Hacking Google - Lessons learned running and growing an internal red team
DAY 1
16:30-
17:10
Red Teams are the sparring partner of a mature security organization. Used correctly, they can prevent incidents, increase response times for defenders, and help to improve the overall security posture of products, systems, and entire organizations. By simulating real adversaries based on real-world threat intelligence, they provide a unique opportunity to see the world through an enemy’s eyes. To practice in a calm and safe environment what needs to be done quickly and decisive when a real incident occurs.
Building, maintaining, and growing a red team presents a lot of interesting challenges. From more obvious ones, such as picking the most relevant threat actors to simulate, to more subtle ones, such as maintaining implants and other delicate tooling safely, or how to communicate highly technical findings with high level executives and stakeholders effectively.
In this presentation, we will take a closer look at these challenges, what makes them hard, and how to approach solving them based on case studies from my own team at Google, and from conversations with many teams across the globe we had the privilege of supporting in building their internal red teams.
-
Location :
-
Track 1(HALL B)
-
-
Category :
-
General
-
-
Share :
Speakers
-
Stefan Friedli
ステファン・フリードリ
Stefan Friedli has worked in the field of information security for 20 years, with a strong focus on red teaming and penetration testing. He has been an advisor and consultant for Swiss financial institutes and large industrial and government entities before joining Google in 2019, where he is leading the red team today.