Defense in Depth

Use Red Teaming To Build, Not Validate, Your Security Program

Jan 18, 2024

Guest Richard Ford, CTO of Praetorian, challenges the misconception of red teaming as mere validation, emphasizing its value in strengthening organizations. They discuss conducting red teaming early in the project lifecycle, explore different perspectives and value of red teaming, and redefine it as a proactive tool. The chapter also highlights the importance of aligning definitions and repositioning red teams under the SOC for better defense posture.

31:34

Creator website

Episode guests

Richard Ford

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Red teaming should be seen as a proactive testing approach to strengthen defenses, not just a validation exercise.

There is a need to redefine red teaming and explore its value, considering diverse perspectives and objectives.

Deep dives

Red teaming as a tool to build defenses

Red teaming has the potential to identify areas where organizations need to strengthen their defenses, but it is often viewed as a mere validation of existing security measures. There is a need to shift the perception of red teaming and consider it as a way to proactively test infrastructure instead of waiting for it to be ready. By moving red teaming upstream, organizations can gain more value from these exercises and improve their overall security program.

Introduction

2min

The Importance of Conducting Red Teaming Exercises Early

2min

Exploring the Value and Perspectives of Red Teaming

9min

The Value of Red Teaming in a Security Program

5min

Redefining Red Teaming for a More Proactive Security Culture

11min

Aligning Definitions and Red Teaming's Role in Improving Defensive Posture

3min

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Richard Ford, CTO, Praetorian.

In this episode:

When did we all agree that red teaming was about validating security?
Does it seem like increasingly red teaming is a catch all term for a whole lot of testing that isn't clearly defined?
Is this making it hard to see its value?
Can moving red teaming upstream be more valuable to your organization?

Thanks to our podcast sponsor, Praetorian

Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Defense in Depth

Use Red Teaming To Build, Not Validate, Your Security Program

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Red teaming as a tool to build defenses

Different perspectives on red teaming

Shifting the focus to security culture

Considering the timing and effectiveness of red teaming

Remember Everything You Learn from Podcasts