Our very own Brianna Malcolmson presented at the Women in Security 2019 Conference in Melbourne last week. She presented on strategies for effective red-teaming. Her slides and the video are not public yet, but we will share the link when it is available.
In her own words :
"I’m so grateful for the opportunity to speak and share my philosophy on how to create an impactful red team that can generate security cultural change with correct priority & urgency throughout an entire organization at the #csoonline and #awsn_au Women in Security and Awards Conference yesterday in Melbourne! The secret isn’t technical capability, and the answer to red teaming gone wrong isn’t to muzzle and dilute the red team’s scary and realistic attacks. Setting your red team up for success requires attention to proper communication, at every stage of the operation. To increase the effectiveness of your red team and capture the cultural change that is so difficult to create I advocate for :
1- Consent based hacking: Getting enthusiastic approval from the highest level stakeholder of the target before you begin.
2- Tell Everyone: Craft entertaining narratives for all employee interest levels focusing on the impact of the attack had been real.
3- Empathetic Red Team hires: “Red team is a gift” means we recognize our job to help the organization however we can. We never blame, shame, or flex. Thanks to #Atlassian for sponsoring and championing for women in security and tech."