上QQ阅读APP看书,第一时间看更新
Chapter 1: Establishing an Offensive Security Program
Establishing an offensive security program within an organization might seem a challenging task compared to just compromising its assets, but it is one of the most exciting tasks to perform as a penetration tester, lead, or manager. Being there to actively design a strategy for changing the security culture of an entire organization is a great opportunity, and it is rewarding and a lot of fun.
As a leader and manager of an offensive security team, it is critical to set clear principles and a vision and rules for the team. This chapter will discuss the aspects to consider and provide some ideas about how to build a strong foundation.
The following topics will be covered in this chapter:
- Defining a practical mission for a cyber-operational red team program
- Finding support among and influencing leadership to establish a red team program
- Strategies on where in the organization the red team should be situated
- The importance of building an offensive security roadmap
- Understanding the unique skills required for the job, as well as how to attract and retain adversarial engineers and thinkers
- Offering different red teaming services to your organization
- Establishing principles, rules, and standard operating procedures to mature the program
- Modeling the adversary and understanding the anatomy of a breach
- Considerations for open versus closed office spaces and how it impacts security and team culture