Last time, I spoke to Katherine Teitler. She’s the director of content for MISTI Training Institute. She also helps run the InfoSec World conference.

This time, I spoke with Carrie Roberts. She has a senior red team role with Walmart. She’s also a pretty good cartoonist if I say so myself.

Kimberly Crawley: Tell me a bit about what you do.

Carrie Roberts: I am a Senior Red Team Engineer for Walmart. This means I work with a team to perform the same kind of attacks against Walmart computer systems as actual adversaries. By doing this in a controlled manner, our team is able to demonstrate, in a tangible and impactful way, where weaknesses are and suggest areas of improvement. These exercises also allow the organization to measure their detection and response capabilities. Think of it as a scrimmage while practicing a sport.

KC: Does Walmart give you information about the networks you penetration test for them?

CR: I can’t give specifics about my work at Walmart, but in general, a red team is not provided with privileged information in order to keep things more representative of an adversary.

KC: How did you get into redteaming in the first place? Did you do red team work for other companies before you were hired by Walmart?

CR: I spent 10 years as a mechanical engineer when I was encouraged to learn computer science to diversify my skillset. After one trial class, I was sold. I finished a degree in computer science and started writing code. I first learned about pentesting when my code failed a security audit. I was surprised that I hadn’t been taught anything about these issues in school. I felt shocked, horrified, vulnerable, intrigued, and more. So I resolved that I (Read more...)