“The laws surrounding hacking are gray at best, but they will most likely not be in your favor.”

Twitter: @bk_up

Brent Kennedy is the red team director at Capital One Financial Corporation, where his team is responsible for conducting advanced, objective-based offensive operations that emulate threats faced by the organization and the financial industry as a whole. Formerly, Brent led the penetration testing team at the CERT Division of the Software Engineering Institute (SEI), where his team supported and assisted in the development of the Department of Homeland Security’s Risk and Vulnerability Assessment (RVA) and Red Team programs.

Brent is a graduate of Carnegie Mellon University (’10), where he received an MS in information security policy and management, and of Washington & Jefferson College (’08), where he received a BA in information technology and economics; he holds OSCP and GXPN certificates. Brent is also an adjunct professor at Carnegie Mellon University’s Heinz College and at Norwich University, teaching courses in ethical penetration testing and information security.

How did you get your start on a red team?

In a previous job, I worked for a Federally Funded Research and Development Center (FFRDC) that partnered with a federal agency to conduct penetration tests for other government organizations. Over time, some customers’ security posture ...