Red, Blue, Purple Team Development Discussion Panel
Explore best practices for team development in RBP security operations, focusing on operationalizing security focuses, assessing operator capabilities, implementing development pillars, and utilizing cyber ranges for hands-on skills training. Learn how to optimize security insight, architecture design, and post-adversary engagement in a comprehensive panel discussion setting.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
Presentation Transcript
Red, Blue, Purple Team Development Discussion Panel If you experience any accessibility issues with this presentation, please contact the NNSA Section 508 Program. 06/12/2023
Introductions Mark Sweet mark.sweet@nnsa.doe.gov Brian Healy - briheal@sandia.gov Douglas Stemper - douglas.stemper@nnsa.doe.gov Darrius Williams - darrius.williams@nnsa.doe.gov Dillon Tauscher - dillon.tauscher@srnl.doe.gov Matthew Williams - matt@rebelliondefense.com 2
Panel Flow 1. Present Background and Concept 2. Audience Discussion and Feedback 3. Post Panel Discussion (Optional) 3
RBP Teams, so what? Operationalize Security Adversary and Defensive Focuses Compliments Compliance Provides Greater Security Insight Guides Architecture Design Chessboard Topology Battle Damage Assessment Remaining Capability Post Adversary Engagement 4
The Capability Core Core Component Operators (not Technology) Different Levels of Expertise Novice, Apprentice, Journeyman, Master Different Specialties Windows, Linux, Networking, Wi-Fi, Forensics, Social Engineering, Physical Infiltration, etc. Objective Based Skill Determination How do you know who can do what based on measurable standards? 5
Two Pillars of Development Regimented Operator Development and Assessment Program Managed Cyber Range 6
Operator Development and Assessment Demonstratable Skills and Knowledge Based Criteria -Not Certification, Degree, or Subjective SME Based Skill Level and Specialty Specific Checklists Recommended Training for Skills Mentor Driven and Supervised 7
Cyber Range Customizable Electronic Environment Windows, Linux, Operational Technology, etc. Professionally Managed and Scheduled Dedicated Team (not RBP Operators) Use Cases: Hands On Skills Demonstrations scanning, exploitation, vulnerability discovery, etc. Capture the Flag Challenges Red Vs Blue Competitions Annual Exercises 8
The Concept NA-IM-11 will lead creation of the development program and cyber range in cooperation with volunteers from NNSA, DOE, and contracted educational institutions and technology companies. Development program can accommodate any aspirant skill level e.g., high school graduate, journeyman Windows admin, etc. street to seat. Cyber Range will be scheduled, created, and maintained by a group external to the RBP Teams. 9
End State A development program, cyber range, and RBP Capability available to NNSA. HQ will establish a team of operators available to conduct mission on HQ networks and assist anywhere in NNSA e.g., Blue Team Assessments, Incident Response, Red Teaming, etc. Plants/Labs/Sites can utilize the program and cyber range to develop their own capabilities or request support from HQ. Potentially establish a Community of Interest across NNSA. 10
Discussion 12
Contact Panel Members Mark Sweet mark.sweet@nnsa.doe.gov Brian Healy - briheal@sandia.gov Douglas Stemper - douglas.stemper@nnsa.doe.gov Darrius Williams - darrius.williams@nnsa.doe.gov Dillon Tauscher - dillon.tauscher@srnl.doe.gov Matthew Williams - matt@rebelliondefense.com 13
