This time, I spoke with Carrie Roberts. She has a senior red team role with Walmart. She’s also a pretty good cartoonist if I say so myself.
Kimberly Crawley: Tell me a bit about what you do.
Carrie Roberts: I am a Senior Red Team Engineer for Walmart. This means I work with a team to perform the same kind of attacks against Walmart computer systems as actual adversaries. By doing this in a controlled manner, our team is able to demonstrate, in a tangible and impactful way, where weaknesses are and suggest areas of improvement. These exercises also allow the organization to measure their detection and response capabilities. Think of it as a scrimmage while practicing a sport.
KC: Does Walmart give you information about the networks you penetration test for them?
CR: I can’t give specifics about my work at Walmart, but in general, a red team is not provided with privileged information in order to keep things more representative of an adversary.
KC: How did you get into redteaming in the first place? Did you do red team work for other companies before you were hired by Walmart?
CR: I spent 10 years as a mechanical engineer when I was encouraged to learn computer science to diversify my skillset. After one trial class, I was sold. I finished a degree in computer science and started writing code. I first learned about pentesting when my code failed a security audit. I was surprised that I hadn’t been taught anything about these issues in school. I felt shocked, horrified, vulnerable, intrigued, and more. So I resolved that I (Read more...)
This is a Security Bloggers Network syndicated blog post authored by Tripwire Guest Authors. Read the original post at: The State of Security