Applying Newly Acquired Skills During a Red Team Engagement

Ben Boyle Security Consultant and Penetration Tester, Coalfire

Can you tell us about your professional background, your current role, and organization?

I've worked in IT for the last 10 years and have focused on cyber security for the last six. After I earned a degree in information systems, my career began on the IT help desk side of the house. After a few years (and many job applications), I was fortunate to move into a security consulting role at a major healthcare organization. It was there that I really became interested in offensive security, and a few years later I transitioned into a role as a pen tester.

I'm currently working as a Security Consultant and Penetration Tester for Coalfire, a cyber risk advisory firm that provides technical security services to a wide range of organizations around the world.

In your opinion, what is one of the biggest challenges cyber security professionals face?

In my (very humble) opinion, I think one of the biggest challenges for cyber security professionals is to effectively convey the risk that their client organizations face in a way that executive leadership can understand and act on. That's why it's critical for security consultants to have an in-depth understanding of security principles so that they can “speak the security parlance” and provide meaningful, cost-effective solutions to mitigate those risks.

What personal challenges/obstacles do you face, or have you faced in relation to cyber security? What steps have you taken to overcome or combat those obstacles?

I'm a relative newcomer to the field compared to many others, and I've been keenly aware of my own knowledge gaps and have worked hard to overcome that deficit by constantly learning and building my cyber security knowledge as quickly as possible. That's one of the reasons I appreciate SANS training so much. SANS courses crystallize the relevant principles of security in a way that's both easily approachable yet highly applicable.

Why did you choose to train with SANS, and why did you select the course(s) and certification(s) you did?

SANS has always had a reputation in the InfoSec industry for putting out high-quality training offerings. When I took my first SANS course several years ago (SEC401: Security Essentials Bootcamp Style), I knew I had hit a gold mine of security knowledge! I consider SANS training to be my “secret weapon” in technical knowledge and skill development. As for why I chose the courses and certifications I did, my goal is to become a knowledgeable security consultant across all security domains, from the red team to the blue team and even forensics perspectives.

Can you give an example or two of things you’ve learned in SANS courses that you were able to apply directly to your job?

I can name several examples, but there is one that immediately comes to mind. After taking SEC511: Continuous Monitoring and Security Operations and SEC599: Defeating Advanced Adversaries – Purple Team Tactics & Kill Chain Defenses, I was able to directly apply topics from those courses on a red team engagement by modeling various Tactics, Techniques and Procedures (TTPs) of real-world adversaries. In fact, I worked closely with the client’s blue team to form a true “purple team” where we emulated various attacks (similar to a cyber range), measured the effectiveness of their defenses, and helped educate the client on how to better detect and prevent such attacks in the future. That was one of the most effective red team engagements I've been a part of, and our client loved it! It amazes me how SANS courses that are aimed primarily at blue teamers actually help me as a red teamer.

Have you utilized free SANS resources? If so, what resources have been the most beneficial to you?

Absolutely. I frequently leverage the many resources from SANS as force multipliers in my daily work. I love that I can get a high-level introduction to various topics via webcasts, and then dive into more in-depth technical information from the whitepapers. In fact, while studying to take my recent GCIA certification, I referenced several SANS whitepapers for additional clarity on various topics, from packet analysis to bit-masking and more. It's awesome that these resources are offered for free!

Completed SANS Courses

GIAC Certifications