The hottest Red-Teaming Substack posts right now

Red teamers should be familiar with laws related to activities like burglary, trespassing, burglary tools, hacking, theft, wiretapping, and impersonation.
Understanding the difference between something being illegal and prosecutable is crucial. Aligning goals with the protection of the public and prevention of harm is key for authorized assessments.
Having knowledge of relevant laws can enhance a red teamer's career and ensure that steps are taken to avoid violating rules, laws, regulations, or ethical considerations while uncovering security vulnerabilities.

Different organizations may benefit from various approaches to red teaming based on their needs, budgets, and internal capabilities.
There are more nuanced red teaming models than just in-house or outsourced, such as hybrid operator model, learning model, and hybrid mitigation model.
Some discouraged red teaming models include relying solely on part-time teams or contingent workers due to trust, loyalty, and capability concerns.

Breaking into red teaming involves a phased approach with fundamental, technical, and employment skills.
Phase 1 focuses on understanding red teaming fundamentals like what red teaming is and diving into analytical and cybersecurity elements.
To succeed as a physical red teamer, it's essential to gain knowledge in analytical red teaming, learn about cybersecurity, and understand the partnership between physical and cyber red teams.

The practice of 'Devil's Advocates' shaping decision-making dates back centuries, like in the case of determining the legitimacy of saints.
Red teaming has evolved from military war games to modern applications in cybersecurity and ensuring ethical implications in generative AI systems.
Guidelines for effective red teaming include partnering with civil society organizations, collaborating with humanities departments, and expanding efforts for diverse linguistic contexts.

Consider factors like trust in vendors, needed skills, cost, and bureaucracy when deciding between in-house and outsourced red teams.
Experiment with different approaches to find the best model for conducting red team assessments.
When establishing red team capabilities, seek guidance from others who have experience and be prepared to invest time and attention to detail.

Get a weekly roundup of the best Substack posts, by hacker news affinity:

Evaluation of models should focus on selecting the best performing model, giving confidence in AI outputs, identifying safety and ethical issues, and providing actionable insights for improvement.
Standard evaluation approaches face challenges like broad performance metrics, data leakage from benchmarks, and lack of contextual understanding.
To improve evaluations, embrace human-centered evaluation methods and red-teaming to understand user perceptions, uncover vulnerabilities, and ensure models are safe and effective.

Physical red teaming is not a common standalone profession but rather a sub-role within cybersecurity or security consulting.
There are various entry points to becoming a physical red teamer, including direct employment, part-time roles, and consulting firms.
Networking, gaining experience, and tailoring your skills early on are essential to breaking into the field of physical red teaming.

Locks & Leaks promotes the physical security red teaming profession to help organizations make better security decisions.
The site offers an outline of the Locks & Leaks structure, including resources for physical red teaming and profession growth.
Different sections on red team types and targets, red team tradecraft, and building a red team provide detailed insights and guidance.

Organizations use internal physical security red teams to protect valuable assets from potential breaches.
The global Physical Security market is expected to grow, reaching $215 billion by 2030 - the effectiveness of these security measures is tested through red team assessments to prevent costly incidents.
There's a lack of substantial resources for businesses looking to establish or enhance their physical security red teams, highlighting a need for more support and knowledge sharing in this area.

Red Teaming is essential for organizations with high-value assets, significant threats, or discovered vulnerabilities to test and strengthen their security measures proactively.
Red Teams assess threat actors tactics, uncover vulnerabilities, address organizational hubris, challenge security assumptions, and protect business and assets through rigorous testing.
Red Teaming is not just a tool but a philosophy that promotes critical thinking to improve security measures, ensure defense readiness, and make informed decisions to safeguard organizations and valuable resources.