Time Table

Red Teams are the sparring partner of a mature security organization. Used correctly, they can prevent incidents, increase response times for defenders, and help to improve the overall security posture of products, systems, and entire organizations. By simulating real adversaries based on real-world threat intelligence, they provide a unique opportunity to see the world through an enemy’s eyes. To practice in a calm and safe environment what needs to be done quickly and decisive when a real incident occurs.

Building, maintaining, and growing a red team presents a lot of interesting challenges. From more obvious ones, such as picking the most relevant threat actors to simulate, to more subtle ones, such as maintaining implants and other delicate tooling safely, or how to communicate highly technical findings with high level executives and stakeholders effectively.

In this presentation, we will take a closer look at these challenges, what makes them hard, and how to approach solving them based on case studies from my own team at Google, and from conversations with many teams across the globe we had the privilege of supporting in building their internal red teams.