“When people started realizing that the red team model offers a different value than a penetration test, marketers jumped on this to differentiate and caused a lot of confusion.”

Twitter: @MalwareJake

InfoSec professional. Breaker of poorly written software. Incident responder. Digital defender. Business bilingual. Jake Williams treats InfoSec like the Hippocratic oath: first do no harm. By addressing realistic risks, Jake helps businesses create secure environments that actually function. He penetration tests organizations so they can find the weak spots before an attacker does. When an attacker does find a weak spot first, Jake works with the organization to remove the attacker, assess the damage, and remediate the vulnerabilities that allowed the attacker access in the first place. Jake is also a prolific conference speaker, an instructor, and an InfoSec mentor.

How did you get your start on a red team?

I came from the government side, and they taught me how to hack nation-states. When I left government service, I looked for where I could best apply my skills. The answers were red team and incident response. The two fields are complementary since they both focus on adversary activities; only one is emulation, and the other is investigating their activities.

What is the best way to get a red team job?

Just like any other job—networking. Talk to red team ...