Wrangling Cats - How We Coordinate Red Team Testing

foreign cats how we coordinate red team testing I use the word we because all of us can Wrangle cats the disclaimer for this presentation is is that it's for educational purposes only and I am not speaking on behalf of my employer I've been a technology professional for the past 28 years including 18 years as a project manager I've worked for Fortune 500 companies and Technology telecommunications and financial Industries currently I provide the administration and coordination backbone for a red team for financial institution during this presentation you will learn how to use a workflow product to enhance the organization of Assessments and connect with business partners collect key performance indicators kpis and execute an end-to-end process I focused on jira because that is what I have experience in before we start wrangling cats let's take a look at eds's cat herders Super Bowl 34 commercial from the year 2000. it's a hard job but somebody has to do it organize and coordinate individuals to become cohesive teams one of the most effective skills to show is empathy now that we're on Common Ground let's get ready to Wrangle as we all know cyber security testing can be a challenging Endeavor introducing an additional layer of complexity it is this complexity a dedicated resource can use jira or another workflow product to organize red team activities this will allow researchers to then focus on Research as well as testing some of the activities this dedicated resource can take on are initial onboarding of the request prioritization scoping resource allocation training account provisioning removing obstacles this will result in areas of improvement key performance indicators kpis being employed through reporting from fields in jira some of these are efficiency by reducing assessment timelines speed by increasing the number of Assessments being performed communication by delivering findings to the customer transparency by providing detailed findings and recommendations for remediation and customer satisfaction by giving customers a voice during the entire process the end-to-end process developed was for the red teams to assess new technology that lines a business want to deploy as well as internal driven requests and individual research interests requests are submitted through customer portal or internally prioritized scoped prerequisites completed testing occurs and then findings are reported and debriefed with teams responsible for remediation kanban boards in jira were then used to provide a visual aid to show the progress of the red team activity now let's see what that looks like in the real world by showing what feature story activity and test issues look like in jira since I was unable to use current production issues from my employer I created my own please join me as we embark on a visit to the veterinarian you will see three ways a campaign board can be used to show the jira issues within the 2023 veterinarian visit the full board with one created quick filter that shows issues only assigned to the user in the filter the full board which is partially shown with zero created quick filters this shows only the logged in person's issues the full board which is partially shown as well with 10 created quick filters this can show the full team or the individual team members issues in the upcoming slides we will explore the different types of jira issues and how their hierarchy can be used for organization and coordination there is the feature the feature is similar to a program which will include all stories activities and tests to manage the work being performed this is the 2023 veterinarian visit feature it is the parent of the cat wrangling story which contains the reveal carrier and locate activities and the carrier insertion and Exposition test in technology this would be similar to having a hardware feature an ATM story research ATM models and research known ATM vulnerabilities activities and an ATM test second is the story the story can be used to separate work within the feature similar to projects this is the cat wrangling story which is the child of that 2023 veterinarian visit feature we just spoke about and the parent of the reveal carrier and locate cat activities and the carrier insertion Expedition test once again in technology this would be similar to having an ATM story which is a child of the hardware feature and parent of the research ATM models and research known ATM vulnerabilities activities and a team test third our activities activities can be used to break down the work from the story into individual tasks this is the reveal carrier activity which is a child of the cat wrangling story this is the locate cat activity which is an additional child of the cat wrangling story fourth there is the actual test this is the carrier insertion and Exposition test which is the child of the cat wrangling story this would be similar to having an ATM test which is the child of the ATM story now that we know which issues are needed in jira or any workflow product let's see them in action for those that love the movie say anything in the ban Europe It's the final countdown [Music] three this is the kanban board showing the reveal carrier activity already being marked as done since it has been displayed during the entire presentation the cat wrangling story and 2023 veterinarian visit feature in progress the locate cat activity and carrier insertion and Expedition test are still in to do two now you see that the locate cat activity has joined the cat wrangling story and 2023 veterinarian visit feature in progress next or since this issue is now in progress where is the cat ah there she is next will be the carrier insertion exhibition test which is still in to do one since we have located the cat she was named sprinkles by attendees at a previous convention locate cat activity has now been marked as done the carrier insertion and Expedition test has been now has now been moved in progress oh zero having successfully inserted sprinkles into the carrier and then completing her journey to and from the veterinarian the carrier insertion and Expedition test has been marked as done all issues in the future are now done thank you for joining me on this journey if anyone has any questions or would like to follow a sprinkle on future Adventures please reach out to me on LinkedIn