 June 2013 Dubai
IT Risk Management & Leadership 23 - 26 June 2013 Dubai
360 BSI
 
Multisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoft@Corporate Presentation
Multisoft@Corporate Presentation
MultisoftSystems
 
Multisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoft@Corporate Presentation
Multisoft@Corporate Presentation
MultisoftNOIDA
 

Similar to Building an InfoSec RedTeam (20)

FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019
FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019
FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019
 
Deploying a data centric approach to enterprise agility
Deploying a data centric approach to enterprise agilityDeploying a data centric approach to enterprise agility
Deploying a data centric approach to enterprise agility
 
No more security empires - The ciso as an individual contributor
No more security empires - The ciso as an individual contributorNo more security empires - The ciso as an individual contributor
No more security empires - The ciso as an individual contributor
 
Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution
 
It Sales Presentation 2010 03 31
It Sales Presentation 2010 03 31It Sales Presentation 2010 03 31
It Sales Presentation 2010 03 31
 
Module 1 - IDP.pptx
Module 1 - IDP.pptxModule 1 - IDP.pptx
Module 1 - IDP.pptx
 
Building digital product masters to prevail in the age of accelerations parts...
Building digital product masters to prevail in the age of accelerations parts...Building digital product masters to prevail in the age of accelerations parts...
Building digital product masters to prevail in the age of accelerations parts...
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
 
Patternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase DeckPatternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase Deck
 
Devops for business : Efficiency & Innovation
Devops for business : Efficiency & InnovationDevops for business : Efficiency & Innovation
Devops for business : Efficiency & Innovation
 
Intranets on Microsoft SharePoint
Intranets on Microsoft SharePointIntranets on Microsoft SharePoint
Intranets on Microsoft SharePoint
 
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
 
Isms4
Isms4Isms4
Isms4
 
IT Risk Management & Leadership 23 - 26 June 2013 Dubai
IT Risk Management & Leadership 23 - 26 June 2013 DubaiIT Risk Management & Leadership 23 - 26 June 2013 Dubai
IT Risk Management & Leadership 23 - 26 June 2013 Dubai
 
Intranet governance - dull but necessary
Intranet governance - dull but necessaryIntranet governance - dull but necessary
Intranet governance - dull but necessary
 
Multisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoft@Corporate Presentation
Multisoft@Corporate Presentation
 
Multisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoft@Corporate Presentation
Multisoft@Corporate Presentation
 
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
 
Project report on cctv
Project report on cctvProject report on cctv
Project report on cctv
 
Ramsoft_Brochure-Jul2013
Ramsoft_Brochure-Jul2013Ramsoft_Brochure-Jul2013
Ramsoft_Brochure-Jul2013
 

More from Dan Vasile

SC Congress Amsterdam 2016 - IoT Security
SC Congress Amsterdam 2016 - IoT SecuritySC Congress Amsterdam 2016 - IoT Security
SC Congress Amsterdam 2016 - IoT Security
Dan Vasile
 

More from Dan Vasile (6)

Dan Vasile - Risk Calculation and Visualization
Dan Vasile - Risk Calculation and VisualizationDan Vasile - Risk Calculation and Visualization
Dan Vasile - Risk Calculation and Visualization
 
SC Congress Amsterdam 2016 - IoT Security
SC Congress Amsterdam 2016 - IoT SecuritySC Congress Amsterdam 2016 - IoT Security
SC Congress Amsterdam 2016 - IoT Security
 
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
 
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
 
Bug bounty programs
Bug bounty programsBug bounty programs
Bug bounty programs
 

Recently uploaded

Cracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptxCracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptx
Workforce Group
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
anasabutalha2013
 
State of D2C in India: A Logistics Update
State of D2C in India: A Logistics UpdateState of D2C in India: A Logistics Update
State of D2C in India: A Logistics Update
RedSeer
 
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
ssuserf63bd7
 

Recently uploaded (20)

LinkedIn Masterclass Techweek 2024 v4.1.pptx
LinkedIn Masterclass Techweek 2024 v4.1.pptxLinkedIn Masterclass Techweek 2024 v4.1.pptx
LinkedIn Masterclass Techweek 2024 v4.1.pptx
 
What are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdfWhat are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdf
 
Understanding UAE Labour Law: Key Points for Employers and Employees
Understanding UAE Labour Law: Key Points for Employers and EmployeesUnderstanding UAE Labour Law: Key Points for Employers and Employees
Understanding UAE Labour Law: Key Points for Employers and Employees
 
Event Report - IBM Think 2024 - It is all about AI and hybrid
Event Report - IBM Think 2024 - It is all about AI and hybridEvent Report - IBM Think 2024 - It is all about AI and hybrid
Event Report - IBM Think 2024 - It is all about AI and hybrid
 
Falcon Invoice Discounting Setup for Small Businesses
Falcon Invoice Discounting Setup for Small BusinessesFalcon Invoice Discounting Setup for Small Businesses
Falcon Invoice Discounting Setup for Small Businesses
 
Lookback Analysis
Lookback AnalysisLookback Analysis
Lookback Analysis
 
Using Generative AI for Content Marketing
Using Generative AI for Content MarketingUsing Generative AI for Content Marketing
Using Generative AI for Content Marketing
 
Pitch Deck Teardown: RAW Dating App's $3M Angel deck
Pitch Deck Teardown: RAW Dating App's $3M Angel deckPitch Deck Teardown: RAW Dating App's $3M Angel deck
Pitch Deck Teardown: RAW Dating App's $3M Angel deck
 
USA classified ads posting – best classified sites in usa.pdf
USA classified ads posting – best classified sites in usa.pdfUSA classified ads posting – best classified sites in usa.pdf
USA classified ads posting – best classified sites in usa.pdf
 
Cracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptxCracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptx
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
 
April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
 
Did Paul Haggis Ever Win an Oscar for Best Filmmaker
Did Paul Haggis Ever Win an Oscar for Best FilmmakerDid Paul Haggis Ever Win an Oscar for Best Filmmaker
Did Paul Haggis Ever Win an Oscar for Best Filmmaker
 
State of D2C in India: A Logistics Update
State of D2C in India: A Logistics UpdateState of D2C in India: A Logistics Update
State of D2C in India: A Logistics Update
 
TriStar Gold Corporate Presentation May 2024
TriStar Gold Corporate Presentation May 2024TriStar Gold Corporate Presentation May 2024
TriStar Gold Corporate Presentation May 2024
 
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
 
HR and Employment law update: May 2024.
HR and Employment law update: May 2024.HR and Employment law update: May 2024.
HR and Employment law update: May 2024.
 
India’s Recommended Women Surgeons to Watch in 2024.pdf
India’s Recommended Women Surgeons to Watch in 2024.pdfIndia’s Recommended Women Surgeons to Watch in 2024.pdf
India’s Recommended Women Surgeons to Watch in 2024.pdf
 

Building an InfoSec RedTeam

  • 1. InfoSec RedTeam Building and maintaining a Penetration Testing Team as the driving force of the Security Organizational Structure
  • 2. First Page :Why RedTeam? To rescue MONEY& REPUTATION
  • 3. First Page :How? By keeping HACKERS away!
  • 4. Second Page :Definitions RedTeam Independent group that challenges an organization to improve its security. Penetration TestPenetration Test Method of evaluating computer and network security by simulating an attack on a computer system or network from external and internal threats. Security Operations Center Centralized unit in an organization that deals with security issues, on an organizational and technical level.
  • 5. RedTeam – center of security RedTeam members are cutting-edge technical experts in a multitude of IT domains and are used as consultants by other services within the security department. Alongside with consultancy they also provide: -Training - Mentoring - Guidance - Best practices
  • 6. Functional relationships The RedTeam provides expert knowledge and share information with all departments across the Security Department. Just to name a few:
  • 7. Organizing a RedTeam Given the sensitive information the team is handling and the necessary technical skills, gathering and organizing the team is not an easy task. Key-points: •Finding the right team members•Finding the right team members •Finding the most suited organizational structure •Integrating with the current structure •Maintaining the health of the team •Continuous improvement
  • 8. RedTeam members specs Knowledge set: Operating Systems Networking and Protocols Firewalls DatabasesDatabases Scripting Programming Forensics Characteristics: Good communication Curiosity Willing to learn and share knowledge Interact with the team and the clients
  • 9. RedTeam members Specific backgrounds: •Network administrator (multiple OSes and infrastructure equipments) •Developer(multiple languages, depending on the organization’s profile) •Quality Assurance (software) •System Architect / Implementer / Consultant (hardware & software)
  • 10. General organization structures Organization structures according to PMBOK Executive/CISO Executive/CISO RedTeam manager PenTest expert Pentest expert Functional Matrix RedTeam project coordinator PenTest expert Pentest expert Projectized
  • 11. Specific structure To meet performance criteria for a RedTeam, a specific organization structure is needed. CISO Roles CISO – Team Champion, provides business interface and long term goals RedTeam Manager – Technical Rockstar, oversees and works on all RedTeam Director Project Coordinator PenTest Expert Pentest Expert Pentest Expert RedTeam Manager – Technical Rockstar, oversees and works on all projects, distributes workload, translates business needs into technical details, establishes short and medium term goals Project Coordinator – The Organizer, keeps track of everything PenTest Experts – The Army, the very foundation of the security department, champions, rockstars and organizers altogether, exceptional individuals delivering security services
  • 12. Penetration tester experts are highly trained individuals with huge egos (a recognized leader of the team is in charge with making everybody happy at the workplace and with each other) Psychological aspects Time for training and research (the experts need to train and to research new subjects to stay at the top of the elite) Creativity (get the experts out of the routine and let them come up with ingenious ideas to solve problems faster and better)
  • 13. Building a geographically distributed team (working in different corners of the world can be beneficial to cover all clients, but the sharing of knowledge is obstructed and internal fights can occur) Sociological aspects sharing of knowledge is obstructed and internal fights can occur) Different remuneration for the same skill-set (while it’s impossible to have the same remuneration for everybody, it’s a good idea to keep them within the same ranges and at the top of the market rates to keep the experts on your team)
  • 15. Deliverables RedTeam Exercise Reports Penetration Testing Reports Consultancy for fixing the identified vulnerabilitiesConsultancy for fixing the identified vulnerabilities Training for development and networking teams Whitepapers on best practices InfoSec Metrics Advisories for upper management based on all of the above
  • 16. Internal vs. External RedTeam Advantages Disadvantages Internal RedTeam • Sensitive information never leaves the company • May be biased • Need managementcompany • Knowledge of the internal systems • When not working on a project, the RedTeam can provide other valuable services • Cheap • Need management External contractor • A fresh pair of eyes • Expertise on exotic systems • The company needs to expose sensitive information to a 3rd party • Need to understand the inner- workings of the systems • Expensive
  • 17. Internal vs. External RedTeam So, where is the break-even point in which an internal RedTeam is the best solution? Small company A smaller company can benefit from periodical penetration test with clear scopes from an external contractor Medium company If the company broke the 100 machines limit, a serious options is to hire a dedicated Penetration Tester and as the size of the network and number of the applications grows to increase the number of security experts and eventually create a RedTeam Enterprise For a large company, the internal RedTeam is a must and the ROI is much better than using an external contractor External contractors can be used periodically in conjunction with an internal RedTeam to provide a black-box, unbiased, external view of critical systems
  • 18. About the author Dan Catalin VASILE is a security guy with more then 15 years in IT&C, out of which 12 are related to security. He’s been working with start-ups, small companies and industry giants, gathering relevant experience from all of those.gathering relevant experience from all of those. His main areas of interest are around application and network security. He is also involved in local security chapters like OWASP and ISC2 as a meeting organizer, host and presenter. You can contact him at danvasile@pentest.ro http://www.pentest.ro (personal blog)
  • 19. About the presentation This presentation is the deliverable of a larger research that the author did over the years. The paper is the result of the personal experience of the author.The paper is the result of the personal experience of the author. - Working for various sized companies - Working as a team member, coordinator, leader and director - Seen and have been under different organizational schemes Creating and managing a RedTeam is a difficult task. This presentation brings some light on the issues an organization will face in setting up a Penetration Testing Team.