Hiring cybersecurity talent in today’s environment can be incredibly challenging. But establishing a red team can be even trickier, because finding the right talent can be the difference between a highly successful or dysfunctional red team. Trust us – we’ve spent decades working as part of or alongside dozens of red teams for both commercial and government organizations.
For a red team to work effectively, it requires three things:
- Talented people.
- The right group mindset.
- The right tools.
If any of these components are missing or off, you will struggle to gain the full value of your investment and your employees will struggle to work effectively together as a team. But, when they come together – great things happen.
Having the right red team in place can help you improve security performance by simulating real-world attacks and giving blue teams a skilled opponent to spar with.
If you’re looking to build out a red team – here are a few of our recommendations for setting up the right team.
Mindset Matters: Your Team Has To Think Like An Attacker
The ancient chinese general Sun Tzu is famous for saying:
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
As the security team inside an organization, you already know yourself. The goal for anyone building out a red team should be to add an enemy to your team – to help you understand yourself and the enemy better. To achieve th8is capabilities of any effective red teamer should strongly overlap with the attributes of your adversaries.
If you’re up against a nation-state using zero-day threats, your red team needs to match those capabilities. If ransomware is your biggest fear, ensure anyone hired on your team has skills and experiences that mirror those of ransomware groups. However, regardless of the threats you face, there are common characteristics that set good red teamers apart.
Interview Tip 1: Seek Out Curiosity
Good red teamers are, by nature, curious. They’re interested in how systems work and why and are eager to push boundaries without being noticed. They are motivated not just by a potential payoff but also by the satisfaction that comes from solving hard problems.
Edge Cases and obscure questions get them excited. Good red teamers have an insatiable desire to learn, to explore and to stick with problems because the more they know, the more likely they are to succeed.
When hiring red teamers:
- Reward those that seek you out.
- Watch if they ask questions.
- Avoid folks who overdial on credentials or training.
- Ask them to get specific – truly curious people can go deep.
Interview Tip 2: Test for Creativity
Great red teamers are also creative. The vast majority of modern cyberattacks use tools and techniques that existed 10, 20, and even 30 years ago. But they’re not all being used in the same way. Attacks today are not plug & play – hackers are constantly remixing and reinventing existing attack methods to bypass defenses and advance their craft.
For example, the GoLang Trojan ChaChi was developed in early 2020, but since then it’s been constantly evolving. In 2021 its creators altered the code to include obfuscation and more updates will follow. As defenders adopt more advanced security solutions like XDR, attackers have to continuously think outside the box looking for new and novel solutions. For malicious actors, innovation can mean the difference between a successful attack and jail time. For your red teamer – it can be the difference between a realistic assessment and a cookie-cutter penetration test.
When hiring red teamers:
- Given them a problem or challenge to solve.
- Look for signs of creativity in how they approach their answers
- Ask them for examples from the past where thinking outside the box led them to somewhere surprising.
Interview Tip 3: Filter for Grit
Lastly, great red teamers are tenacious. They don’t give up easily. Every organization has vulnerabilities; it’s only a matter of time before a hacker determined to break into your systems finds them. But finding them is what a vulnerability scanner is for. If you’re simply looking for vulnerabilities – don’t hire a red team.
Red teamers are hired to push the art of the possible – to find the ones that are truly exploitable or look for the cracks traditional tools miss. Doing so takes patience and persistence. Any red teamer worth hiring must exhibit the same persistence and drive as your enemy.
When hiring red teamers:
- Reward those that seek you out.
- Watch if they ask questions.
- Avoid folks who overdial on credentials or training.
- Ask them to get specific – truly curious people can go deep.
Interview Tip 4: Hire for Trust
Ultimately, there is one word that separates cybercriminals and red teams—trust. You need to be able to trust the attackers who are helping your organization improve its defenses, whether that’s an internal employee or a third-party team.
In this video, Simon Sinek explains the importance of trust in high-stress situations. Sinek explains that according to the NAVY Seals, you should always prioritize trust over performance in the hiring process.
The same goes for a field like cybersecurity. You need to be able to trust the people in the trenches next to you. You also need to know you’ve been set up for success by your process. With these qualities, a red team candidate can overcome slightly lower performance if they are trustworthy and can execute off the battlefield.
Get Started With Randori Attack
Finding and hiring red teamers can be hard work. If you’re looking for a faster path to unlocking a red team capability for your team – consider partnering with our team at Randori. Our offensive security platform can provide you with a continuous red teaming that’s up in running in days – not months. Backed by some of the world’s best ethical hackers, Randori can show you what a great red team looks like by giving you access to a world-class red team platform built by the best. Once you have your red team in place, we can extend your capabilities by arming them with a trusted adversary at a fraction of the cost of building out a comparable internal team.
Interested? Get started today by signing up for a free demo.
