Testing yourself

I've presented The Red Team Mindset in different forums, from military and law enforcement to civilian and the corporate world. The subject that people seem to be more interested at the Q+A at the end is how to begin applying the Red Team Mindset. My answer is a simple exercise.

I divide the people into teams, 2 per team would do. One person on the team creates a network, physical installation or anything you have to defend. Then that person also creates and plans the defenses for it. The second person on the team will try to find the vulnerabilities in the plan. Once that's done, remediation measures are applied.

Now, this is the important part of the exercise, the person that planned the defenses now gets to attack its own plan. In the big majority of cases, that person found vulnerabilities that had escaped him and his parter (the attacker) in the initial assessment.

Attacking your own plan can provide a good way of getting into the right mindset, but only after you have observed a "3rd party" go through the assessment first.

Try it.

Taking a 180 degree turn on the original plan

On giving a fuck | Patrick Rhone