CG - Wrangling Cats: How We Coordinate Red Team Testing

welcome everybody this already looks so fun so I'm just GNA introduce the talk so the today's topic is wrangling cats how we coordinate red team testing and our please welcome our speaker Jennifer traban well welcome everyone so as you see this is like one of the best commercials that was in super Super Bowl like history this is from EDS like back in the day so Super Bowl 34 Cat hurters by EDS all right so if you haven't done so already uh please pick up a pair of cat ears so you can listen in and participate okay so wrangling cats how we coordinate red team testing I use the word we because all of us can Wrangle cats so disclaimer the views of this presentation are mine and not of my employer so just keep that in mind my bio biography I've been in technology for about 28 years I've been a project manager for 18 of those I worked for Fortune 500 companies uh in technology telecommunications Financial in Industries currently for the past four years I've been on a red team providing Administration and coordination for well for red team for a financial institution the goals of this presentation or during the presentation you will learn how to use jira to enhance the organization of Assessments and connect with business partners collect key performance indicators and execute an endtoend process before we proceed any further we must name the star of the show now she was up here she's right over there she's kind of of migrated over there she's hiding because she sees the carrier so we must name her so earlier today in the Middle Ground you might have seen this box here for suggestions of names I received like 130 suggestions now Army trained I don't know if they're in the room they were definitely in it to win it because they submitted 97 of them so you know they really wanted to win you know uh so the two that I chose out of the 130 that were submitted were gritty Kitty she finds her shitty I don't know if uh Tom I don't know if it's j June or JN if if that person's here okay and then um army trained submitted well like I said they submitted 97 but one of the ones that spoke to me was Katniss ever clean so is Army trained here no okay well all right so um those are the two that won the Box round but I also want to open up to the floor is there anyone else here that has suggestion if you want to hold that up suggestion to name the the star any anyone have any suggestions anybody princess okay you got princess I have a cat exactly like this she her name is Bella Bella okay princess and Bella sprinkles spr did you submit one as well I think I saw sprinkles okay what what was that pum that's a lot that's a long name so Princess Bella spark you said sprinkles sprinkles say I say Sparkles and then ADV okay all right anyone have any anyone uh want to vote for the names that we called out here you got Prince Bella got two for Bella sprinkles okay sprinkles and then Advanced pumpkin I don't okay looks like sprinkles won so sprinkles is the winner you get to upgrade your cat ears to a LED one this one no that's fine yay sprinkles okay so now sprinkles now the star has a name sprinkles all right here we go all right so now that the star is named she's going to want to visit everyone so here she comes she's going to come around and visit be nice to sprinkles and she'll be nice to you all right so now in true Las Vegas fashion everyone have their cat ear on let's get ready to Rango all right here we go all right where are we at now all right did I have that up the whole time okay I did I keep going back and forth sorry was that up before y that was up before okay all right so cyber security testing can be challenging can be a challenging Endeavor introducing an additional layer of complexity to ease this complexity a dedicated resource can use jira to organize red team activities this will allow researchers to then focus on their research as well as their testing some of the activities this dedicated resource can take on are um initial onboarding of the request priorization scoping resource allocation training account provisioning and removing obstacles this will result in areas of improvement or key performance indicators being employed through reporting from fields in jira some of these are efficiency by reducing assessment timelines speed by increasing the number of Assessments being performed communication by delivering findings to the customer transparency by providing detailed findings and recommend ation for remediation customer satisfaction by giving a customer a sorry a voice during the entire process all right my thing is not there it is okay the endend the end to end process developed was for red teams to assess new technology that lines of business want to deploy as well as internal customer driven requests and individual research interests requests are submitted through a customer portal or internally and then prioritized scoped prerequisites are completed testing occurs and then findings are reported and debriefed with the teams responsible for remediation comound boards in jir were then used to provide a visual aid to show the progress of the red team activity so now let's see what that looks like in the real world by showing what feature story activity and test issues in jira look like so since I was not able to present current production issues for my employer I created my own so now we're going to embark on a visit to the veterinarian you will see three ways a conon board was can be used to show Jura issues within the 2023 veterinarian visit the first one is a full board with one created quick filter so that shows the issues only assigned to that person from the filter second one which is down here um it doesn't have any quick filters created it's just the only person that's logged in will be able to see their issues and then the last one has a has about 10 quick filters actually done for each person's name so when you click on each one of them you'll be able to see their actual issues that they have for organizational purposes okay and now we're going to dig a little bit deeper into the what the actual issues look like so the first one is a feature so you can kind of think of a feature as kind of like a program the overall arching um effort that's being done so for this example we're going to take the cat to the vet so it's 2023 veterinarian visit now we'll say in technical terms we could say this was maybe like a hardware feature so just Hardware in general if you want to like be similar so and then the next one which is uh so it goes feature and then underneath it is story so it's uh the story is a child of the feature so in this instance of the vet visit cat wrangling is the story now in the hardware feature we could say ATM I'm going to pick ATM because so ATM and then underneath the story we have individual activities that need to occur so in this instance reveal carrier so here's one of them now in the hardware or we'll say the ATM story maybe one of the activities could be uh research uh ATM models I'm just going to kind of throw that out there that could be one of the stories or one of the activities you could do so another activity in the veterinarian visit is locate the cat well you got to locate the cat to take it to the vet so that's another activity you got to do so you got the carrier you got the cat now in the ATM Story another activity you could do is maybe like research known ATM vulnerabilities that could be a good one you could do maybe maybe possibly and then last but not least and you see how all these which you might have seen all of these are actually linked together so you can find the ones that are actually um part of that we'll say feature so the last but not least is the actual test well when we locate the cat we've now our test is can we get that cat in that carrier I don't know sometimes it's very difficult to do and then you got to get to the vent so that's going to be the test for this example now for uh that um we'll say ATM story that I was mentioning beforehand of course the test would be you know the test in ATM so that would be how it would link to what you what you guys probably already do so all right so now that we know which issues are needed in jira let's see them in action for those that love the movie say anything I don't know if we have any say anything fans I don't know if we have any Europe fans the ban Europe because we're about to do The Final Countdown we're do old school say anything can you hear [Music] it Knob your head sing along get up and dance whatever you want to do there you go clap there you go all right there we go so Final Countdown here we go number three was reveal carrier so there's number three it's actually in the done column of the conon board because it's been here the whole time all right two so well there it is for good number two locate the cat is now in progress there it is I see it all right we've located we've located spring sprinkles I should say sprinkles all right and there's my cat Tindle I've located her as well um and one is now it's ready to do the test so the test should be in progress now which is carry insertion and exped and um Expedition see one all right so we've located the cat I should probably go get the cat which I'm gonna go in front of my screen here and get the cat so this bear with me for a minute I thought she might still be traveling around so here she is I don't think she's seen the carrier yet I don't know she might get scared so oh go oh oh oh oh oh oh oh okay okay okay okay okay maybe maybe we should hide her maybe she maybe uh was like sneaker in there maybe so you know it's like she's not happy about it so here she is okay okay okay woo woo okay woo so you know now we actually get to take her to the vet so on the way to the vet oh my dro her so she's going to the vet and now that we have her in the carrier she's on the way to the vet she's actually gone to the vet our findings were that she's healthy everything's good she's all good all the the features done the stories done the two activities are finished and the test is done so all everything's closed out of that particular we say effort and thank you if there's any question questions you know please feel free to go ahead and ask me or hit me up on LinkedIn but also I want to thank everyone for this is my first time speaking so thank you all for joining me on this adventure thank you very much thank you thank thank you and everyone have a great rest of hacker summer camp