Getting Started in Red Teaming and Offensive Security — CyberSpeak Podcast

Subscribe: Apple Podcasts | Android | Google Podcasts | Stitcher | TuneIn | Spotify | RSS

On this episode of the CyberSpeak with InfoSec Institute podcast, Curtis Brazzell, managing security consultant at cybersecurity firm Pondurance, discusses the methodologies and day-to-day operations in Red Team operations.

In the podcast, Brazzell and host Chris Sienko discuss:

• Tell us about the Intrusion Detection and Response Platform you’ve been building in your spare time. (1:15)
• How did you get started in computers and security? (2:20)
• Can you explain what a Red Team is and how it related to things like penetration testing? (4:35)
• What made you want take your career further into Red Teaming? (6:35)
• What makes a good Red Team member? (7:40)
• What experience, qualification and accomplishments should you aim for to become a desirable Red Team candidate? (9:05)
• How do Red Teams actually work? (10:05)
• What are some of the common methodologies that Red Teams employ? (10:55)
• What type of companies employ Red Teams? (13:35)
• Is there any benefit to having a Red Team on staff for smaller organizations? (14:35)
• How often should the average company test their security with a Red Team? (15:10)
• What is “too far” when it comes to Red Team testing? (15:55)
• How long does it take to complete a full Red Team assessment? (17:20)
• How do you report your findings to the company so they can close their security gaps? (17:50)
• Why has Red Teaming received such a boost in interest at the moment? (19:10)
• What are the pros and cons of different vulnerability methods you utilize to identify security issues? (20:20)
• Are organizations over-prescribing Red Teams as a security solution? (21:25)
• What are your thoughts on Purple Teams? (22:10)
• What types of security solutions does Pondurance provide? (23:25)
• What’s the future of Red Teaming? (24:15)

(Read more...)