Getting Started in Red Teaming and Offensive Security — CyberSpeak Podcast

On this episode of the CyberSpeak with InfoSec Institute podcast, Curtis Brazzell, managing security consultant at cybersecurity firm Pondurance, discusses the methodologies and day-to-day operations in Red Team operations.

In the podcast, Brazzell and host Chris Sienko discuss:

  • Tell us about the Intrusion Detection and Response Platform you’ve been building in your spare time. (1:15)
  • How did you get started in computers and security? (2:20)
  • Can you explain what a Red Team is and how it related to things like penetration testing? (4:35)
  • What made you want take your career further into Red Teaming? (6:35)
  • What makes a good Red Team member? (7:40)
  • What experience, qualification and accomplishments should you aim for to become a desirable Red Team candidate? (9:05)
  • How do Red Teams actually work? (10:05)
  • What are some of the common methodologies that Red Teams employ? (10:55)
  • What type of companies employ Red Teams? (13:35)
  • Is there any benefit to having a Red Team on staff for smaller organizations? (14:35)
  • How often should the average company test their security with a Red Team? (15:10)
  • What is “too far” when it comes to Red Team testing? (15:55)
  • How long does it take to complete a full Red Team assessment? (17:20)
  • How do you report your findings to the company so they can close their security gaps? (17:50)
  • Why has Red Teaming received such a boost in interest at the moment? (19:10)
  • What are the pros and cons of different vulnerability methods you utilize to identify security issues? (20:20)
  • Are organizations over-prescribing Red Teams as a security solution? (21:25)
  • What are your thoughts on Purple Teams? (22:10)
  • What types of security solutions does Pondurance provide? (23:25)
  • What’s the future of Red Teaming? (24:15)

(Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Jeff Peters. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/vxSSduvD_YE/