Is It Time for Your Security Team To Start Seeing Red? | Infosecurity Professional INSIGHTS

This is a very interesting article featuring the good friends at the Red Team Journal.

This section is one of the key points, in my opinion.

Skills Required for a Red Team

Devost cautions not to view - or convey - a red team as a pass or fail experiment but as a vehicle in an ongoing learning experience to continuously improve the company's security posture and business line.

A critical skill of a red team member is the ability to see an overall system, not just stovepipes, and to be mentally facile at thinking like a bad guy to develop and discover exploits.

Another important trait is effectively communicating findings in a way that encourages action, not animosity.

"Red teamers do themselves a disservice if they play Chicken Little and keep telling people the sky is falling," Mateski said. "Communicating with decision-makers from a risk-driven perspective is critical. That's one thing that separates the novice from the experienced red teamer, who has the ability to communicate in risk language."