SlideShare ist ein Scribd-Unternehmen logo

Building an InfoSec RedTeam

•
•
Dan Vasile
Dan Vasile

Building and maintaining a Red Team & Penetration Testing Team as the driving force of the Security Organizational Structure

BusinessTechnologie
1 von 20
InfoSec RedTeam Building and maintaining a Penetration Testing Team as the driving force of the Security Organizational Structure
First Page :Why RedTeam? To rescue MONEY& REPUTATION
First Page :How? By keeping HACKERS away!
Second Page :Definitions RedTeam Independent group that challenges an organization to improve its security. Penetration TestPenetration Test Method of evaluating computer and network security by simulating an attack on a computer system or network from external and internal threats. Security Operations Center Centralized unit in an organization that deals with security issues, on an organizational and technical level.
RedTeam – center of security RedTeam members are cutting-edge technical experts in a multitude of IT domains and are used as consultants by other services within the security department. Alongside with consultancy they also provide: -Training - Mentoring - Guidance - Best practices
Functional relationships The RedTeam provides expert knowledge and share information with all departments across the Security Department. Just to name a few:
Organizing a RedTeam Given the sensitive information the team is handling and the necessary technical skills, gathering and organizing the team is not an easy task. Key-points: •Finding the right team members•Finding the right team members •Finding the most suited organizational structure •Integrating with the current structure •Maintaining the health of the team •Continuous improvement
RedTeam members specs Knowledge set: Operating Systems Networking and Protocols Firewalls DatabasesDatabases Scripting Programming Forensics Characteristics: Good communication Curiosity Willing to learn and share knowledge Interact with the team and the clients
RedTeam members Specific backgrounds: •Network administrator (multiple OSes and infrastructure equipments) •Developer(multiple languages, depending on the organization’s profile) •Quality Assurance (software) •System Architect / Implementer / Consultant (hardware & software)
General organization structures Organization structures according to PMBOK Executive/CISO Executive/CISO RedTeam manager PenTest expert Pentest expert Functional Matrix RedTeam project coordinator PenTest expert Pentest expert Projectized
Specific structure To meet performance criteria for a RedTeam, a specific organization structure is needed. CISO Roles CISO – Team Champion, provides business interface and long term goals RedTeam Manager – Technical Rockstar, oversees and works on all RedTeam Director Project Coordinator PenTest Expert Pentest Expert Pentest Expert RedTeam Manager – Technical Rockstar, oversees and works on all projects, distributes workload, translates business needs into technical details, establishes short and medium term goals Project Coordinator – The Organizer, keeps track of everything PenTest Experts – The Army, the very foundation of the security department, champions, rockstars and organizers altogether, exceptional individuals delivering security services
Penetration tester experts are highly trained individuals with huge egos (a recognized leader of the team is in charge with making everybody happy at the workplace and with each other) Psychological aspects Time for training and research (the experts need to train and to research new subjects to stay at the top of the elite) Creativity (get the experts out of the routine and let them come up with ingenious ideas to solve problems faster and better)
Building a geographically distributed team (working in different corners of the world can be beneficial to cover all clients, but the sharing of knowledge is obstructed and internal fights can occur) Sociological aspects sharing of knowledge is obstructed and internal fights can occur) Different remuneration for the same skill-set (while it’s impossible to have the same remuneration for everybody, it’s a good idea to keep them within the same ranges and at the top of the market rates to keep the experts on your team)
PenTesting Process
Deliverables RedTeam Exercise Reports Penetration Testing Reports Consultancy for fixing the identified vulnerabilitiesConsultancy for fixing the identified vulnerabilities Training for development and networking teams Whitepapers on best practices InfoSec Metrics Advisories for upper management based on all of the above
Internal vs. External RedTeam Advantages Disadvantages Internal RedTeam • Sensitive information never leaves the company • May be biased • Need managementcompany • Knowledge of the internal systems • When not working on a project, the RedTeam can provide other valuable services • Cheap • Need management External contractor • A fresh pair of eyes • Expertise on exotic systems • The company needs to expose sensitive information to a 3rd party • Need to understand the inner- workings of the systems • Expensive
Internal vs. External RedTeam So, where is the break-even point in which an internal RedTeam is the best solution? Small company A smaller company can benefit from periodical penetration test with clear scopes from an external contractor Medium company If the company broke the 100 machines limit, a serious options is to hire a dedicated Penetration Tester and as the size of the network and number of the applications grows to increase the number of security experts and eventually create a RedTeam Enterprise For a large company, the internal RedTeam is a must and the ROI is much better than using an external contractor External contractors can be used periodically in conjunction with an internal RedTeam to provide a black-box, unbiased, external view of critical systems
About the author Dan Catalin VASILE is a security guy with more then 15 years in IT&C, out of which 12 are related to security. He’s been working with start-ups, small companies and industry giants, gathering relevant experience from all of those.gathering relevant experience from all of those. His main areas of interest are around application and network security. He is also involved in local security chapters like OWASP and ISC2 as a meeting organizer, host and presenter. You can contact him at danvasile@pentest.ro http://www.pentest.ro (personal blog)
About the presentation This presentation is the deliverable of a larger research that the author did over the years. The paper is the result of the personal experience of the author.The paper is the result of the personal experience of the author. - Working for various sized companies - Working as a team member, coordinator, leader and director - Seen and have been under different organizational schemes Creating and managing a RedTeam is a difficult task. This presentation brings some light on the issues an organization will face in setting up a Penetration Testing Team.
Thank you danvasile@pentest.ro http://www.pentest.ro

Empfohlen

Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Frameworkđź‘€ Joe Gray
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Red team Engagement
Red team EngagementRed team Engagement
Red team EngagementIndranil Banerjee
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hackingVikram Khanna
 
Red Team vs. Blue Team
Red Team vs. Blue TeamRed Team vs. Blue Team
Red Team vs. Blue TeamEC-Council
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEAdversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEJorge Orchilles
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows tool
Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows toolIntroducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows tool
Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows toolMichael Gough
 

Empfohlen

Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Frameworkđź‘€ Joe Gray
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Red team Engagement
Red team EngagementRed team Engagement
Red team EngagementIndranil Banerjee
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hackingVikram Khanna
 
Red Team vs. Blue Team
Red Team vs. Blue TeamRed Team vs. Blue Team
Red Team vs. Blue TeamEC-Council
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEAdversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEJorge Orchilles
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows tool
Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows toolIntroducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows tool
Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows toolMichael Gough
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Cyber Purple Teaming: Uniting Blue and Red Teams - B Sides San Antonio - Albe...
Cyber Purple Teaming: Uniting Blue and Red Teams - B Sides San Antonio - Albe...Cyber Purple Teaming: Uniting Blue and Red Teams - B Sides San Antonio - Albe...
Cyber Purple Teaming: Uniting Blue and Red Teams - B Sides San Antonio - Albe...Denim Group
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Mark Arena
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for youToby Kohlenberg
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFJorge Orchilles
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team FrameworkAdrian Sanabria
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple TeamPriyanka Aash
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onSplunk
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testingavioren1979
 
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue TeamersGo Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamersjasonjfrank
 

Weitere ähnliche Inhalte

Was ist angesagt?

Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Cyber Purple Teaming: Uniting Blue and Red Teams - B Sides San Antonio - Albe...
Cyber Purple Teaming: Uniting Blue and Red Teams - B Sides San Antonio - Albe...Cyber Purple Teaming: Uniting Blue and Red Teams - B Sides San Antonio - Albe...
Cyber Purple Teaming: Uniting Blue and Red Teams - B Sides San Antonio - Albe...Denim Group
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Mark Arena
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for youToby Kohlenberg
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFJorge Orchilles
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team FrameworkAdrian Sanabria
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple TeamPriyanka Aash
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onSplunk
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 

Was ist angesagt? (20)

Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
Cyber Purple Teaming: Uniting Blue and Red Teams - B Sides San Antonio - Albe...
Cyber Purple Teaming: Uniting Blue and Red Teams - B Sides San Antonio - Albe...Cyber Purple Teaming: Uniting Blue and Red Teams - B Sides San Antonio - Albe...
Cyber Purple Teaming: Uniting Blue and Red Teams - B Sides San Antonio - Albe...
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for you
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEF
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple Team
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 

Andere mochten auch

Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testingavioren1979
 
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue TeamersGo Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamersjasonjfrank
 
PTES: PenTest Execution Standard
PTES: PenTest Execution StandardPTES: PenTest Execution Standard
PTES: PenTest Execution StandardSource Conference
 
Purple teaming Cyber Kill Chain
Purple teaming Cyber Kill ChainPurple teaming Cyber Kill Chain
Purple teaming Cyber Kill ChainHaydn Johnson
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsRahul Neel Mani
 
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItAMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItNikhil Mittal
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration TestingAndrew McNicol
 
How to Be Awesome on Slideshare
How to Be Awesome on SlideshareHow to Be Awesome on Slideshare
How to Be Awesome on Slideshare24Slides
 
The Essentials of PowerPoint Color Theme
The Essentials of PowerPoint Color ThemeThe Essentials of PowerPoint Color Theme
The Essentials of PowerPoint Color Theme24Slides
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Rahul Neel Mani
 
Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Rahul Neel Mani
 

Andere mochten auch (11)

Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testing
 
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue TeamersGo Hack Yourself - 10 Pen Test Tactics for Blue Teamers
Go Hack Yourself - 10 Pen Test Tactics for Blue Teamers
 
PTES: PenTest Execution Standard
PTES: PenTest Execution StandardPTES: PenTest Execution Standard
PTES: PenTest Execution Standard
 
Purple teaming Cyber Kill Chain
Purple teaming Cyber Kill ChainPurple teaming Cyber Kill Chain
Purple teaming Cyber Kill Chain
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
 
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItAMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration Testing
 
How to Be Awesome on Slideshare
How to Be Awesome on SlideshareHow to Be Awesome on Slideshare
How to Be Awesome on Slideshare
 
The Essentials of PowerPoint Color Theme
The Essentials of PowerPoint Color ThemeThe Essentials of PowerPoint Color Theme
The Essentials of PowerPoint Color Theme
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
 
Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game
 

Ă„hnlich wie Building an InfoSec RedTeam

FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019
FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019
FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019Saeid Atabaki
 
Deploying a data centric approach to enterprise agility
Deploying a data centric approach to enterprise agilityDeploying a data centric approach to enterprise agility
Deploying a data centric approach to enterprise agilityComparative Agility
 
No more security empires - The ciso as an individual contributor
No more security empires - The ciso as an individual contributorNo more security empires - The ciso as an individual contributor
No more security empires - The ciso as an individual contributorPriyanka Aash
 
Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution Priyanka Aash
 
It Sales Presentation 2010 03 31
It Sales Presentation 2010 03 31It Sales Presentation 2010 03 31
It Sales Presentation 2010 03 31rhissrich
 
Module 1 - IDP.pptx
Module 1 - IDP.pptxModule 1 - IDP.pptx
Module 1 - IDP.pptxRAJESH S
 
Building digital product masters to prevail in the age of accelerations parts...
Building digital product masters to prevail in the age of accelerations parts...Building digital product masters to prevail in the age of accelerations parts...
Building digital product masters to prevail in the age of accelerations parts...Jeffrey Stewart
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE360 BSI
 
Patternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase DeckPatternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase DeckMaryLudloff
 
Devops for business : Efficiency & Innovation
Devops for business : Efficiency & InnovationDevops for business : Efficiency & Innovation
Devops for business : Efficiency & InnovationSatish Bhatia
 
Intranets on Microsoft SharePoint
Intranets on Microsoft SharePointIntranets on Microsoft SharePoint
Intranets on Microsoft SharePointedynamic
 
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE360 BSI
 
Isms4
Isms4Isms4
Isms4aaditya
 
IT Risk Management & Leadership 23 - 26 June 2013 Dubai
IT Risk Management & Leadership 23 - 26 June 2013 DubaiIT Risk Management & Leadership 23 - 26 June 2013 Dubai
IT Risk Management & Leadership 23 - 26 June 2013 Dubai360 BSI
 
Intranet governance - dull but necessary
Intranet governance - dull but necessaryIntranet governance - dull but necessary
Intranet governance - dull but necessaryJason Buck
 
Multisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoftSystems
 
Multisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoftNOIDA
 
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...Falgun Rathod
 
Project report on cctv
Project report on cctvProject report on cctv
Project report on cctvRatikanta Sahoo
 
Ramsoft_Brochure-Jul2013
Ramsoft_Brochure-Jul2013Ramsoft_Brochure-Jul2013
Ramsoft_Brochure-Jul2013Ramesh Santhanam
 

Ă„hnlich wie Building an InfoSec RedTeam (20)

FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019
FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019
FS-ISAC 2019 - Building an Effective Red Team Program 07/08/2019
 
Deploying a data centric approach to enterprise agility
Deploying a data centric approach to enterprise agilityDeploying a data centric approach to enterprise agility
Deploying a data centric approach to enterprise agility
 
No more security empires - The ciso as an individual contributor
No more security empires - The ciso as an individual contributorNo more security empires - The ciso as an individual contributor
No more security empires - The ciso as an individual contributor
 
Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution
 
It Sales Presentation 2010 03 31
It Sales Presentation 2010 03 31It Sales Presentation 2010 03 31
It Sales Presentation 2010 03 31
 
Module 1 - IDP.pptx
Module 1 - IDP.pptxModule 1 - IDP.pptx
Module 1 - IDP.pptx
 
Building digital product masters to prevail in the age of accelerations parts...
Building digital product masters to prevail in the age of accelerations parts...Building digital product masters to prevail in the age of accelerations parts...
Building digital product masters to prevail in the age of accelerations parts...
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
 
Patternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase DeckPatternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase Deck
 
Devops for business : Efficiency & Innovation
Devops for business : Efficiency & InnovationDevops for business : Efficiency & Innovation
Devops for business : Efficiency & Innovation
 
Intranets on Microsoft SharePoint
Intranets on Microsoft SharePointIntranets on Microsoft SharePoint
Intranets on Microsoft SharePoint
 
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
 
Isms4
Isms4Isms4
Isms4
 
IT Risk Management & Leadership 23 - 26 June 2013 Dubai
IT Risk Management & Leadership 23 - 26 June 2013 DubaiIT Risk Management & Leadership 23 - 26 June 2013 Dubai
IT Risk Management & Leadership 23 - 26 June 2013 Dubai
 
Intranet governance - dull but necessary
Intranet governance - dull but necessaryIntranet governance - dull but necessary
Intranet governance - dull but necessary
 
Multisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoft@Corporate Presentation
Multisoft@Corporate Presentation
 
Multisoft@Corporate Presentation
Multisoft@Corporate PresentationMultisoft@Corporate Presentation
Multisoft@Corporate Presentation
 
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
Cyber Octet Private Limited - Ethical Hacking & Cyber Security Training and S...
 
Project report on cctv
Project report on cctvProject report on cctv
Project report on cctv
 
Ramsoft_Brochure-Jul2013
Ramsoft_Brochure-Jul2013Ramsoft_Brochure-Jul2013
Ramsoft_Brochure-Jul2013
 

Mehr von Dan Vasile

Dan Vasile - Risk Calculation and Visualization
Dan Vasile - Risk Calculation and VisualizationDan Vasile - Risk Calculation and Visualization
Dan Vasile - Risk Calculation and VisualizationDan Vasile
 
SC Congress Amsterdam 2016 - IoT Security
SC Congress Amsterdam 2016 - IoT SecuritySC Congress Amsterdam 2016 - IoT Security
SC Congress Amsterdam 2016 - IoT SecurityDan Vasile
 
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...Dan Vasile
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Vasile
 
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Vasile
 
Bug bounty programs
Bug bounty programsBug bounty programs
Bug bounty programsDan Vasile
 

Mehr von Dan Vasile (6)

Dan Vasile - Risk Calculation and Visualization
Dan Vasile - Risk Calculation and VisualizationDan Vasile - Risk Calculation and Visualization
Dan Vasile - Risk Calculation and Visualization
 
SC Congress Amsterdam 2016 - IoT Security
SC Congress Amsterdam 2016 - IoT SecuritySC Congress Amsterdam 2016 - IoT Security
SC Congress Amsterdam 2016 - IoT Security
 
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
WordPress Security Implementation Guideline - Presentation for OWASP Romania ...
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
 
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress EcosystemDan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
 
Bug bounty programs
Bug bounty programsBug bounty programs
Bug bounty programs
 

KĂĽrzlich hochgeladen

Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...noida100girls
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsApsara Of India
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdftbatkhuu1
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Trucks in Minnesota
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 DelhiCall Girls in Delhi
 

KĂĽrzlich hochgeladen (20)

Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
 

Building an InfoSec RedTeam

  • 1. InfoSec RedTeam Building and maintaining a Penetration Testing Team as the driving force of the Security Organizational Structure
  • 2. First Page :Why RedTeam? To rescue MONEY& REPUTATION
  • 3. First Page :How? By keeping HACKERS away!
  • 4. Second Page :Definitions RedTeam Independent group that challenges an organization to improve its security. Penetration TestPenetration Test Method of evaluating computer and network security by simulating an attack on a computer system or network from external and internal threats. Security Operations Center Centralized unit in an organization that deals with security issues, on an organizational and technical level.
  • 5. RedTeam – center of security RedTeam members are cutting-edge technical experts in a multitude of IT domains and are used as consultants by other services within the security department. Alongside with consultancy they also provide: -Training - Mentoring - Guidance - Best practices
  • 6. Functional relationships The RedTeam provides expert knowledge and share information with all departments across the Security Department. Just to name a few:
  • 7. Organizing a RedTeam Given the sensitive information the team is handling and the necessary technical skills, gathering and organizing the team is not an easy task. Key-points: •Finding the right team members•Finding the right team members •Finding the most suited organizational structure •Integrating with the current structure •Maintaining the health of the team •Continuous improvement
  • 8. RedTeam members specs Knowledge set: Operating Systems Networking and Protocols Firewalls DatabasesDatabases Scripting Programming Forensics Characteristics: Good communication Curiosity Willing to learn and share knowledge Interact with the team and the clients
  • 9. RedTeam members Specific backgrounds: •Network administrator (multiple OSes and infrastructure equipments) •Developer(multiple languages, depending on the organization’s profile) •Quality Assurance (software) •System Architect / Implementer / Consultant (hardware & software)
  • 10. General organization structures Organization structures according to PMBOK Executive/CISO Executive/CISO RedTeam manager PenTest expert Pentest expert Functional Matrix RedTeam project coordinator PenTest expert Pentest expert Projectized
  • 11. Specific structure To meet performance criteria for a RedTeam, a specific organization structure is needed. CISO Roles CISO – Team Champion, provides business interface and long term goals RedTeam Manager – Technical Rockstar, oversees and works on all RedTeam Director Project Coordinator PenTest Expert Pentest Expert Pentest Expert RedTeam Manager – Technical Rockstar, oversees and works on all projects, distributes workload, translates business needs into technical details, establishes short and medium term goals Project Coordinator – The Organizer, keeps track of everything PenTest Experts – The Army, the very foundation of the security department, champions, rockstars and organizers altogether, exceptional individuals delivering security services
  • 12. Penetration tester experts are highly trained individuals with huge egos (a recognized leader of the team is in charge with making everybody happy at the workplace and with each other) Psychological aspects Time for training and research (the experts need to train and to research new subjects to stay at the top of the elite) Creativity (get the experts out of the routine and let them come up with ingenious ideas to solve problems faster and better)
  • 13. Building a geographically distributed team (working in different corners of the world can be beneficial to cover all clients, but the sharing of knowledge is obstructed and internal fights can occur) Sociological aspects sharing of knowledge is obstructed and internal fights can occur) Different remuneration for the same skill-set (while it’s impossible to have the same remuneration for everybody, it’s a good idea to keep them within the same ranges and at the top of the market rates to keep the experts on your team)
  • 15. Deliverables RedTeam Exercise Reports Penetration Testing Reports Consultancy for fixing the identified vulnerabilitiesConsultancy for fixing the identified vulnerabilities Training for development and networking teams Whitepapers on best practices InfoSec Metrics Advisories for upper management based on all of the above
  • 16. Internal vs. External RedTeam Advantages Disadvantages Internal RedTeam • Sensitive information never leaves the company • May be biased • Need managementcompany • Knowledge of the internal systems • When not working on a project, the RedTeam can provide other valuable services • Cheap • Need management External contractor • A fresh pair of eyes • Expertise on exotic systems • The company needs to expose sensitive information to a 3rd party • Need to understand the inner- workings of the systems • Expensive
  • 17. Internal vs. External RedTeam So, where is the break-even point in which an internal RedTeam is the best solution? Small company A smaller company can benefit from periodical penetration test with clear scopes from an external contractor Medium company If the company broke the 100 machines limit, a serious options is to hire a dedicated Penetration Tester and as the size of the network and number of the applications grows to increase the number of security experts and eventually create a RedTeam Enterprise For a large company, the internal RedTeam is a must and the ROI is much better than using an external contractor External contractors can be used periodically in conjunction with an internal RedTeam to provide a black-box, unbiased, external view of critical systems
  • 18. About the author Dan Catalin VASILE is a security guy with more then 15 years in IT&C, out of which 12 are related to security. He’s been working with start-ups, small companies and industry giants, gathering relevant experience from all of those.gathering relevant experience from all of those. His main areas of interest are around application and network security. He is also involved in local security chapters like OWASP and ISC2 as a meeting organizer, host and presenter. You can contact him at danvasile@pentest.ro http://www.pentest.ro (personal blog)
  • 19. About the presentation This presentation is the deliverable of a larger research that the author did over the years. The paper is the result of the personal experience of the author.The paper is the result of the personal experience of the author. - Working for various sized companies - Working as a team member, coordinator, leader and director - Seen and have been under different organizational schemes Creating and managing a RedTeam is a difficult task. This presentation brings some light on the issues an organization will face in setting up a Penetration Testing Team.