Building Red Team Capability Solutions Forum 2023

11:00 AM

Welcome & Opening Remarks

Peter Szczepankiewicz, SANS Senior Instructor

11:20 AM

Chapter 1: Making the Case for Offensive Security

The hardest part of transformation is people and culture change. This is not news, nor is it easy to solve. Without a fresh approach to security and self-evaluation, security teams will be unable to move at the speed the business requires. Security transformation requires agility and creativity more than established knowledge and processes. However, most organizations have spent decades focusing budgets and energy on the latter. Join David Wolpoff, Co-Founder and CTO of Randori an IBM Company as he breaks down attacker's intrinsic motivators and how to close the gap between checking the boxes and actual defense.

David 'Moose' Wolpoff, Co-Founder & CTO, Randori, an IBM Company

11:55 AM

Chapter 2: Upping Your Threat Hunting Game By Seeing Yourself Like An Attacker

To effectively hunt for threats in your enterprise, you need to not only know what compromise looks like but to be able to predict where attackers are most likely to be. In this session, Evan Anderson, Chief Offensive Strategist, Randori an IBM company will walk you through how he profiles an organization and the thinking behind where, when, and how he decides to attack an organization. In this session, you’ll gain strategies you can employ to prioritize where to hunt and some tips for how you can stay one-step ahead of your adversary.

12:30 PM

Break

12:50 PM

Chapter 3: Establishing a Red Team capability

If you don't know what a red team is or what it does, how can you hire one?’ While organizations look to close the gap with continuous offensive testing, it is often prohibitive to operationalize with in-house resources. Fortunately, the rise of continuous offensive security solutions has enabled organizations to achieve objectives at a fraction of the cost. However, competing priorities and overlap in existing programs often make it difficult to align security priorities with business objectives. Join Chris Thompson, Associate Partner, Adversary Services, X-Force Red for an in-depth overview of red teaming, and the steps you can take to build establish a Red Team capability.

Chris Thompson, Global Lead, Adversary Services, X-Force Red at IBM

1:25 PM

Chapter 4: Arming Your Red Team

Threat actors vary in sophistication levels from the tooling they deploy to the tradecraft that is used. An organization needs to be ready to defend against these differing threat sophistication levels, and as offensive security practitioners we need to be able to replicate those various threats. This presentation will walk through how you can arm your red team with the knowledge needed to perform red team exercises using various levels of sophistication, which includes tooling, tradecraft, and overall team capability. Join Chris Thompson, the Global Head of Adversary Services and Brett Hawkins, Capability Lead at X-Force Adversary Services for an in-depth overview of strategies to aligning capability development to attacker sophistication.

2:00 PM

Demo

2:10 PM

Chapter 5: Using Compliance Budgets to Build a Red Team Capability

Companies of every size face an age-old problem: too much to do with too little money. For security leaders, this has always been true: every company wants to be more secure, but there never seems to be enough resources to make it a reality. Join Randori and EMA Analyst, Chris Stefan, as he outlines how enterprises can leverage their existing compliance budgets to invest in building a red team capability by adopting Continuous Automated Red Teaming (CART) platforms.

2:45 PM

Wrap-Up

Peter Szczepankiewicz, SANS Senior Instructor