Zenko’s book is awesome! We actually link to it in the SIG’s wiki page [0], as that book is partially responsible for the group’s name.

I was unaware of the World Affairs talk, though. Really cool, thanks for sharing!


[0] - https://fedoraproject.org/wiki/SIGs/Red_Team#Naming_Rationale

Jason Callaway | jcallaway@redhat.com | (240) 285-9529 | GPG Key 0x81ED4A9A

On Sep 16, 2017, at 9:02 PM, Hal Murray <hmurray@megapathdsl.net> wrote:

There is an interesting book:
 Red Team
 How to succeed by Thinking like the Enemy
 Micah Zenko

I thought it was good.  It's not focused on IT, but there is plenty of IT in
it.  Good background if you are focused on IT.

"You cannot grade your own homework."
"The boss must buy in."  (and signal down the chain)
"not a core practice", "doesn't generate income"

There is an interesting section about 28 minutes into the video (below).  In
a commercial world, some people actively avoid red teams.  The legal
penalties for negligence are smaller than those for willful harm.  That is
followed by a discussion of GM's ignition switch mess.  The corporate culture
was to suppress bad news in the interest of maintaining quarterly profits.  
You can hide problems in committees.


He gave a talk at the World Affairs Council, Dec 2015

Red teaming: it's a practice as old as the Devil's Advocate, the
sixteenth-century Catholic official charged with discrediting candidates for
sainthood. Today red teams--groups of fearless skeptics and friendly
saboteurs--are used widely in both the public and private sectors. Red
teaming helps pinpoint institutional weaknesses and anticipate potential
threats ahead of the next Special Forces raid, malicious cyberattack, or
corporate merger. But not all red teams are created equal; indeed, some cause
more damage than they avert. Using them effectively just may be the greatest
challenge for organizations in the twenty-first century.

In Red Team, security expert Micah Zenko draws on the little-known case
studies and unprecedented access to elite red teamers to reveal the best
practices, common pitfalls, and winning strategies of these modern-day
Devil's Advocates. Red Team shows how any competitive group can succeed by
thinking like the enemy.


There are several other similar videos on YouTube.  I assume they were all
part of a book tour.

These are my opinions.  I hate spam.

security mailing list -- security@lists.fedoraproject.org
To unsubscribe send an email to security-leave@lists.fedoraproject.org