A Change of Mindset
Back in 2009, when we opened the Digital Ops Group, we had this sort of plan we wanted to execute:
- Create awareness on what Red Teaming is.
- Spread the adversarial mindset to domains other than security.
- Create a company that can provide true adversarial services across many industries.
- Create the biggest “professional bad guy” community.
We succeeded with (1) and (2) through blog posts, presentations, and a combined effort of several different Red Teamers that think like us.
This bring us to (3). For a few years, our focus was on Red Teaming as it was known generally in the industry: a deeper security engagement where adversaries were simulated and a penetration of the physical, digital and human realms was performed.
This approach and way of doing things was good, however it presented a challenge. Most organizations are not ready for this kind of security assessments. Their security programs and people are not mature enough to really understand the need for Red Teaming, and they were not ready for the assessment, often resulting in wasted efforts and the fact that the Team penetrated them using techniques they never thought about.
So, here we are now. At an intersection. We could continue like this, but then, Red Teaming will continue to be an after-thought or, worse, something that is confused with penetration testing and other more traditional security offerings.
We are now changing the way we view Red Teaming. We truly are focusing is the overall goal of Red Teaming: to be a simulated adversary and help identify security gaps.
This means the way we do things, the overall approach to adversarial assessments, and our services have changed a little to support this. The focus now is on mindset. It is working with the stakeholders and understanding their needs, providing specific guidance that fit their needs. Learning and adapting to different industries and organizations, bringing the possible attackers to them in a way they can truly learn, adapt and become more resilient in the process.
So, (3) Create a company that can provide true adversarial services across many industries. Yes, it is happening now.
Imagine what we can do with (4)....