Inside the Mind of the Attacker: Using Red Teaming to Mitigate Business Risk

Dr. Treston Wheat is a red team analyst who specializes in TTP (tactics, techniques, procedures) research, threat modeling, and social engineering. Previously, he was a strategic cybersecurity analyst and geopolitical risk analyst. Dr. Wheat is also an adjunct professor at Georgetown University teaching about intelligence analysis, and he is the editor-in-chief of IPSB’s The Close Protection and Security Journal.

Dr. Wheat joins host Chuck Randolph to discuss:

  • The game-changing role of red teaming in organizations and how, through alternate analysis and critical thinking, to think from the perspective of the attacker.
  • How diverse thinking results in better decisions and aids in the elimination of biases.
  • Where analysts can start when implementing a red teaming strategy.
  • The role of red teaming in helping security teams partner with business leaders to help their organizations thrive.

Key takeaways from the episode:

[03:04] Treston Wheat: Critical thinking is fundamental to the ability to check assumptions the ability to be objective and separate the person from the analysis. The willingness to question dominant ideas (is a key element to red teaming). So everything that made me a really bad academic actually made me a really good red teamer.

[03:44] Treston Wheat: We do something we call poison circles where we basically just come up with ways to attack people. Which sounds a little dark but is very very useful. Because then we have to think through the threat actors and what’s their motivation and if they’re motivated by — what kind of TTP do they use? How would they behave in a violent situation? How would they behave if they’re trying to steal intellectual property?

[06:05] Treston Wheat: My job is doing the research on how a left-wing terrorist would behave differently than a right-wing terrorist because most people when they look at terrorism, they say terrorism is terrorism. They actually all have very different targeting patterns.

[08:32] Chuck: If you’re you’re working on an objective and you want to understand what is the potential threat actors’ activity or actions … How do you start this process? Where does critical thinking start? Walk me through your protocol.

[09:01] Treston Wheat: So the way I start with a threat actor…You go to what they actually say about themselves, because too often in analysis we don’t really believe what people tell us even though they’re telling us the truth.

[12:56] Treston Wheat: And that’s why you need people to come in. It’s why diversity of thought is so important for a red team. You need people who actually see the world differently than you do rather than all of us coming from the military or all of us coming from Academia — breaking up groupthink. One of the most important parts of red teaming and acknowledging the bias and heuristics.

[15:14] Chuck: We could be talking about a business function. We could be talking about terrorism. We could be talking about an event — multiple things — to say look I just need someone to give me an alternative thought on this because, at the end of the day, we want to enable business decision makers with options or courses of action that have some facts around them so they can make a decision.

[15:38] Treston Wheat: Which is the entire point of Intel analysis and red teaming is to help our business leaders in particular because we do this for the private sector to make better decisions so that their business thrives.

[21:28] Chuck: You know people are listening right now and thinking this is fascinating I need to use this more in my organization I’m a leader — I’m a team leader, or I’m an analyst where do I start?

[21:48] Treston Wheat: So I think there are two key ways for people to start who don’t do analysis regularly and for an analyst I would say something a little bit different. But if you’re not used to doing this number one start applying it to your own life. So anytime you make a decision, walk through your process — the entire process. I recommend writing it down because I just think it’s always helpful. What is my assumption in this decision? Why did I perceive what this person said or the information I took in that way?

Number two I believe in the use of fiction — reading novels and watching movies and then analyzing them because it gives you an entire plot wrapped up. It’s a very useful technique to read novels and watch movies and then analyze them. You don’t just passively consume them.

Want to hear more? Listen to the full episode here.