Red Teaming, one of the best ways to accurately determine your organization's cyber resiliency. But at what cost?
Behavior change marketing isn't new. And it's been in use for just about forever. We see its use for traditional marketing everywhere. It's time to use it internally to drive positive cybersecurity behavior.
Long ago, Ben Horowitz delineated good and bad product managers in his Good Product Manager/Bad Product Manager post. I've had good and bad CISOs and realized Ben's thoughts are broadly applicable to the CISO position and leadership roles.
Ask five different people inside your security team about how the organization is doing in terms of security and prepare to receive five different answers. Having strong metrics that are well understood will go a long way to removing the ambiguity of the question.
It might be time to shift the Assume Breach model further right.
Risk Hunting is the process of searching for a suspected risk. While risk hunting is something that is inherently done as the function of many security teams, it can be driven in several different ways.
It's as if we've been making the rules for our own game and taking the role of umpire, then acting surprised when the blue team doesn't show up.
Maturity levels do not dictate the success of your Red Team.. but more importantly, don't be the chauffeur.
The Red Team Dispatch is a place for opinions, hypotheses, studies, or anything that seeks to improve the Red Team industry.