Why Thinking Like an Adversary?
A Change of Mindset
Security is hard. The security world is full of things that are hard to control. Attacks can occur at any time and place, most of the time in places not of our choosing, and when the time is worst. These attacks usually involve adversaries of unknown size and capabilities, making it harder to have a fixed and solid plan to deal with them. These adversaries, during an active attack, can and will pivot from their initial point of entry or discovery, usually having more than one point of persistence.
Security is hard.
Back in 2009, when we opened the Digital Ops Group, we had this sort of plan we wanted to execute:
(1) Create awareness on what Red Teaming is. (2) Spread the adversarial mindset to domains other than security. (3) Create a company that can provide true adversarial services across many industries. (4) Create the biggest “professional bad guy” community.
We succeeded with (1) and (2) through blog posts, presentations, and a combined effort of several different Red Teamers that think like us.