Presentation is loading. Please wait.

Presentation is loading. Please wait.

Walter “Pete” Lee - VP Operations

Published by欢刷 夏 Modified over 5 years ago

Similar presentations

Presentation on theme: "Walter “Pete” Lee - VP Operations"— Presentation transcript:

1 Walter “Pete” Lee - VP Operations
PRIVATE and PUBLIC SECTOR “RED TEAM” PRACTICES Presenter Walter “Pete” Lee - VP Operations

2 Objectives Provide an understanding of a Red Team exercise’s purpose and benefits Differentiate public and private sector Red Team practices Provide information on how to select a Red Team for evaluating physical security Provide best practices and lessons learned from both public and private sector Red Team Exercises

3 What is a Red Team The term “Red Team” is used to define different processes across many industries. Independent Review Boards Internal Review Processes Adversary Evaluations Challengers of Operational Concepts Ultimately an organized skilled group of individuals tasked to challenge assumptions and results or an opposing team of skilled individuals that model the tactics of an adversary.

4 Red Team Exercises A management tool used to reduce risk, identify vulnerabilities and opportunities for change. Provides participants an understanding of their adversary's tactics capabilities and vulnerabilities. Purpose: To validate or identify perceived vulnerabilities or weaknesses of facilities, security plans, policies, procedures, and technology. Performed by: Internal or external teams of specialists selected to meet objectives, with expertise in: physical security electronic security surveillance computer security social engineering covert and overt entry criminal and terrorist methodologies

5 Exercise Benefits (in general)
Provides a means to exercise security technology, plans, and procedures against an adversary Identifies gaps in security systems, policies and procedures Identifies shortfalls in equipment and training Improves security posture and awareness Challenges established thinking within an organization – “Challenges the norms” Can provide additional support for needed improvements

6 Public vs. Private Sector
Public Sector Red Team Practices Private Sector Red Team Practices

7 Exercise Development Steps
Obtain management “buy-in” Forecast and obtain budget Develop goals and objectives Establish rules of engagement Identify and brief Red Team Identify and brief a “Trusted Agent” Conduct Exercise After Action Review with recommendations Mitigate gaps and risks

8 Red Team Tactics (Simulating the Tactics of the “Threat”)
Open Source Information Data Mining Social Engineering Reconnaissance and Surveillance Impersonations/False Credentials Planning Rehearsals

9 Open Source Information
Types of information gathered Routes to use for reconnaissance Facility photos Aerial photos Community attitude Law enforcement capabilities Demographics Crime rate Hate groups

10 Open Source Information
Key management personnel and employees Phone numbers addresses Maps and Pictures Existing contracts Requests for Proposals Security personnel and procedures

11 Red Team Tactics Social Engineering Telephone calls Emails
Personal Meetings

12 Comments from people that social engineering was effectively used against
“He seemed like such a nice person” “I did not know that information I gave them was sensitive” “She knew the internal terms and department slang names we use around here” “He mentioned some of the people I know and work with around here” “She said it was for the Director” “How could I have given away any trade secrets, I don’t know any”

13 Reconnaissance and Surveillance
Red Team Tactics Reconnaissance and Surveillance Types Purposes Equipment Methods Duration

14 Internal Team vs. Contract Team
Internal Pros: More control Reduced labor cost Impromptu availability Flexibility Internal Cons: Evaluation objectivity Internal influence Organizational conflict Conflict of interest Training required Equipment cost

15 Internal Team vs. Contract Team
Contract Pros: Objective view of true vulnerabilities Skilled professionals No training or equipment required Contract Cons: Third party knowledge Cost Liabilities

16 Selecting a Contractor
Identify Your Objectives Select contractor based on Requirements Qualifications Past Performance Role Player Skill Sets Insurance / Litigations Specialty Requirements Confidentiality

17 Red Team Member’s Attributes
Well-versed with the tactics and techniques of various adversaries and able to learn and live the Modus Operandi of the threat being portrayed Must be mature and even tempered Safety conscious Practices “Confidentiality” Must be proficient in surveillance and countersurveillance Must be able to blend in the environment Must be outgoing and able to live the lie Able to think quickly on their feet (situational awareness) Knowledge of security policy and procedures regulatory requirements and best practices

18 Obstacles to Red Team Success
Lack of organizational support Objectives not clearly defined Management views objectives as pass or fail Lack of exercise realism Organization refuses to accept findings Inexperienced Red Team Lack of coordination or exercise conflicts with other events Failure to take action on findings

19 Security Trends Identified During Exercises
Organizational procedures not being followed Security personnel not adequately trained in “use of force”, search, or detention procedures Over-reliance on passive security measures Lack of employee security awareness Security technology and barriers not properly deployed or utilized

20 Lessons Confirmed or Realized after Exercises
Open source information is a vulnerability – review information being released to the public Security is undermanned – security should not be the first budget cut, positions must be manned smartly Security badges can be easily duplicated – passive security is not reliable, active security and authentication should be used Lack of ability to conduct security trend analysis - logging and analysis of security and suspicious incidents Lack of effective employee communications and information sharing - reinforcement of security training for employees is crucial – untrained staff create a weak link

21 Exercise Best Practices
Red Team Exercises should not be relied on as the only tool for risk mitigation Performed in conjunction with a vulnerability assessment Exercises are performed on a regular basis Objectives are well-defined Ensure management support and “buy-in” Use a qualified team Results are actionable Benchmarking

22 8(a) SDVOSB, MBE, WBE,SDB, GSA Walter “Pete” Lee - VP Operations
QUESTIONS ? Walter “Pete” Lee - VP Operations (310)

Download ppt "Walter “Pete” Lee - VP Operations"

Similar presentations

The IT Staff of the Future: The Importance of IT Business Alignment for Staff Development Katherine Spencer Lee Executive Director Robert Half Technology.

The IT Staff of the Future: The Importance of IT Business Alignment for Staff Development Katherine Spencer Lee Executive Director Robert Half Technology.
Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Emergency Preparedness

Emergency Preparedness
FACILITY SAFETY: Creating a Safe and Secure Environment in the Community Health Center Presented by Steve Wilder, BA, CHSP, STS Sorensen, Wilder & Associates.

FACILITY SAFETY: Creating a Safe and Secure Environment in the Community Health Center Presented by Steve Wilder, BA, CHSP, STS Sorensen, Wilder & Associates.
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
Unit 8: Tests, Training, and Exercises Unit Introduction and Overview Unit objectives:  Define and explain the terms tests, training, and exercises. 

Unit 8: Tests, Training, and Exercises Unit Introduction and Overview Unit objectives:  Define and explain the terms tests, training, and exercises. 
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
Purpose of the Standards

Purpose of the Standards
FPSC Safety, LLC ISO 14001 4.5.4 AUDIT.

FPSC Safety, LLC ISO AUDIT.
GROUP DYNAMICS AND TEAM DEVELOPMENT Radu RĂDUCAN.

GROUP DYNAMICS AND TEAM DEVELOPMENT Radu RĂDUCAN.
BUILD WITH US. ™ Contractors 715-634-5486

BUILD WITH US. ™ Contractors
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Hosted by How to Conduct an Information Security (INFOSEC) Assessment The NSA INFOSEC Assessment Methodology (IAM) Stephen Mencik, CISSP ACS Defense, Inc.

Hosted by How to Conduct an Information Security (INFOSEC) Assessment The NSA INFOSEC Assessment Methodology (IAM) Stephen Mencik, CISSP ACS Defense, Inc.
BUSINESS COMMUNICATION AND NEGOTIATION Radu RĂDUCAN.

BUSINESS COMMUNICATION AND NEGOTIATION Radu RĂDUCAN.
Unit 5:Elements of A Viable COOP Capability (cont.)  Define and explain the terms tests, training, and exercises (TT&E)  Explain the importance of a.

Unit 5:Elements of A Viable COOP Capability (cont.)  Define and explain the terms tests, training, and exercises (TT&E)  Explain the importance of a.
Organizational Change

Organizational Change
Summary of Assessment Reports and Gap Analysis

Summary of Assessment Reports and Gap Analysis
Technician Module 2 Unit 2 Slide 1 MODULE 2 UNIT 2 Planning, Assessment & Analysis.

Technician Module 2 Unit 2 Slide 1 MODULE 2 UNIT 2 Planning, Assessment & Analysis.
Background, Purpose, and Value of Exercises. 9/11 has changed water system security requirements Continued training for intentional incidents is critical.

Background, Purpose, and Value of Exercises. 9/11 has changed water system security requirements Continued training for intentional incidents is critical.

Similar presentations

Ads by Google