Rewind and Reflect
The Beyond Red Teaming (BRT) cards extend the Red Team Journal Red Teaming “Laws” and cards. The purpose of the BRT cards is to help security professionals consider and assess their own frames and narratives.
BRT Card No. 1 (“The Duel”)
While it’s easy to envision yourself engaged in a duel with your opponent (à la Clausewitz), few situations in the modern world resemble the classic duel.
Be careful; your “duel” might be over before it starts.
BRT Card No. 2 (“Games”)
Security from the attacker’s perspective isn’t a game of chess, a game of Go, or a game of poker. Does a game without rules have a name?
Is it even a game?
BRT Card No. 3 (“Mash”)
Life is a mash of chance, luck, synchronicity, and ambiguity from which we confidently extract a cohesive narrative.
It tastes great, and yes, it’s only too easy!
BRT Card No. 4 (“BIOS”)
Among your most dangerous assumptions are those that “boot up” before you start red teaming.
Many of them are cultural, and they stealthily shape not just your thinking, but also your thinking about your thinking.
BRT Card No. 5 (“Turnabout”)
Why should we expect our opponent’s decisions to be more rational and coherent than our own?
How quickly we forget how arbitrary, emotional, and unpredictable we ourselves can be.
BRT Card No. 6 (“Lear’s Fool”)
Compurational data engines and authoritative counterbias thinking techniques risk silencing the modern court’s intuitive countervoice.
To paraphrase Asimov, “That fool ain’t no fool.”
BRT Card No. 7 (“Sphinx”)
No red team will ever unveil every possible source of risk. Some events simply can’t be imagined before they happen.
The best red teams respect the wicked riddles inherent in human error, interactive complexity, and emergent surprise.
BRT Card No. 8 (“Hammer”)
The linear, cause-and-effect style of thinking that works so well with mechanical assemblies often fails dramatically when applied to complex socio-technical systems.
Unfortunately, we usually don’t discern the difference until it’s too late.
BRT Card No. 9 (“Mixup”)
The view inside differs from the view outside, just as the view before differs from the view after.
Somehow we always manage to forget and mix these things up.
BRT Card No. 10 (“Kronos”)
The system you designed and built yesterday is not the same system you manage today, nor is it the same system you’ll fix tomorrow.
Don’t let static names and labels fool you.