The Theory of Red Teaming - A Call to Action

GW RT Article.jpg

Since March 2018, I have been following the Red Team Podcast.  It is a podcast and blog dedicated to the subject of red teaming.  Now, you’re probably asking, “What is a red team?”  The concept is rooted in military history.  If that is of interest, just google Red Cell. A Red Team is a group that assumes the role of adversary and challenges another group to test and improve the efficacy of its strategies and procedures.   As the adversary, a Red Team will attempt to attack and exploit their target by any viable means necessary.  Vectors of attack can be physical, digital, social, and even theoretical.  The intention is to highlight the vulnerabilities of a target and eventually work with the target to eliminate those vulnerabilities.  Sounds cool, right?

The Red Team Podcast, however, dives deeper into the subject of what true red teaming is and discusses the mindset required to be an effective “Red Teamer.”  Ironically, the more you listen to the podcast, the more you learn that red teaming is quite difficult to define.  It spans numerous subjects of thought and study.  By it’s very nature, it proves difficult to provide a short and concise definition that encompasses all of its elements.  However, with all of the information provided in the podcast, the hosts (Uri and Dan) constantly field two questions in particular.  Hopefully, I can provide an answer to both that will be easy for average folk to understand.

“What is Red Teaming?”

 Ultimately, Red Teaming is a call to action.

It is about figuring out what you don’t know about yourself, and acting on that information.  It’s about self improvement.

From a security standpoint, it’s knowing your adversary.  It is about knowing who the hostile actors might be and what they want from you.  It is knowing how they will exploit your weaknesses and impose on your vulnerabilities. 

It’s imperative to know two things.  First, who is the adversary?  It can be a competitor, it can be a malicious hacker, or an insider threat.  “Insider threat,” means your adversary is within your own group or organization.  It is also important to realize that an attack will come through any viable means necessary.  It can be a physical attack, a digital breach, or simply through social engineering.

So, to truly define your enemy, the best course of action is to have an independent party, a Red Team, complete an assessment of your organization.  This Red Team will assume the role of your adversary.  They will carefully observe your practices, define habits and a method of exploitation, and finally commit a real world attack.   Afterward, they will report any discovered vulnerabilities, they should help you to mend them and help create any proactive response protocols deemed necessary.

From a Red Teamer’s perspective, your method of attack should be unique to what is observed.  If you truly want to service your client, remaining unpredictable is key.

Now, to the dismay of Uri and Dan, this usually leads to the second question.

“How do I become a Red Teamer?”

The answer is simple, but may be difficult for some to accept.

Build resiliency.

Many seem enthralled with the “cool factor” of red teaming, without realizing what is actually required of them.  They undermine the fact that red teaming requires a very specific mindset to achieve the objective.  It is not about what exploits you know or your locking picking skills.  If you really want to know what it takes to be a Red Teamer, apply the methodology of red teaming to yourself. 

What don’t you know?   What are your weaknesses?  Be sure to account for personal bias.  Speak with trusted friends, ask them to comment on your personality traits and your habits.  What do you do when you encounter difficulties?  Do you panic?  Do you quit?

Test yourself.  Put yourself in uncomfortable situations and see what happens.  Is there a particular skill set in which you lack expertise?  Say you have the digital capability, are you fit enough to properly accomplish a physical assessment?  If not, what are you doing about it?  If you don’t have the discipline to better yourself, what makes you think you can provide such a service to someone else?

To be a Red Teamer, you must have the strength of mind and character to embrace your own suffering.  Once you can achieve that, then the answer to this question should be clear to you.

“Do not sleep under a roof. Carry no money or food. Go alone to places frightening to the common brand of men. Become a criminal of purpose. Be put in jail, and extricate yourself by your own wisdom.” - Miyamoto Musashi