Cybersecurity Consulting
October 27, 2022
5 Minutes
When an organization wants to determine the strength of their cybersecurity posture, a team of penetration testers led by a cybersecurity manager will take a deep dive into their network environment. But, what does a cybersecurity manager do, and what is their role in a red team?
A red team is made up of ethical hackers, or cybersecurity professionals who mimic the actions of threat actors to find vulnerabilities within a network. Their leader is a cybersecurity manager, who brings insights and expertise to help the team reach the best results when conducting a risk audit for a client organization.
Curious about the benefits of working with a cybersecurity company? Check out our blog, 5 Qualities of a Reliable Cybersecurity Company.
In this blog Jeremy Haberkorn, Cybersecurity Manager at DOT Security, shares his insights, anecdotes, and knowledge to help us see how important it is to understand risk in preventing any attacks.
Jeremy: As a cybersecurity manager, my goal is to oversee a red team of pen-testing engineers who work to help our clients better their overall security. I try to ensure that my team is meeting the objectives we have established with our clients for each engagement.
I also coach and mentor some of the younger associates and help them understand the tools they're using. If they have questions about a particular technique, we discuss variations of it that can lead us to different results.
Jeremy: I performed pen testing for about three and a half years. I still engage in risk audits with our client organizations, but not as many as I used to because of my other responsibilities. Penetration testing and helping clients is something I am always involved in.
I'm very passionate about organizations bettering their security posture. Offering my services to clients and staying up to date with new techniques and tactics that are out there is important to me.
Additionally, cybersecurity is an ever-changing field, so doing research allows me to continue coaching our younger associates. This job is great since it allows me to mentor them.
Related Blog: What Is Network Penetration Testing? | A Day in the Life
Jeremy: To keep up with different cybersecurity processes I often research in forums, such as Reddit feeds, where users discuss various techniques. There’s a lot of training available on the Internet; it’s a wealth of information from people willing to share it.
Another great resource is the Black Hills Information Security Website, which has a great amount of information on penetration testing techniques and tactics. Sometimes I see how other penetration testers use a particular tool in a new way, so we can implement all these approaches whenever we conduct engagements.
Jeremy: First, I talk to prospective clients who are interested in doing risk audits. Together, we discuss their needs as well as the DOT Security program so they understand the process. We determine the expectations of the risk audit and whether the client wants to move forward with it.
Then, as a cybersecurity manager, I have to manage our time and our people. As new contracts come in, we schedule team members based on availability since different members will be engaged in activities at different times.
We perform external and internal penetration tests. With external tests, we take on the role of a malicious actor attacking the organization from the outside. An external malicious hacker has to gather information and plan out their tech in order to exfiltrate valuable data without being discovered. Our job is to simulate this process.
Organization leaders might not necessarily think that an internal attacker might take company data, but sometimes these types of incidents appear in the news. It could be a disgruntled employee or someone who wants to test out their hacking skills for fun, but they could potentially perform attacks internally. They could gain access to the data, download information, and delete assets. We try to simulate these scenarios as well.
Jeremy: There's always a trade off when a company enforces security in terms of the impact on productivity of your staff and their capability to do their job. Of course, we always discuss this in the report as well as recommendations of actions that should be taken.
Another way of looking at this is to remember that whatever is easy for the end user is also potentially easy for a cybercriminal. So anytime you make it difficult for the end user that you make it difficult for the malicious actor.
When you when implement solutions such as MFA (multi-factor authentication) or require 16-character passwords, it’s not to make users’ tasks more challenging, it's to safeguard the company and to ensure the users are who they say they are.
Related Blog: 5 Tips on How to Prevent Cybercrime for SMBs
Jeremy: Our risk audits generally take four weeks to conduct, broken down in different stages. During the first week—recon week—we discuss with the client what the audit entails and we also perform investigations. We do our due diligence and find out as much information as we can about their network environment, both internally and externally.
We then conduct scans using open-source tools. That means these tools are also available to malicious actors online. We plan our test attack by enumerating open ports and any vulnerabilities that can be exploited.
During the next two weeks of the engagement, we act on the findings from the scans and see what rabbit holes are available, and how far down we can go with them. We collect as much information as possible.
Usually, during the last week of the engagement, we put all our findings together into a document that is accessible to the client. It includes what we found, which tools we used, and everything we accomplished.
I'm very passionate about helping companies better their security posture. So, I really enjoy writing the reports that go over what we found, how we did it, and how to remediate vulnerabilities. We know that if they did this, the next time someone with the same skill-set comes in, they would not be able to take advantage of the network.
Jeremy: We think phishing campaigns add a lot of value to the final report. I like to tell clients that they can have the best security products in the world—the best firewalls, the best spam filters—but malicious actors can often find ways around them.
A good security mechanism to prevent a solid social engineering attack doesn’t exist yet. Malicious actors will try to take advantage of people's desire to be helpful. As people, we like to help; we like to contribute. Bad actors often take advantage of that.
Phishing is huge because, as we say, people are your first line of defense. I'm not saying companies should not invest in cybersecurity technology. These tools are great and needed to reduce the amount of attacks coming in. However, organizations should invest in their people, to ensure they are the first line of defense.
As an example, an employee might get an email that seems to come from their boss. It asks them to go to BestBuy, for instance, and buy five $500 gift cards, as soon as possible. If that’s not something their boss would normally do, employees should question it.
Empowering your staff to identify phishing campaigns, to be able to report them, and to question them should be a priority for all organization leaders.
Related Blog: Grand Theft Data: Cybersecurity Takeaways from the GTA 6 Leak
I enjoy sharing I've learned with other pen testers and helping them improve their skills so they can bring their best work for our clients . Like I said, I'm very passionate about security. I love to get people up to speed in this field.
What does a cybersecurity manager do? As we learned from DOT Security’s Cybersecurity Manager, Jeremy Haberkorn, one of their main duties is acting as a mentor to younger cybersecurity associates, sharing his experiences, and helping them learn how to use a variety of tools.
His team’s work helps organizations find vulnerabilities and risks so that they can prepare defenses to protect against malicious actors. The risk audits they perform are thorough in order to ensure that companies find ways to strengthen their cybersecurity standing.
Learn more about what a cybersecurity provider can do for your organization and what you should expect from one. Check out our blog, 5 Qualities of a Reliable Cybersecurity Company.