Seeing Red (Team)
Another change!?
Jeez, how often do I change jobs? Seems like a lot, but it really isn’t. I’m still at the same company, I’ve just moved to a different team, and that’s after nearly 2 1/2 years in the my last role.
So what am I doing…?
The best defense is a good offense
My jersey has changed colours from blue to red! That’s right, I managed to social engineer our Red Team into thinking I’m the right person to join their team and enhance their capabilities. While I’d normally have a lot of impostor syndrome writing that sentence, it feels like pulling that off is a worthy enough hack to justify the move 😂
What’s a “Red Team”?
For those unfamiliar with the term, the “red team” in a security organization is responsible for “offensive” security. Rather that investigating potential security incidents, compromise, etc… the Red Team exists to identify how to compromise systems and people in the first place.
Think of security guards and detectives as the blue team, and think of the red team as the guy you’ve hired to break into your building to demonstrate where gaps in the blue team’s model (or the building’s security itself) exist.
In the specific context of my new role, my team is responsible for emulating APTs (Advanced Persistent Threats). We’re not doing pentests of applications or sending phishing emails to get numbers of clicks - our goal is to identify paths to fully compromise our company, show real impact, and make sure we’re as well prepared as we can be.
And yes, I’ll be the dumbest person in the room, by a significant margin. I am beyond excited for that to be the case as it’s how I learn best.
Time to learn
I expect the next few months to be focused on scaling the cliff-face that is the learning curve of moving into this role. As I find things that I can share, I’ll be trying to focus on doing so with this blog (and, of course, talk submissions at conferences) but I think it’ll take a while for me to be able to make heads or tails of things in a meaningful enough fashion.
Stay tuned!