Red Team testing has several definitions and variety of adoptions within organizations, but the term itself is supposed to be a more proactive "no holds barred"; assessment that combines more adversarial simulation than traditional penetration testing. This can include physical aspects or whatever steps are necessary to demonstrate impact and objective goals towards an organization.
While much of the industry is/has moved towards these practices, red team testing is typically used in a myopic nature for the identification of risk and impact towards a company. This talk will go into what red team testing can be used for in the enterprise to maximize a very specific and useful talent. Red teams combined with the ability to test detection mechanisms, levels of maturity, and education can greatly increase an organization's defensive posture.
In an industry where few understand offensive tactics and techniques, using red teams for education and defense is where we need to start moving to build better defense against attacks.
David Kennedy is founder of TrustedSec and Binary Defense Systems. Both organizations focus on the betterment of the security industry from an offense and a defense perspective. David also serves as a board of director for the ISC2 organization. David was the former CSO for a Diebold Incorporated where he ran the entire INFOSEC program.
David is a co-author of the book "Metasploit: The Penetration Testers Guide", the creator of the Social-Engineer Toolkit (SET), Artillery, and several popular open source tools. David has been interviewed by several news organizations including CNN, Fox News, MSNBC, CNBC, Katie Couric, and BBC World News. David is the co-host of the social-engineer podcast and on several additional podcasts.