Red Team Operations: Presenting your findings - Security Boulevard

Red Team Operations: Presenting your findings

The importance of the Red Team presentation

At the end of the Red Team assessment, there are usually two main deliverables. The Red Team report provides a report providing a comprehensive description of the assessment, identified vulnerabilities and recommendations for remediating them. The Red Team will also have a final out-briefing which is designed to cover most of the same information.

Beyond providing the customer with the opportunity to ask questions and catering to auditory learners, the presentation is important because it addresses a different audience than the report. Most executives will not read the full Red Team report or have the background to understand it. While a good Red Team report includes an executive summary, there is no guarantee that the summary will be read, and it lacks much of the detail of the report.

Providing a good presentation to the executives is important, as they’re probably the ones who actually hired the Red Team. To improve realism, many assessments are blind. A good presentation can help the executives feel that they’ve gotten their money’s worth and improve the probability of repeat business.

Designing the slide deck

The Red Team presentation is designed to make the details of a Red Team assessment understandable to a non-technical audience. Important parts of this are building a narrative in the presentation and playing to the audience.

Build a narrative

Humans tend to do better when information is conveyed in the form of a story. The nature of a Red Team assessment lends itself well to this, since the audience benefits from understanding how the Red Team moved from no knowledge of the target to identification and exploitation of a discovered vulnerability. The presentation should start high-level, move into detailed findings and close out by providing actionable guidance.

Start high-level

Before diving into (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Howard Poston. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/KQ0N4JsFL3c/