On this episode of the CyberSpeak with InfoSec Institute podcast, Curtis Brazzell, managing security consultant at cybersecurity firm Pondurance, discusses the methodologies and day-to-day operations in Red Team operations.

In the podcast, Brazzell and host Chris Sienko discuss:

  • Tell us about the Intrusion Detection and Response Platform you’ve been building in your spare time. (1:15)
  • How did you get started in computers and security? (2:20)
  • Can you explain what a Red Team is and how it related to things like penetration testing? (4:35)
  • What made you want take your career further into Red Teaming? (6:35)
  • What makes a good Red Team member? (7:40)
  • What experience, qualification and accomplishments should you aim for to become a desirable Red Team candidate? (9:05)
  • How do Red Teams actually work? (10:05)
  • What are some of the common methodologies that Red Teams employ? (10:55)
  • What type of companies employ Red Teams? (13:35)
  • Is there any benefit to having a Red Team on staff for smaller organizations? (14:35)
  • How often should the average company test their security with a Red Team? (15:10)
  • What is “too far” when it comes to Red Team testing? (15:55)
  • How long does it take to complete a full Red Team assessment? (17:20)
  • How do you report your findings to the company so they can close their security gaps? (17:50)
  • Why has Red Teaming received such a boost in interest at the moment? (19:10)
  • What are the pros and cons of different vulnerability methods you utilize to identify security issues? (20:20)
  • Are organizations over-prescribing Red Teams as a security solution? (21:25)
  • What are your thoughts on Purple Teams? (22:10)
  • What types of security solutions does Pondurance provide? (23:25)
  • What’s the future of Red Teaming? (24:15)

– Become a Certified Red Team Operations Professional: https://www.infosecinstitute.com/courses/red-team-operations/

– Special offer for CyberSpeak with InfoSec Institute listeners: https://www.infosecinstitute.com/podcast

About CyberSpeak with InfoSec Institute

Get security awareness and IT training insight direct from the trenches in this weekly podcast hosted by InfoSec Institute’s Chris Sienko. Each week on CyberSpeak with InfoSec Institute, IT and security practitioners share their insights into a new topic, including security awareness, IT and security careers and keeping organizations safe from cybercrime.