Why communication and management is crucial in red teaming exercises
Many great blogs and articles have been published around the technical aspects of offensive security services. Underrepresented and maybe underappreciated are the managerial and communication aspects of these highly technical professional services.
As a result, clients often neglect or are unknown with the level of engagement management that a proper offensive security exercise (red teaming, adversarial simulation, TIBER) brings along. Worst case, the client regards red teaming as a black-box exercise, praying that the red team will not accomplish anything or disrupt anything along the way.
In our opinion, this is not the way it should be and does not provide the best possible value for the client. Value is derived from the lessons the client can learn from these exercises, and as such, every client should have good visibility and control of every professional red team they hire.
Together with the red team the client can manage the risks of such an engagement, is able to steer if needed, update the stakeholders, and grasp all lessons learned.
Cross post from medium.com, please read the full article here: