Become a Partner
Add OffSec to your list of training providers
Partner with usBlog
Nov 30, 2023
Learn about how to navigate the complexities of red team and blue team cybersecurity collaboration.
5 min read
The shared objective between red team and blue team cybersecurity is to safeguard organizations and their invaluable assets from compromise. However, their distinct approaches often give rise to a delicate balance fraught with tension.
In our webinar on The Art of Collaboration in Security: Breaking Down Barriers Between Offensive and Defensive Teams, Dr. Daniel Shore, Co-Founder at MultiTeam Solutions, Zachary Broomfield, Co-Founder at MultiTeam Solutions, and Richard Beck, Director of Cybersecurity at QA, delved into the complexities, challenges, and insights for teams engaged in red team and blue team cybersecurity operations.
Great defenders understand the adversarial mindset. Thus, our webinar started with Richard Beck speaking about how we’ve transitioned from offensive security training to our expansion into defensive cybersecurity.
With this, we’re demonstrating the prowess of combining red and blue team cybersecurity methodologies and underscoring the critical need for organizations to foster collaboration between teams. A synergistic approach serves as a testament to the fact that, in the face of threats, collective intelligence and collaborative strategies stand as the strongest line of defense.
The best time to start collaboration is today. Our speakers emphasized that cybersecurity is an infinite game. It’s not about winning or losing but about continuous improvement and adaptation. The quantified organizational question of how long it takes becomes less relevant; what matters is the dedication to collaboration.
Dr. Daniel Shore elaborated on how collaboration between red team and blue team cybersecurity members is a skill set that can be gained. “You can actually be an expert at collaborating.”
Our speakers continued to highlight the importance of dedicating time to collaboration. Starting small, gaining buy-in, and maintaining commitment are crucial steps. Collaboration requires continuous effort; otherwise, there is a risk of stagnation and being surpassed.
Additionally, it’s important to address internal tension and team friction. How much tension does your team create, when the adversary is external?
Dr. Daniel Shore, said, “…the choices that we’re making that create tension and friction internally, is a huge burden to our success.” Tension also creates emotional challenges that lead to teams wearing down before they even get to the adversary.
Richard Beck introduced a crucial aspect of red team and blue team cybersecurity collaboration – vocabulary. He emphasized the significance of a common understanding of terms to avoid misunderstandings. The breakdown in communication often occurred due to the lack of a shared vocabulary. Thus, establishing a common vocabulary becomes the foundation for effective teamwork.
Dr. Daniel Shore challenged traditional red team and blue team cybersecurity exercises, stating that tabletop exercises were inadequate for achieving collaboration outcomes. He advocated for disrupting normal modes of operation to encourage thinking differently. Drawing from a real-world use case with a government agency, he highlighted the impact of gamified exercises in breaking down communication barriers and fostering honest feedback.
OCR (OffSec Cyber Range) does just that. OCR simulates real-world network configurations and vulnerabilities, allowing your team to hone their technical, mental, and tactical skills.
Dr. Daniel Shore also introduced the concept of a sandbox mentality, emphasizing the value of playful, gamified exercises to disrupt normal work patterns and encourage new perspectives.
Richard Beck spoke about the importance of understanding learner personas and differences in expertise between offensive and defensive team members.
“The learner persona is different…you can’t just move from one team to another.”
“But actually they have an awful lot to learn from each other so, taking on the defensive responsibilities with an offensive mindset – that’s the best of both worlds.”
Dr. Daniel Shore elaborated on effective knowledge-sharing strategies and cross-training techniques. He emphasized the significance of starting small, creating bonds at a molecular level, and eventually scaling up.
Zac Broomfield added a call for individuals to approach conversations with curiosity rather than judgment, challenging existing biases to enhance red team and blue team cybersecurity collaboration.
A notable framework Dr. Daniel Shore emphasized was the mapping out of different teams’ interactions in routine and crisis operations. This approach allows organizations to identify which teams should collaborate in advance of a crisis, providing a proactive strategy for effective response.
Our webinar’s comprehensive exploration extended to the creation of a pragmatic framework for conflict resolution and feedback. The framework encourages participants to engage in active listening, ensuring a deep understanding of each perspective. It emphasizes the use of non-confrontational language and employs techniques such as paraphrasing and summarizing to validate viewpoints and mitigate misunderstandings. By incorporating these strategies, the conflict resolution framework aims to transform potentially contentious interactions into opportunities for growth and improved collaboration.
In conclusion, as organizations grapple with the intricate dynamics of red team and blue team cybersecurity, the insights shared by our speakers serve as a compass for navigating the complexities of this landscape.
Explore the following to learn more about our offensive and defensive offerings:
Enterprise Security
The Fortinet 2024 Skills Gap report shines a light on critical issues that plague the cybersecurity industry. Here are our main takeaways.
Sep 6, 2024
6 min read
Insights
The OffSec team was at the Black Hat USA 2024 conference and we are excited to share our top 5 favorite talks.
Sep 6, 2024
5 min read
We’re sharing all of the important information related to the OSCP+ so you can know what this means for past, current and future learners.
Sep 4, 2024
2 min read