Design & Implementation of a
Red Team Program
Advance Persistent Threat Missions (24x7x365) Annually
Annual Sustainment Costs
Average of Unique Vulnerabilities Identified Per Month
Offensive Security Missions per year
Total Time in Months to Design & Implement
The client requested assistance in taking their current Penetration Testing Program to the next level. A quick assessment of their Penetration Testing Program reveled many gaps in their People, Processes and Technologies. Recommendation was to transform their current Penetration Testing Program into a Red Team Program.
Context / Action
Once customer leadership approved the recommendation to transform their current Penetration Testing Program into a Red Team Program then we went to work. We Designed and Implemented a Red Team Program (People, Processes and Technologies) that was authorized and organized to emulate a potential adversary’s exploitation and attack capabilities against a targeted mission or capability. In DoD, in accordance with Chairman of the Joint Chiefs of Staff Directives, Red Teams operate to identify exposed information and vulnerabilities of the target’s security posture; support information assurance readiness; create a degraded, disrupted, or denied cyber environment; participate in evaluation of Computer Network Defense Service Providers (CNDSPs) and its subscribers; and provide Protect Services for CNDSPs.
Once penetration testing people were aligned with the new processes and technologies then we reached out to become Army Certified Penetration Testing organization. This certification allowed the customer to be recognized as an Army Penetration Testing organization responsible for a specific area of responsibility within the USA. Having a specific area of responsibility enabled the customer to offer their services at the Enterprise Level. Leveraging this new certification, the customer was able to offer their services to any Army or non-Army customer within their new area of responsibility.
In the next phase, we coordinated with external organization, NSA, to identify what was needed to achieve the NSA Cyber Red Team Certification and Accreditation. We morphed the client’s existing Penetration Testing TTPs to a Red Team TTP.