The most fun I’ve had as a security guy was getting paid to penetration-test companies and websites.
It’s like getting paid to be a gamer. You earn a fat paycheck to hang out with friends and hack away without fear of being arrested.
Most large companies today have multiple teams of professional pen testers, often both internal and external, trying to hack their systems.
The most elite of these are called “red teams,” a military phrase used to describe any friendly group directed to think and plan like an independent enemy.
The idea is that independent thinkers might find holes in your defenses that other people inside might not find.[ Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorld’s Security newsletter. ]
Through the years I’ve been part of some great red teams — and heard countless stories of how red teams not only broke in, but did so discretely, without setting off any alarms. Personally, every red team I’ve ever been a member of over the last 20 years has taken no more than three hours to break in without social engineering.
If social engineering was allowed, it usually took less than an hour.To read this article in full or to leave a comment, please click here