45Robin Wood

“In my opinion, as long as you scope a test correctly, it doesn’t really matter what it is called.”

Decorative image of a freelance security tester.

Twitter: @digininja

Hacker, coder, climber, runner. Robin is the cofounder of the UK conference SteelCon, as well as a freelance security tester. He is the author of many tools and is always trying to learn new things.

How did you get your start on a red team?

I should start by saying that red teaming is not my main job; I usually get brought into tests when the team needs specific skills, such as web security or tool development. So, my start was building up other skills and then being pulled into the world.

What is the best way to get a red team job?

I think there are two very different approaches; one, get skilled in one or two areas so you can be the person who goes into every team to do job X, and two, develop a rounded skill set so whatever is thrown at you, you can adapt and work with it. A good team needs both of these types of people. Which of these you go for depends on you and your abilities.

How can someone gain red team skills without getting in trouble with the law?

Without already being in a company that does this type of testing, it would be hard to cover all the skills used during a red team test. For example, phishing is hard to do outside a formal test. For general skills, CTFs and bug bounties are good for improving technical skills. Go for ...

Get Tribe of Hackers Red Team now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.