Building Red Team Capability Solutions Forum 2023

Technology has done wonders for productivity over the past 20 years, but cybercriminals have improved their own efficiency using the same tools. In just the past three years, attackers have cut the time needed to deploy an attack from months to days using automation and as-a-service technologies. Meanwhile, cybersecurity teams have never had more data to find patterns and stop attacks — yet the time to detect and respond is still measured in weeks, sometimes even months. How can we empower security leaders and their teams to respond in minutes or even seconds? Hear how leaders are using emerging innovations to close the time gap and inspire confidence as they move from reacting to anticipating.

Join in on the action! Connect with fellow attendees and our event chairs in the SANS Solutions Forum Interactive Slack Workspace. Sign in once and you'll be all set for the rest of our 2023 Solutions Forums. We'll see you there!


Thank You To Our Sponsors


Agenda | July 27, 2023 | 11:00 AM - 3:00 PM EST

Timeline (EST)

Session Details

11:00 AM

Welcome & Opening Remarks

Peter Szczepankiewicz, SANS Senior Instructor

11:20 AM

Chapter 1: Making the Case for Offensive Security

The hardest part of transformation is people and culture change. This is not news, nor is it easy to solve. Without a fresh approach to security and self-evaluation, security teams will be unable to move at the speed the business requires. Security transformation requires agility and creativity more than established knowledge and processes. However, most organizations have spent decades focusing budgets and energy on the latter. Join David Wolpoff, Co-Founder and CTO of Randori an IBM Company as he breaks down attacker's intrinsic motivators and how to close the gap between checking the boxes and actual defense.

David 'Moose' Wolpoff, Co-Founder & CTO, Randori, an IBM Company

11:55 AM

Chapter 2: Upping Your Threat Hunting Game By Seeing Yourself Like An Attacker

To effectively hunt for threats in your enterprise, you need to not only know what compromise looks like but to be able to predict where attackers are most likely to be. In this session, Evan Anderson, Chief Offensive Strategist, Randori an IBM company will walk you through how he profiles an organization and the thinking behind where, when, and how he decides to attack an organization. In this session, you’ll gain strategies you can employ to prioritize where to hunt and some tips for how you can stay one-step ahead of your adversary.

Evan Anderson, Chief Offensive Strategist, Randori, an IBM Company

12:30 PM


12:50 PM

Chapter 3: Establishing a Red Team capability

If you don't know what a red team is or what it does, how can you hire one?’ While organizations look to close the gap with continuous offensive testing, it is often prohibitive to operationalize with in-house resources. Fortunately, the rise of continuous offensive security solutions has enabled organizations to achieve objectives at a fraction of the cost. However, competing priorities and overlap in existing programs often make it difficult to align security priorities with business objectives. Join Chris Thompson, Associate Partner, Adversary Services, X-Force Red for an in-depth overview of red teaming, and the steps you can take to build establish a Red Team capability.

Chris Thompson, Global Lead, Adversary Services, X-Force Red at IBM

1:25 PM

Chapter 4: Arming Your Red Team

Threat actors vary in sophistication levels from the tooling they deploy to the tradecraft that is used. An organization needs to be ready to defend against these differing threat sophistication levels, and as offensive security practitioners we need to be able to replicate those various threats. This presentation will walk through how you can arm your red team with the knowledge needed to perform red team exercises using various levels of sophistication, which includes tooling, tradecraft, and overall team capability. Join Chris Thompson, the Global Head of Adversary Services and Brett Hawkins, Capability Lead at X-Force Adversary Services for an in-depth overview of strategies to aligning capability development to attacker sophistication.

Chris Thompson, Global Lead, Adversary Services, X-Force Red at IBM

Brett Hawkins, Capability Lead, Adversary Services, X-Force Red at IBM

2:00 PM

Isabella Rocha, Technical Product Marketing Manager, Randori, an IBM Company

2:10 PM

Chapter 5: Using Compliance Budgets to Build a Red Team Capability

Companies of every size face an age-old problem: too much to do with too little money. For security leaders, this has always been true: every company wants to be more secure, but there never seems to be enough resources to make it a reality. Join Randori and EMA Analyst, Chris Stefan, as he outlines how enterprises can leverage their existing compliance budgets to invest in building a red team capability by adopting Continuous Automated Red Teaming (CART) platforms.

Chris Steffen, Vice President, Research, Enterprise Management Associates

2:45 PM


Peter Szczepankiewicz, SANS Senior Instructor