A terrific Red & Blue (in reality - Purple's the Word, in this case) Teaming Leadership post (via Robert A., posting on the Web Application Security Consortium List) detailing his experience leading a Purple Team, and the oversight work assocciated with that team color). Very pleased to see this form of shared learning in the Red Team space. Today's Must Read.
"Purple: Purple teaming in my experience is the oversight of how red and blue operate, coordination to strengthen the effectiveness of both red/blue, and improved relationships with impacted stakeholders (dev/it/ops/etc). It likely isn't it's own team, it's the leaders of the blue/red teams coordinating with it's members and cross-org stakeholders to optimize how they operate." via Robert A.'s superlative post further via Web Application Security Consortium List**)
From the video description: Breaking with the adversarial approach of Red vs Blue, look at how the current system and approaches may be broken in some organizations and provide recommendation not only for the mature organization with a large structure but also how small businesses can take a more purple strategy in the way they operate their teams including how they acquire pentest services. Presentation will cover an approach beyond the red and blue team and more of a organizational and strategic approach to change the paradigm of thinking and action to more symbiotic approach to security.
Carlos Perez is a Director at a Security Vendor working on reverse engineering, security research and integration projects. Carlos also works as a trainer providing training both to government and private organizations across the world in security technologies and also provides consulting in his spare time on infrastructure and security. His work and thoughts can be found on his webpage www.darkoperator.com. He has presented at several security conferences and is a co-host of the Security Weekly podcast.
Mark Mateski, of Red Team Journal and the Department of Engineering Management and Systems Engineering at The George Washington University, continues to publish a superior blog focusing, of course, on Red Teaming, Planning and Devils Advocacy. Read it today.
'I want you to be the Admiral Nagumo of my staff. I want your every thought, every instinct as you believe Admiral Nagumo might have them. You are to see the war, their operations, their aims, from the Japanese viewpoint and keep me advised what you are thinking about, what you are doing, and what purpose, what strategy, motivates your operations. If you can do this, you will give me the kind of information needed to win this war.' - Edwin Layton, RADM USN, 'And I Was There', 1985, pg.357, ISBN-13: 978-5550460245, Publisher - Random House (March 1987)
Brought to my undeniably over-taxed attention by the Red Team Journal
"They exposed weaknesses in the armor, illustrating that "we as scientists and engineers think we have a great solution and ha-ha moments, thinking Soldiers will love this" new piece of gear. Then the Red Team would show up and show all the weaknesses, she said, so "we started solving those problems." From that point on, anything deployed to small forward operating outposts of 300 people or less gets a Red Team going over from "the construct of the operational perspective, technology perspective, and how we could integrate it in such a way not to create inherent vulnerabilities. It's been very effective." - via David Vergun writing at the United States Army