About four years ago, I was working at Symantec as a Red Team Operator. Trevin Edgeworth, the head of Offensive Security at the time was building out the Red Team program. At the time, as I watched him put the pieces together that eventually turned into a world-class program, I was a bit overwhelmed. I began to document what he was doing, noting the pros and cons of certain decisions, and adding some of my own ideas to my notes. After about two years, I had something of a roadmap. After some outreach, it was pretty apparent that nothing of the sort existed publicly so we decided to publish it - this turned into the Red Team Maturity Model that is in use at dozens of organizations today.
The Red Team Dispatch is a place for opinions, hypotheses, studies, or anything that seeks to improve the Red Team industry.
We created the Red Team Maturity Model a couple of years ago. Since then, it's been adopted by several (that I know of) large organizations. The problem is that the model is without context.
The Red Team Dispatch is the solution. This is where the Maturity Model gets its color. It's where we can go to learn the different ways red teams gather metrics, how red teams are typically structured, and what different red teams do to retain talent or keep solid relationships with their counterparts on the blue side.
"Go alone if you want to go fast, go together if you want to go far"
This is not a place where it will exclusively host our own writings, it'll host content from those in corporate and consultant red teaming, and managers and leaders of those teams along with insights from organizational partners who might have interesting perspectives on our line of work.
How can I contribute?
Shoot me an email at email@example.com
What about the Red Team Maturity Model?
Good question! As members, updates to the model will be communicated and feedback will be requested. As always, if you use it, and you find room for improvement - we are always open to feedback!