4. Second Page :Definitions
RedTeam
Independent group that challenges an organization to improve its security.
Penetration TestPenetration Test
Method of evaluating computer and network security by simulating an attack on a
computer system or network from external and internal threats.
Security Operations Center
Centralized unit in an organization that deals with security issues, on an
organizational and technical level.
5. RedTeam – center of security
RedTeam members are cutting-edge
technical experts in a multitude of IT
domains and are used as consultants
by other services within the security
department.
Alongside with consultancy they also
provide:
-Training
- Mentoring
- Guidance
- Best practices
6. Functional relationships
The RedTeam provides expert knowledge and share information with all departments
across the Security Department. Just to name a few:
7. Organizing a RedTeam
Given the sensitive information the team is handling and the necessary technical skills,
gathering and organizing the team is not an easy task.
Key-points:
•Finding the right team members•Finding the right team members
•Finding the most suited organizational
structure
•Integrating with the current structure
•Maintaining the health of the team
•Continuous improvement
8. RedTeam members specs
Knowledge set:
Operating Systems
Networking and Protocols
Firewalls
DatabasesDatabases
Scripting
Programming
Forensics
Characteristics:
Good communication
Curiosity
Willing to learn and share knowledge
Interact with the team and the clients
9. RedTeam members
Specific backgrounds:
•Network administrator (multiple OSes and infrastructure equipments)
•Developer(multiple languages, depending on the organization’s profile)
•Quality Assurance (software)
•System Architect / Implementer / Consultant (hardware & software)
10. General organization structures
Organization structures according to PMBOK
Executive/CISO
Executive/CISO
RedTeam
manager
PenTest expert Pentest expert
Functional
Matrix
RedTeam
project
coordinator
PenTest expert
Pentest expert
Projectized
11. Specific structure
To meet performance criteria for a RedTeam, a specific organization structure is needed.
CISO
Roles
CISO – Team Champion, provides business interface and long term
goals
RedTeam Manager – Technical Rockstar, oversees and works on all
RedTeam
Director
Project
Coordinator
PenTest
Expert
Pentest
Expert
Pentest
Expert
RedTeam Manager – Technical Rockstar, oversees and works on all
projects, distributes workload, translates business needs into technical
details, establishes short and medium term goals
Project Coordinator – The Organizer, keeps track of everything
PenTest Experts – The Army, the very foundation of the security
department, champions, rockstars and organizers altogether,
exceptional individuals delivering security services
12. Penetration tester experts are highly trained individuals with huge
egos (a recognized leader of the team is in charge with making
everybody happy at the workplace and with each other)
Psychological aspects
Time for training and research (the experts need to train and to
research new subjects to stay at the top of the elite)
Creativity (get the experts out of the routine and let them come up
with ingenious ideas to solve problems faster and better)
13. Building a geographically distributed team (working in different
corners of the world can be beneficial to cover all clients, but the
sharing of knowledge is obstructed and internal fights can occur)
Sociological aspects
sharing of knowledge is obstructed and internal fights can occur)
Different remuneration for the same skill-set (while it’s impossible to
have the same remuneration for everybody, it’s a good idea to keep
them within the same ranges and at the top of the market rates to
keep the experts on your team)
15. Deliverables
RedTeam Exercise Reports
Penetration Testing Reports
Consultancy for fixing the identified vulnerabilitiesConsultancy for fixing the identified vulnerabilities
Training for development and networking teams
Whitepapers on best practices
InfoSec Metrics
Advisories for upper management based on all of the above
16. Internal vs. External RedTeam
Advantages Disadvantages
Internal RedTeam • Sensitive information never leaves the
company
• May be biased
• Need managementcompany
• Knowledge of the internal systems
• When not working on a project, the
RedTeam can provide other valuable
services
• Cheap
• Need management
External contractor • A fresh pair of eyes
• Expertise on exotic systems
• The company needs to expose
sensitive information to a 3rd party
• Need to understand the inner-
workings of the systems
• Expensive
17. Internal vs. External RedTeam
So, where is the break-even point in which an internal RedTeam is the best solution?
Small company
A smaller company can benefit from periodical penetration test
with clear scopes from an external contractor
Medium company
If the company broke the 100 machines limit, a serious options is
to hire a dedicated Penetration Tester and as the size of the
network and number of the applications grows to increase the
number of security experts and eventually create a RedTeam
Enterprise
For a large company, the internal RedTeam is a must and the ROI
is much better than using an external contractor
External contractors can be used periodically in conjunction with an internal RedTeam to
provide a black-box, unbiased, external view of critical systems
18. About the author
Dan Catalin VASILE is a security guy with more then 15 years in IT&C, out of
which 12 are related to security.
He’s been working with start-ups, small companies and industry giants,
gathering relevant experience from all of those.gathering relevant experience from all of those.
His main areas of interest are around application and network security.
He is also involved in local security chapters like OWASP and ISC2 as a
meeting organizer, host and presenter.
You can contact him at danvasile@pentest.ro
http://www.pentest.ro (personal blog)
19. About the presentation
This presentation is the deliverable of a larger research that the author did
over the years.
The paper is the result of the personal experience of the author.The paper is the result of the personal experience of the author.
- Working for various sized companies
- Working as a team member, coordinator, leader and director
- Seen and have been under different organizational schemes
Creating and managing a RedTeam is a difficult task. This presentation brings
some light on the issues an organization will face in setting up a Penetration
Testing Team.