SANS Guide to Evaluating Attack Surface Management

Why I Believe in Randori – Rodolphe Simonetti

Rodolphe Simonetti

I’m thrilled to share that earlier this summer, I joined Randori as an advisor. Randori’s vision of bringing a continuous and authentic red teaming experience to every organization is audacious, but exactly what the market needs. There is nothing better than a trusted adversary to help test assumptions and prioritize what matters most

Having led a major security consulting services organization for the last 13 years, I’ve had a front-row seat in building the current approach to security testing, back when vulnerability scanning and an annual penetration test were good enough. 

But the world has evolved. Technology today is dynamic and ever-changing, and security testing needs to adapt to keep up. It needs to become continuous and dynamic and better reflect the adversaries we face.

Randori is bringing the attacker’s perspective to the market. By designing a platform that automates the tools, techniques, and procedures used by the most highly skilled offensive cybersecurity professionals, providing the trusted adversary that every company needs.

Having worked with hundreds of CISOs, I’ve seen increasing demand for more authentic testing, which started with penetration testing and has evolved into red teaming. I know the transformational impact a high-end red team experience can have on an organization’s security program, as well as the limitations of today’s approaches.

The challenge with today’s approach is twofold. Today’s assessments are point in time and provide a mere glimpse into a security program’s ongoing health. To understand risk, organizations must test as things change. Second, the most realistic tests, red team engagements, are costly and inaccessible to all but the wealthiest companies – yet the threats we face are universal. There simply are not enough skilled security professionals to do all the work needed. 

Given that there are not enough professionals to address this systemic need, we need to develop approaches that are accessible to everyone. To do thatyou need a system that can scale, while at the same time remain dynamic enough to truly adapt to each organization. Randori’s Attack Platform gives security teams customized, actionable insight into what their defenses really look like, giving the advantage back to the defender. 

Seeing and testing your environment — like an attacker — is essential to any organization’s security program. Having been able to lean in with the Randori team over the past few months, I am convinced they are the ones to bring this capability to market.

Rodolphe