So, you want to be a Red Teamer? Again?

We wrote about this already, but times change and things get more complicated. So, here's the 2016 version of the answer to life, the universe and everything... I mean, about being a Red Teamer.

First of all, let's clarify what a Red Teamer is. A Red Teamer is simply a person that can think like the adversary, find the way around things and test/push the limits of security, plans, policies and assumptions. Simple.
A lot of different people can fit in here: hackers, physical security experts, physicists, phycologists, Law Enforcement professionals, military personnel, teachers... Anyone can fit here. It's not what you do, but your mindset.

Being a penetration tester doesn't make you a Red Teamer. Being a programmer doesn't make you a Red Teamer. Those things help if you have the mindset, but even then, it's all about experience, it's about how you look at problems, how you learn new things, how you adapt and how you stop playing by the rules when you need to. You need to think like a bad guy. You can probably learn this, but it you don't already have it, chances are it will be hard.

Before I continue, please, please, discard things like "ethical hacking" or things like that, it's just stupid. A hacker is a hacker. They find ways around things, good or bad. But a hacker is NOT necessarily a Red Teamer and Red Teaming is not ONLY about hacking.

1st rule of Red Teaming - the purpose of a Red Team is to become the adversary, to be the worst case scenario.

This means digital, physical and human. This means real world. This means looking at the whole picture. Got it?

So, do you want to be a Red Teamer?

Quote of the day

A Few Thoughts