It’s common to hear the phrase “never leave security to chance” in business. Given the rapid advancement and persistence of cybercrime, chief information security officers (CISOs) need the ability to deploy offensive security measures to protect their networks. One way to do this is to employ a team of hackers to proactively protect the organization’s data and infrastructure.

A capable offensive hacking team can conduct advanced penetration testing and bug discovery within the organization and deliver technical leadership when executing tactical, comprehensive assessments. Members of this team of hackers should have an affinity for advanced attack techniques and a passion for spotting vulnerabilities.

Encouraging Information Sharing

In organizations that have a security operations center (SOC), a red team is deployed to continually prod the organization’s security posture. This can also be a specialized third-party entity tasked to emulate cybercriminal behaviors and techniques as realistically as possible. In return, the red team shares intelligence with the blue team, which defends against these mock attacks.

Due to the attitudes and practices inherent to each role, there are many challenges surrounding the relationship between red and blue teams. Here are a few examples:

  • Red and blue teams have ideological differences. Often, neither team is properly trained to share information with the other, thus defeating the purpose of the exercise. Moreover, blue teams tend to be risk-averse, while red teams are typically more reckless.
  • Red teams are absorbed within the organization and limited in their ability to conduct assessments, which diminishes their charter and value considerably.
  • Red on blue exercises are not always seen as integral to the organization’s ability to combat vulnerabilities. As a result, metrics are commonly not shared between the teams and management.

To address these challenges, security leaders should consider installing a purple team to act as a crucial bridge and facilitate information sharing between the red and blue teams.

Listen to the podcast: The Value of Red On Blue Cyber Training

Assembling the Right Team of Hackers

When building red and blue teams, it’s important to ensure that candidates are willing to work in harmony and share ongoing metrics related to their activities. It is not enough to simply conduct routine penetration testing in lieu of hiring a red team to go against your blue team defenses. CISOs should take the following steps to overcome these obstacles:

  1. Chose teams members carefully. Candidates should be highly skilled in discovering vulnerabilities and defending against attacks. Above all, these team members must be willing to share information with their counterparts.
  2. Get the teams together. At the onset, gather the team members to get consensus and buy into the overarching strategy. Instruct them to conduct a thorough analysis of risks and vulnerabilities and then devise a response plan. The overall goal is for the teams to practice discovering vulnerabilities and reporting metrics to management.
  3. Spread awareness. People are the weakest links in any security program. Even with the strictest controls over your data, adversaries can exploit employees’ behaviors. Red teams should conduct unannounced exercises, such as staging phishing email campaigns to determine which users might click on a malicious link or open a malware-laden document.
  4. Go beyond your perimeter. Cloud solutions introduce additional security challenges. It’s important to consider all the legal implications, such as service-level agreements (SLAs), to determine whether the red team has the right to test against the provider’s defenses.

Seasoned CISOs understand that information security is always a moving target. Adversaries are extremely sophisticated and will stop at nothing to breach your organization. Moreover, the organization’s network infrastructure, applications and employees are always changing and adding complexities to your security program. Each one of those changes presents a far different attack footprint, and teams of hackers are well-equipped to discover those vulnerabilities and predict unintended consequences before they can damage the organization.

More from CISO

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

6 Roles That Can Easily Transition to a Cybersecurity Team

With the shortage of qualified tech professionals in the cybersecurity industry and increasing demand for trained experts, it can take time to find the right candidate with the necessary skill set. However, while searching for specific technical skill sets, many professionals in other industries may be an excellent fit for transitioning into a cybersecurity team. In fact, considering their unique, specialized skill sets, some roles are a better match than what is traditionally expected of a cybersecurity professional. This article…

Laid Off by Big Tech? Cybersecurity is a Smart Career Move

Big technology companies are laying off staff as market conditions change. The move follows a hiring blitz initially triggered by the uptick in pandemic-powered remote work — according to Bloomberg, businesses are now cutting jobs at a rate approaching that of early 2020. For example, in November 2022 alone, companies laid off more than 52,000 workers. Companies like Amazon and Meta also plan to let more than 10,000 staff members go over the next few years. As noted by Stanford…