SlideShare une entreprise Scribd logo

Building an InfoSec RedTeam

Dan Vasile
Dan Vasile

Building and maintaining a Red Team & Penetration Testing Team as the driving force of the Security Organizational Structure

BusinessTechnologie
1  sur  20
InfoSec RedTeam Building and maintaining a Penetration Testing Team as the driving force of the Security Organizational Structure
First Page :Why RedTeam? To rescue MONEY& REPUTATION
First Page :How? By keeping HACKERS away!
Second Page :Definitions RedTeam Independent group that challenges an organization to improve its security. Penetration TestPenetration Test Method of evaluating computer and network security by simulating an attack on a computer system or network from external and internal threats. Security Operations Center Centralized unit in an organization that deals with security issues, on an organizational and technical level.
RedTeam – center of security RedTeam members are cutting-edge technical experts in a multitude of IT domains and are used as consultants by other services within the security department. Alongside with consultancy they also provide: -Training - Mentoring - Guidance - Best practices
Functional relationships The RedTeam provides expert knowledge and share information with all departments across the Security Department. Just to name a few:
Organizing a RedTeam Given the sensitive information the team is handling and the necessary technical skills, gathering and organizing the team is not an easy task. Key-points: •Finding the right team members•Finding the right team members •Finding the most suited organizational structure •Integrating with the current structure •Maintaining the health of the team •Continuous improvement
RedTeam members specs Knowledge set: Operating Systems Networking and Protocols Firewalls DatabasesDatabases Scripting Programming Forensics Characteristics: Good communication Curiosity Willing to learn and share knowledge Interact with the team and the clients
RedTeam members Specific backgrounds: •Network administrator (multiple OSes and infrastructure equipments) •Developer(multiple languages, depending on the organization’s profile) •Quality Assurance (software) •System Architect / Implementer / Consultant (hardware & software)
General organization structures Organization structures according to PMBOK Executive/CISO Executive/CISO RedTeam manager PenTest expert Pentest expert Functional Matrix RedTeam project coordinator PenTest expert Pentest expert Projectized
Specific structure To meet performance criteria for a RedTeam, a specific organization structure is needed. CISO Roles CISO – Team Champion, provides business interface and long term goals RedTeam Manager – Technical Rockstar, oversees and works on all RedTeam Director Project Coordinator PenTest Expert Pentest Expert Pentest Expert RedTeam Manager – Technical Rockstar, oversees and works on all projects, distributes workload, translates business needs into technical details, establishes short and medium term goals Project Coordinator – The Organizer, keeps track of everything PenTest Experts – The Army, the very foundation of the security department, champions, rockstars and organizers altogether, exceptional individuals delivering security services
Penetration tester experts are highly trained individuals with huge egos (a recognized leader of the team is in charge with making everybody happy at the workplace and with each other) Psychological aspects Time for training and research (the experts need to train and to research new subjects to stay at the top of the elite) Creativity (get the experts out of the routine and let them come up with ingenious ideas to solve problems faster and better)
Building a geographically distributed team (working in different corners of the world can be beneficial to cover all clients, but the sharing of knowledge is obstructed and internal fights can occur) Sociological aspects sharing of knowledge is obstructed and internal fights can occur) Different remuneration for the same skill-set (while it’s impossible to have the same remuneration for everybody, it’s a good idea to keep them within the same ranges and at the top of the market rates to keep the experts on your team)
PenTesting Process
Deliverables RedTeam Exercise Reports Penetration Testing Reports Consultancy for fixing the identified vulnerabilitiesConsultancy for fixing the identified vulnerabilities Training for development and networking teams Whitepapers on best practices InfoSec Metrics Advisories for upper management based on all of the above
Internal vs. External RedTeam Advantages Disadvantages Internal RedTeam • Sensitive information never leaves the company • May be biased • Need managementcompany • Knowledge of the internal systems • When not working on a project, the RedTeam can provide other valuable services • Cheap • Need management External contractor • A fresh pair of eyes • Expertise on exotic systems • The company needs to expose sensitive information to a 3rd party • Need to understand the inner- workings of the systems • Expensive
Internal vs. External RedTeam So, where is the break-even point in which an internal RedTeam is the best solution? Small company A smaller company can benefit from periodical penetration test with clear scopes from an external contractor Medium company If the company broke the 100 machines limit, a serious options is to hire a dedicated Penetration Tester and as the size of the network and number of the applications grows to increase the number of security experts and eventually create a RedTeam Enterprise For a large company, the internal RedTeam is a must and the ROI is much better than using an external contractor External contractors can be used periodically in conjunction with an internal RedTeam to provide a black-box, unbiased, external view of critical systems
About the author Dan Catalin VASILE is a security guy with more then 15 years in IT&C, out of which 12 are related to security. He’s been working with start-ups, small companies and industry giants, gathering relevant experience from all of those.gathering relevant experience from all of those. His main areas of interest are around application and network security. He is also involved in local security chapters like OWASP and ISC2 as a meeting organizer, host and presenter. You can contact him at danvasile@pentest.ro http://www.pentest.ro (personal blog)
About the presentation This presentation is the deliverable of a larger research that the author did over the years. The paper is the result of the personal experience of the author.The paper is the result of the personal experience of the author. - Working for various sized companies - Working as a team member, coordinator, leader and director - Seen and have been under different organizational schemes Creating and managing a RedTeam is a difficult task. This presentation brings some light on the issues an organization will face in setting up a Penetration Testing Team.
Thank you danvasile@pentest.ro http://www.pentest.ro

Recommandé

Red team Engagement
Red team EngagementRed team Engagement
Red team EngagementIndranil Banerjee
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEAdversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEJorge Orchilles
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework👀 Joe Gray
 
How to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHow to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHaydn Johnson
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementUsing IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementJoe Vest
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hackingVikram Khanna
 
Red Team vs. Blue Team
Red Team vs. Blue TeamRed Team vs. Blue Team
Red Team vs. Blue TeamEC-Council
 
Adversary Emulation - DerpCon
Adversary Emulation - DerpConAdversary Emulation - DerpCon
Adversary Emulation - DerpConJorge Orchilles
 

Recommandé

Red team Engagement
Red team EngagementRed team Engagement
Red team EngagementIndranil Banerjee
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEAdversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEJorge Orchilles
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework👀 Joe Gray
 
How to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHow to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHaydn Johnson
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementUsing IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementJoe Vest
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hackingVikram Khanna
 
Red Team vs. Blue Team
Red Team vs. Blue TeamRed Team vs. Blue Team
Red Team vs. Blue TeamEC-Council
 
Adversary Emulation - DerpCon
Adversary Emulation - DerpConAdversary Emulation - DerpCon
Adversary Emulation - DerpConJorge Orchilles
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testingavioren1979
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFJorge Orchilles
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for youToby Kohlenberg
 
Purple team strategy_lascon_2016
Purple team strategy_lascon_2016Purple team strategy_lascon_2016
Purple team strategy_lascon_2016Trupti Shiralkar, CISSP
 
Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesomeSumedt Jitpukdebodin
 
Purple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatPurple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatJorge Orchilles
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team FrameworkAdrian Sanabria
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Christopher Korban
 
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceMITRE - ATT&CKcon
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Chris Gates
 
Red Team P1.pdf
Red Team P1.pdfRed Team P1.pdf
Red Team P1.pdfsoheil hashemi
 
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue TeamersGo Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamersjasonjfrank
 
PTES: PenTest Execution Standard
PTES: PenTest Execution StandardPTES: PenTest Execution Standard
PTES: PenTest Execution StandardSource Conference
 

Contenu connexe

Tendances

Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testingavioren1979
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFJorge Orchilles
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for youToby Kohlenberg
 
Purple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatPurple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatJorge Orchilles
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Christopher Korban
 
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceMITRE - ATT&CKcon
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Chris Gates
 

Tendances (20)

Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testing
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEF
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for you
 
Purple team strategy_lascon_2016
Purple team strategy_lascon_2016Purple team strategy_lascon_2016
Purple team strategy_lascon_2016
 
Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesome
 
Purple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatPurple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHat
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018
 
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
 
Red Team P1.pdf
Red Team P1.pdfRed Team P1.pdf
Red Team P1.pdf
 

En vedette

Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue TeamersGo Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamersjasonjfrank
 
PTES: PenTest Execution Standard
PTES: PenTest Execution StandardPTES: PenTest Execution Standard
PTES: PenTest Execution StandardSource Conference
 
Purple teaming Cyber Kill Chain
Purple teaming Cyber Kill ChainPurple teaming Cyber Kill Chain
Purple teaming Cyber Kill ChainHaydn Johnson
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsRahul Neel Mani
 
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItAMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItNikhil Mittal
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration TestingAndrew McNicol
 
How to Be Awesome on Slideshare
How to Be Awesome on SlideshareHow to Be Awesome on Slideshare
How to Be Awesome on Slideshare24Slides
 
The Essentials of PowerPoint Color Theme
The Essentials of PowerPoint Color ThemeThe Essentials of PowerPoint Color Theme
The Essentials of PowerPoint Color Theme24Slides
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Rahul Neel Mani
 
Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Rahul Neel Mani
 

En vedette (10)

Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue TeamersGo Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
 
PTES: PenTest Execution Standard
PTES: PenTest Execution StandardPTES: PenTest Execution Standard
PTES: PenTest Execution Standard
 
Purple teaming Cyber Kill Chain
Purple teaming Cyber Kill ChainPurple teaming Cyber Kill Chain
Purple teaming Cyber Kill Chain
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
 
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItAMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration Testing
 
How to Be Awesome on Slideshare
How to Be Awesome on SlideshareHow to Be Awesome on Slideshare
How to Be Awesome on Slideshare
 
The Essentials of PowerPoint Color Theme
The Essentials of PowerPoint Color ThemeThe Essentials of PowerPoint Color Theme
The Essentials of PowerPoint Color Theme
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
 
Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game
 

Similaire à Building an InfoSec RedTeam

FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019
FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019
FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019Saeid Atabaki
 
Deploying a data centric approach to enterprise agility
Deploying a data centric approach to enterprise agilityDeploying a data centric approach to enterprise agility
Deploying a data centric approach to enterprise agilityComparative Agility
 
No more security empires - The ciso as an individual contributor
No more security empires - The ciso as an individual contributorNo more security empires - The ciso as an individual contributor
No more security empires - The ciso as an individual contributorPriyanka Aash
 
Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution Priyanka Aash
 
It Sales Presentation 2010 03 31
It Sales Presentation 2010 03 31It Sales Presentation 2010 03 31
It Sales Presentation 2010 03 31rhissrich
 
Module 1 - IDP.pptx
Module 1 - IDP.pptxModule 1 - IDP.pptx
Module 1 - IDP.pptxRAJESH S
 
Building digital product masters to prevail in the age of accelerations parts...
Building digital product masters to prevail in the age of accelerations parts...Building digital product masters to prevail in the age of accelerations parts...
Building digital product masters to prevail in the age of accelerations parts...Jeffrey Stewart
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE360 BSI
 
Patternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase DeckPatternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase DeckMaryLudloff
 
Devops for business : Efficiency & Innovation
Devops for business : Efficiency & InnovationDevops for business : Efficiency & Innovation
Devops for business : Efficiency & InnovationSatish Bhatia
 
Intranets on Microsoft SharePoint
Intranets on Microsoft SharePointIntranets on Microsoft SharePoint
Intranets on Microsoft SharePointedynamic
 
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE360 BSI
 
IT Risk Management & Leadership 23 - 26 June 2013 Dubai
IT Risk Management & Leadership 23 - 26 June 2013 DubaiIT Risk Management & Leadership 23 - 26 June 2013 Dubai
IT Risk Management & Leadership 23 - 26 June 2013 Dubai360 BSI
 
Intranet governance - dull but necessary
Intranet governance - dull but necessaryIntranet governance - dull but necessary
Intranet governance - dull but necessaryJason Buck
 
Multisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoftSystems
 
Multisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoftNOIDA
 
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...Falgun Rathod
 

Similaire à Building an InfoSec RedTeam (20)

FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019
FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019
FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019
 
Deploying a data centric approach to enterprise agility
Deploying a data centric approach to enterprise agilityDeploying a data centric approach to enterprise agility
Deploying a data centric approach to enterprise agility
 
No more security empires - The ciso as an individual contributor
No more security empires - The ciso as an individual contributorNo more security empires - The ciso as an individual contributor
No more security empires - The ciso as an individual contributor
 
Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution
 
It Sales Presentation 2010 03 31
It Sales Presentation 2010 03 31It Sales Presentation 2010 03 31
It Sales Presentation 2010 03 31
 
Module 1 - IDP.pptx
Module 1 - IDP.pptxModule 1 - IDP.pptx
Module 1 - IDP.pptx
 
Building digital product masters to prevail in the age of accelerations parts...
Building digital product masters to prevail in the age of accelerations parts...Building digital product masters to prevail in the age of accelerations parts...
Building digital product masters to prevail in the age of accelerations parts...
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
 
Patternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase DeckPatternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase Deck
 
Devops for business : Efficiency & Innovation
Devops for business : Efficiency & InnovationDevops for business : Efficiency & Innovation
Devops for business : Efficiency & Innovation
 
Intranets on Microsoft SharePoint
Intranets on Microsoft SharePointIntranets on Microsoft SharePoint
Intranets on Microsoft SharePoint
 
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
 
Isms4
Isms4Isms4
Isms4
 
IT Risk Management & Leadership 23 - 26 June 2013 Dubai
IT Risk Management & Leadership 23 - 26 June 2013 DubaiIT Risk Management & Leadership 23 - 26 June 2013 Dubai
IT Risk Management & Leadership 23 - 26 June 2013 Dubai
 
Intranet governance - dull but necessary
Intranet governance - dull but necessaryIntranet governance - dull but necessary
Intranet governance - dull but necessary
 
Multisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoft@Corporate Presentation
Multisoft@Corporate Presentation
 
Multisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoft@Corporate Presentation
Multisoft@Corporate Presentation
 
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
 
Project report on cctv
Project report on cctvProject report on cctv
Project report on cctv
 
Ramsoft_Brochure-Jul2013
Ramsoft_Brochure-Jul2013Ramsoft_Brochure-Jul2013
Ramsoft_Brochure-Jul2013
 

Plus de Dan Vasile

Dan Vasile - Risk Calculation and Visualization
Dan Vasile - Risk Calculation and VisualizationDan Vasile - Risk Calculation and Visualization
Dan Vasile - Risk Calculation and VisualizationDan Vasile
 
SC Congress Amsterdam 2016 - IoT Security
SC Congress Amsterdam 2016 - IoT SecuritySC Congress Amsterdam 2016 - IoT Security
SC Congress Amsterdam 2016 - IoT SecurityDan Vasile
 
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...Dan Vasile
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Vasile
 
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Vasile
 
Bug bounty programs
Bug bounty programsBug bounty programs
Bug bounty programsDan Vasile
 

Plus de Dan Vasile (6)

Dan Vasile - Risk Calculation and Visualization
Dan Vasile - Risk Calculation and VisualizationDan Vasile - Risk Calculation and Visualization
Dan Vasile - Risk Calculation and Visualization
 
SC Congress Amsterdam 2016 - IoT Security
SC Congress Amsterdam 2016 - IoT SecuritySC Congress Amsterdam 2016 - IoT Security
SC Congress Amsterdam 2016 - IoT Security
 
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
 
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
 
Bug bounty programs
Bug bounty programsBug bounty programs
Bug bounty programs
 

Dernier

Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangaloreamitlee9823
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876dlhescort
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperityhemanthkumar470700
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...allensay1
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...daisycvs
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...rajveerescorts2022
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 

Dernier (20)

Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 

Building an InfoSec RedTeam

  • 1. InfoSec RedTeam Building and maintaining a Penetration Testing Team as the driving force of the Security Organizational Structure
  • 2. First Page :Why RedTeam? To rescue MONEY& REPUTATION
  • 3. First Page :How? By keeping HACKERS away!
  • 4. Second Page :Definitions RedTeam Independent group that challenges an organization to improve its security. Penetration TestPenetration Test Method of evaluating computer and network security by simulating an attack on a computer system or network from external and internal threats. Security Operations Center Centralized unit in an organization that deals with security issues, on an organizational and technical level.
  • 5. RedTeam – center of security RedTeam members are cutting-edge technical experts in a multitude of IT domains and are used as consultants by other services within the security department. Alongside with consultancy they also provide: -Training - Mentoring - Guidance - Best practices
  • 6. Functional relationships The RedTeam provides expert knowledge and share information with all departments across the Security Department. Just to name a few:
  • 7. Organizing a RedTeam Given the sensitive information the team is handling and the necessary technical skills, gathering and organizing the team is not an easy task. Key-points: •Finding the right team members•Finding the right team members •Finding the most suited organizational structure •Integrating with the current structure •Maintaining the health of the team •Continuous improvement
  • 8. RedTeam members specs Knowledge set: Operating Systems Networking and Protocols Firewalls DatabasesDatabases Scripting Programming Forensics Characteristics: Good communication Curiosity Willing to learn and share knowledge Interact with the team and the clients
  • 9. RedTeam members Specific backgrounds: •Network administrator (multiple OSes and infrastructure equipments) •Developer(multiple languages, depending on the organization’s profile) •Quality Assurance (software) •System Architect / Implementer / Consultant (hardware & software)
  • 10. General organization structures Organization structures according to PMBOK Executive/CISO Executive/CISO RedTeam manager PenTest expert Pentest expert Functional Matrix RedTeam project coordinator PenTest expert Pentest expert Projectized
  • 11. Specific structure To meet performance criteria for a RedTeam, a specific organization structure is needed. CISO Roles CISO – Team Champion, provides business interface and long term goals RedTeam Manager – Technical Rockstar, oversees and works on all RedTeam Director Project Coordinator PenTest Expert Pentest Expert Pentest Expert RedTeam Manager – Technical Rockstar, oversees and works on all projects, distributes workload, translates business needs into technical details, establishes short and medium term goals Project Coordinator – The Organizer, keeps track of everything PenTest Experts – The Army, the very foundation of the security department, champions, rockstars and organizers altogether, exceptional individuals delivering security services
  • 12. Penetration tester experts are highly trained individuals with huge egos (a recognized leader of the team is in charge with making everybody happy at the workplace and with each other) Psychological aspects Time for training and research (the experts need to train and to research new subjects to stay at the top of the elite) Creativity (get the experts out of the routine and let them come up with ingenious ideas to solve problems faster and better)
  • 13. Building a geographically distributed team (working in different corners of the world can be beneficial to cover all clients, but the sharing of knowledge is obstructed and internal fights can occur) Sociological aspects sharing of knowledge is obstructed and internal fights can occur) Different remuneration for the same skill-set (while it’s impossible to have the same remuneration for everybody, it’s a good idea to keep them within the same ranges and at the top of the market rates to keep the experts on your team)
  • 15. Deliverables RedTeam Exercise Reports Penetration Testing Reports Consultancy for fixing the identified vulnerabilitiesConsultancy for fixing the identified vulnerabilities Training for development and networking teams Whitepapers on best practices InfoSec Metrics Advisories for upper management based on all of the above
  • 16. Internal vs. External RedTeam Advantages Disadvantages Internal RedTeam • Sensitive information never leaves the company • May be biased • Need managementcompany • Knowledge of the internal systems • When not working on a project, the RedTeam can provide other valuable services • Cheap • Need management External contractor • A fresh pair of eyes • Expertise on exotic systems • The company needs to expose sensitive information to a 3rd party • Need to understand the inner- workings of the systems • Expensive
  • 17. Internal vs. External RedTeam So, where is the break-even point in which an internal RedTeam is the best solution? Small company A smaller company can benefit from periodical penetration test with clear scopes from an external contractor Medium company If the company broke the 100 machines limit, a serious options is to hire a dedicated Penetration Tester and as the size of the network and number of the applications grows to increase the number of security experts and eventually create a RedTeam Enterprise For a large company, the internal RedTeam is a must and the ROI is much better than using an external contractor External contractors can be used periodically in conjunction with an internal RedTeam to provide a black-box, unbiased, external view of critical systems
  • 18. About the author Dan Catalin VASILE is a security guy with more then 15 years in IT&C, out of which 12 are related to security. He’s been working with start-ups, small companies and industry giants, gathering relevant experience from all of those.gathering relevant experience from all of those. His main areas of interest are around application and network security. He is also involved in local security chapters like OWASP and ISC2 as a meeting organizer, host and presenter. You can contact him at danvasile@pentest.ro http://www.pentest.ro (personal blog)
  • 19. About the presentation This presentation is the deliverable of a larger research that the author did over the years. The paper is the result of the personal experience of the author.The paper is the result of the personal experience of the author. - Working for various sized companies - Working as a team member, coordinator, leader and director - Seen and have been under different organizational schemes Creating and managing a RedTeam is a difficult task. This presentation brings some light on the issues an organization will face in setting up a Penetration Testing Team.