“A red team is not just a bunch of hackers that try to break into your system from remote. It’s about social networking; it’s about physical aspects. There are a lot of different pieces of security.

An effective red team needs to be holistic in nature. But it also needs to test the people’s security prowess, so having a systems administrator not understand what to do when an incident occurs is just about as bad as the actual malware or the actual attack itself. If they do the wrong thing, it could be more catastrophic than the event itself.”

-- Jeff Moulton