“Some really smart penetration testers I know would probably get bored if they realized how much tedious recon and planning goes into a red team campaign.”

Twitter: @malcomvetter

Hi! My name is Tim MalcomVetter. I started using, building, and breaking computers in the 1980s as a kid and started getting paid for it in 2000. Along the way, I’ve:

• Consulted with Fortune 500s
• Hacked mainframe sockets to web APIs, fuel pumps to mobile apps
• Led e-commerce dev teams
• Deployed enterprise security solutions
• Made plenty of mistakes

Currently, I’m quite fortunate to run a great red team program at the world’s largest company, simulating adversaries across five continents with fantastic teammates I’ve been able to recruit/retain (hobby and career aligned)!

How did you get your start on a red team?

Right place, right time, right skills, right attitude. I like to think that red teaming really pulls in all the skills I’ve learned from every job I’ve ever had—in security or otherwise. I don’t think I can downplay any past experiences as not playing a role in my ability to get my career where it is—including part-time retail jobs in high school and college. I’m the sum of those experiences.

I also have to acknowledge how being a trusted advisor to an important client was a major contributing factor in my career. I was in the right position to help an organization grow ...