“Red teaming isn’t a smash-and-grab. The red team is there to support, train, and collaborate and to strengthen the organization.”

Twitter: @redteamwrangler

Ryan is a red team lead engineer and has spent many years in security consulting. He has a particular interest in process analysis, continuous improvement, and building better teams.

How did you get your start on a red team?

I was working as a consultant doing penetration tests, putting an enormous amount of work into finding and exploiting vulnerabilities, but there was no end in sight. Some clients would fix a bunch of stuff, but I’d come back and find my way back to compromising Active Directory or an entire fleet of workstations. Worse, almost none of my clients could see what was going on during penetration tests. I was noisy and pervasive and didn’t raise any red flags.

So, I sought to give my clients a way to detect attacks, as it seemed quite impossible to prevent them all. That’s when I found red team as a concept, started attending blue team conferences, and proposed we start a red team practice.

Why can’t we agree on what a red team is?

Red teams really need to be in tune with their organizations. What they do is highly dependent on what’s needed, so what that is differs for every organization.

If you’re consulting as a red team, the approach is usually quite different from an internal team. ...