We’re often described as “white hat hackers,” which sounds like we operate in a dark van filled with beeping machines and blinking lights. While we do sometimes find ourselves working out of the back of a van during our red team operations, most days you’ll find us at our desks, finding solutions for our clients and collaborating with each other on our shared passion: offensive security.
To get an idea of what a day in the life at RedTeam is really like, we asked Lead Security Consultant Kurt Muhl to answer a few questions.
How would you characterize a day at RedTeam in less than five words?
Something new every day.
What makes it so?
We have many different clients — from the energy sector to banking, to software development and many more — and we get to see a lot of different environments and how different teams work to secure their devices and information.
How do you begin your work day?
I start each day by catching up on infosec news. Many new devices, vulnerabilities, and breaches are reported every day, so it’s imperative that we stay current and know what’s happening in the world so we can help our clients understand the threats that are out there and how they might be affected.
Do you specialize in a particular vertical?
All of RedTeam’s team members have different backgrounds and have come into the security community by different paths. We try to take our individual expertise and share that information with each other to help promote knowledge across multiple verticals.
What parts of your work do you do as part of a team, and what do you do autonomously?
Depending on the size of a given project it may be the responsibility of an individual or a couple of us. Yet we don’t let this limit us in reaching out for some collaboration. RedTeam has an open, cooperative team environment that allows us to work collaboratively if we ever get stuck or think another team member may be able to add value to a project.
How many clients do you work with at a given time?
We typically have two different projects on the calendar at a time. One of the things that our clients find most valuable is that we are available for them when they have questions or concerns at any time, not just during their project. Sometimes months after the project has been completed, we may get questions about a tool we used or if they are concerned about a new type of vulnerability. My goal is to make sure that we can help and take care of those questions when they come up.
What do you do to prepare for a client engagement?
The first thing we always do is a review of the scope. This helps us understand the work we will be doing and the organization we are working with and can help us be more efficient. For example, when I see an engagement involves web application testing for a bank, I can begin to formulate some testing methodologies. So if there is a feature to transfer money from one account to another, am I able to manipulate that transaction to take money out of someone else’s account?
Are there one or two things that are consistently challenging with penetration testing?
Every organization does things a little bit differently, from the way they program their application to how they implement network security controls. So it can be challenging at times to adapt how we do our testing to ensure that we are thoroughly testing the full scope for clients. However being adaptable is our speciality; it’s something we pride ourselves on.
Is there a particular part of red teaming that you enjoy most?
Every project we take on is a puzzle that I enjoy, because at the end of the project my goal is to connect the different pieces of the puzzle to help an organization understand its risk. The ultimate goal is to help them be more secure.
How do you keep your skills current?
We are constantly reading security news and blog posts from industry professionals to stay on top of the trends in the security industry. When we hear about a new tool that we think can be useful to us during an engagement, we take the time to learn it and how it works so we can provide value to our clients. We also stay current with various industry certifications, like CSSA, OSCP, GWAPT, etc.
Can you estimate how much of your time you spend in the day at your computer?
A lot… aside from some random breaks throughout the day I am usually at my work computer for around eight hours a day. When I go home I can often spend much of my evening at a computer as well reading security news, writing code, and many other personal projects. I love what I do!
What helps you get through the day? Coffee? Jelly beans? Exercise breaks?
Every day I try to at least walk to get lunch or go to a nearby convenience store for something to drink. Coffee always helps, and walking to get a cup can be a great time to bounce ideas off other team members.
How would you describe what you do to a child?
I am a hacker, but I am one of the good guys. I hack companies to help make sure they are safe from the bad guys.
What reasons might you give for why those kids might want to become red teamers?
It’s a great field that allows you to be on the cutting edge of technology, constantly learning, and helping organizations and people be more secure.
What advice would you offer a recent grad looking to become a red teamer?
Never stop learning. No security professional knows it all, and by networking with others within the field you can learn a lot and be pointed towards resources to help in the learning process. Often, we’ve seen a lot of stuff and know from past experiences, or we found something that we knew nothing about and we started researching and looking for answers to satisfy our curiosity. This curiosity and willingness to keep learning have helped other RedTeam members and myself succeed at what we do.
Have a security need that we can share with Kurt or other RedTeam members to puzzle out? It’s as easy as clicking the button below. We look forward to talking with you!
10-Point Offensive Security Checklist
Get A Bird's Eye View Of Your Organization's Security Readiness