Speaker Guncha Malik,
Designation: Sr. Manager – Security Engineering and Incident Response at IBM
Topic: Women in Red
Date of Webinar: 11th Mar, 2020
Time and Location: 06:30 pm IST/ 01:00 pm GMT/ 04:00 pm KSA
Speaker Bio:
Having played different roles in a software development lifecycle from development, to testing, to Level 3 support, to QA Management, to Quality Lead, Guncha Malik has gained good exposure on the teams’ priorities and understands that security does not come as a priority for most teams. On a mission to educate teams on the security gaps, Guncha has steered her career in areas that needed the most attention and has picked up security credentials along the way.
Topic Abstract:
The objectives of this session are to:
- Look at the Cybersecurity Workforce gap
- Explore red teaming
- Look at skills and credentials required
- Understand the scope of red teaming in the industry
Various studies conducted, in the field of cybersecurity, indicate that despite the efforts being put in the cybersecurity space, we have a large gap in the skilled workforce. In fact, the gap has only been increasing for three consecutive years.
Women can contribute to a large and highly skilled workforce with a diverse thought process, perspective of looking at things and unique solutions that can help organizations up their security posture. Even though considered otherwise, women are now proving to be tech-savvy and are accomplishing results, as do men.
The ever-evolving security field is focusing on the need to build organizational security ground up. Customers are also are becoming more cybersecurity aware and are demanding that vendors provide evidence that sufficient security measures are being implemented. The real driver for this requirement is the number of data breaches and the impact it has on the organizations in terms of brand value and eventually revenue.
While this drives the focus more towards compliance and certifications, it is also important for organizations to keep a reality check on the actual protections implemented via the security policies, procedures, personnel skills and training.
Red Team vs Blue Team is a concept derived from military drills where one team acts as the attacker while the other defends. Red Team strategies and surprise attacks are deployed to test the readiness of the blue team in the face of a real-life attack. The same concept is used in the cybersecurity world to test the readiness of a security monitoring and operations team within an organization.
A cyber war game involves Red Team working in stealth mode to maximize the duration of their presence by remaining undetected and causing major damage to the victim organization. On the other hand, the unaware Blue Team continues to be alert and vigilant of any suspicious activities and events occurring on the network; looking for trends that could indicate an on-going attack and blocking these attacks as soon as they are identified.
As with any game, strategy is the key for a successful red team execution. The various phases involve initial reconnaissance, penetrating the victim organization’s network, maintaining the foothold. Once a foothold is obtained, the intention of the red team is to move laterally within the network while escalating their privileges to obtain information that is of value and is critical for the existence of the victim organization. These attacks can be emulated with a financial or malicious motive. The motive defines the flag that the red team must capture.
While the attack performed by the Red Team is real, the intention is still to report and not cause actual damage. Like any engagement, there is limited budget that an organization can spend on the red team activities with a defined goal. At the end of the time-bound engagement or achievement of the red teaming goal, the red team is required to produce a well-documented report that can be used by the organization to improve their security posture and readiness. Additional metrics provided by red team help the organizations measure the effectiveness of their cybersecurity programs within the organization.
*Examples, analysis, views and opinion shared by the speakers are personal and not endorsed by EC-Council or their respective employer(s)
