How to Build a Red Team

From phishing scams to ransomware, cyber-attacks are growing every day. But something else is growing too – as in the number of Red Teams being built by organizations just like yours. But is a Red Team right for you?

Red Teams

SANS defines a Red Team as “a process designed to detect network and system vulnerabilities and test security by taking an attacker-like approach to system/network/data access.”

Here at Core Security, we believe that a Red Team is the ultimate way to “Think like an Attacker.” No matter how you say it, a Red Team should be formed with the intention of identifying and assessing vulnerabilities, testing assumptions, viewing alternate options for attack and revealing the limitations and risks for that organization. Some organizations will have different teams for these functions in order to carry out conceptual challenges, war-gaming and to even challenge each other to provide the best security possible.

Sure this sounds like a good idea, but do you have the knowledge and resources to build out a team to do this? It comes down to a few key things to understand when it comes to expanding your security team to that of a Red Team. 

It all starts with understanding what a Red Team is and isn’t. Setting realistic expectations for both yourself and staff is crucial to help gauge success and define what you actually need for your organization. A crucial aspect here too is to differentiate the roles of a pen tester as well as the members of a Red Team.

Then, understand the mission of a Red Team. While some tasks may vary depending on the businesses you’re in, the responsibility and end goal is the same – challenge various aspects of your own security plans and procedures.

Next, determine who should be a part of your Red Team. Decide how many Red Teamers you need and diversify your team with members who have differing experience or backgrounds.