Podcasts
CSO Perspectives (Pro)
Ep 22
CSO Perspectives (Pro) 9.14.20
Ep 22 | 9.14.20

Red team, blue team operations and cybersecurity first principles.

Show Notes
Transcript

Red team, blue team operations are cybersecurity first principle strategies.

What do Pope Sixtus V, President Ronald Reagan, The FAA, the Prussian Army, and Looney Tunes have in common? They all totally understood the value of red team/blue team operations. Rick teaches us how penetration testing supports zero trust and red team/blue team operations support intrusion kill chain prevention. He and The Hash Table explain how to identify employees with the right aptitude for this work, and how purple team operations benefit training, development, and expertise in your infosec program.

Cybersecurity professional development and continued education.

You will learn about: how to scope penetration tests and exercises, achieving buy-in from executives, Kovel arrangements

CyberWire is the world’s most trusted news source for cybersecurity information and situational awareness. Join the conversation with Rick Howard on LinkedIn and Twitter, and follow CyberWire on social media and join our community of security professionals: LinkedIn, Twitter, Youtube, Facebook, Instagram

Additional first principles resources for your cybersecurity program.

For more red team, blue team, and cybersecurity first principles resources, check the topic essay.

Selected Reading:

  1. 2020 Red and Blue Team Survey Reveals Positive Trends,” by SAM HUMPHRIES, exabeam. 
  2. 3 Situations That Call for a Red Team,” by Lisa Earle McLeod, Huffington Post, 23 November 2013.
  3. Cobalt Group,” Mitre ATT&CK Framework, MITRE, 23 June 2020.
  4. Cybersecurity Red Team Versus Blue Team — Main Differences Explained,” BY SARA JELEN, SECURITYTRAILS BLOG, 7 December 2018.
  5. Devil’s Advocate – Ancient Phrase Traced To The Roman Catholic Church,” by Ellen Lloyd, AncientPages.com, 19 November 2018.
  6. ESTABLISHMENT OF NATIONAL SECURITY COUNCIL ARMS CONTROL VERIFICATION COMMITTEE - NATIONAL SECURITY DEClSTON DIRECTIVE NUMBER 65,” by President Ronald Reagan, the White House, 10 November 1982.
  7. Guide to Red Team Operations,” by Raj Chandel, Hacking Articles, 5 August 2019.
  8. Helpful Red Team Operation Metrics,” by Cedric Owens, Medium, 2 March 2020.
  9. Inside the CIA Red Cell: How an experimental unit transformed the intelligence community,” BY MICAH ZENKO, FP, 30 OCTOBER 2015.
  10. Kriegsspiel – How a 19th Century Table-Top War Game Changed History,” by MilitaryHistoryNow.com, 19 April 2019.
  11. Red Storm Rising,” by Tom Clancy, Putnam Adult, 1986.
  12. Red team,” by Millitary Wikia.org.
  13. Red Team U. creates critical thinkers,” By John Milburn, Associated Press, 18 May 2007.
  14. Red Team Vs Blue Team Testing for Cybersecurity,” by Zbigniew Banach, netsparker, 14 November 2019. 
  15. Red Team: How to Succeed By Thinking Like the Enemy,” by Micah Zenko, Basic Books, 3 November 2015.
  16. Red Team: How to Succeed By Thinking Like the Enemy,” by Micah Zenko, Council on Foreign, 1 November 2015.
  17. Red Teaming: How Your Business Can Conquer the Competition by Challenging Everything,” by Bryce G Hoffman, Crown Business, 16 May 2017.
  18. Red Teams: Strengthening through challenge,” by LtCol Brendan Mulvaney, Marine Corps Gazette, July 2012.
  19. Second public hearing of the National Commission on Terrorist Attacks Upon the United States,” Statement of Bogdan Dzakovic to the National Commission on Terrorist Attacks Upon the United States, 22 May 2003.
  20. "SECURITY IN THE COMPUTING ENVIRONMENT: A Summary of the Quarterly Seminar, Research Security Administrators - June 17, 1965," by Robert L. Dennis, System Development Corporation, for the DEFENSE DOCUMENTATION CENTER DEFENSE SUPPLY AGENCY, 18 August 1966.
  21. SOVIET NONCOMPLIANCE WITH ARMS CONTROL AGREEMENTS - NATIONAL SECURITY DEClSTON DIRECTIVE NUMBER 121,” by President Ronald Reagan, the White House, 14 January 1984.
  22. The Difference Between Red, Blue, and Purple Teams,” By DANIEL MIESSLER, 4 April 2020.
  23. The History Of Penetration Testing,” by Ryan Fahey, infosec.
  24. The importance of red teams,” by PETER ATTIA, Media, 24 May 2020.
  25. THE ORIGINS AND DEVELOPMENT OF THE NATIONAL TRAINING CENTER 1976 - 1984,” by Anne W. Chapman, Office of the Command Historian, US Army Training and Doctrine Command, 1992.
  26. The Red Team,” Chief - Arms Control Intelligence Staff, CIA, 17 January 1984.
  27. The Role and Status of DoD Red Teaming Activities,” by the Office of the Under Secretary of Defense For Acquisition, Technology, and Logistics, September 2003.
  28. Titan Rain - how Chinese hackers targeted Whitehall,” by Richard Norton-Taylor, The Guardian, 4 September 2007.
  29. "US Government Computer Penetration Programs and the Implications for Cyberwar,” by Edward Hunt, IEEE Annals of the History of Computing, IEEE Computer Society, 2012.
  30. Where does red teaming break down?” by David Spark, Allan Alford, and Dan DeCloss, “Defense in Depth” podcast, 3 September 2020.
CSO Perspectives (Pro)
Podcast Info
HOST(S):
Rick Howard
Hash Table logo
Rick Howard is the CSO of N2K and the Chief Analyst, and Senior Fellow at the N2K Cyber, formerly CyberWire. His past lives include CSO at Palo Alto Networks, CISO at TASC, the GM at Verisign/iDefense, the Counterpane SOC Director, and the Commander of the Army's Computer Emergency Response Team (CERT). Rick served 25 years in the Army, taught computer science at West Point, edited two books and just published his own book, "Cybersecurity First Principles: A Reboot of Strategy and Tactics" and he is regularly joined at the N2K Cyber's Hash Table by a collection of industry experts.
Schedule: Mondays (in season)
Credits: Edited by John Petrik and executive produced by Peter Kilpe. Our theme song is by Blue Dot Sessions, remixed by the insanely talented Elliott Peltzman, who also does the show's mixing, sound, and original score
Creator: CyberWire, Inc.
CSO Perspectives (Pro)