Red Teaming Without Red Teaming

When you mention the term Red Team some organizations get scared, some may even get confused. How do you make the right connections in your role to influence the decision makers and gain trust within your enterprise to conduct such exercises? This talk goes over the journey of gaining authorization to conduct simple phishing campaigns and communicate the results to the appropriate stakeholders and then moving on to more advanced operations, eventually conducting Red Team exercises. Most of us have seen or heard of such talks before, what separates this talk is that instead of asking to push that envelope we were instead asked to do more, eventually giving us more flexibility to conduct more advanced tests. How did we get to this point? It’s not necessarily who you need to talk to but how. What relationships need to be forged? How do you build that trust with executive leadership in a conservative organization? Nick will take you through his journey of how their team was able to do this along with bringing awareness to the masses, eventually making it difficult for them to even conduct their own campaigns.