Building a Red Team Capability

Cybersecurity Discipline:
Building a Red Team Capability

Can a friendly company hacker exist? A growing number of companies see the advantage not only in simulated attacks but in indirectly testing their defense controls and their ability to detect attacks as well. Increase your value within your organization's security team by finding the gaps in your organization's cyber defenses and addressing them before nefarious parties attempt to break in. In Building a Red Team Capability, you'll discover strategies to test your organization's ability to detect cyberattacks and understand how to test an organization's defense controls.

4 weeks
Next Start

Installment payments are now available on all course purchases!

Knowledge Areas

Red team function building
Mitre ATT&CK framework
Red team management
Read team exercises
Metric evaluation
ATT&CK for red team exercises
percent icon

100% Online

timer icon

No Mandatory Login Times

module icon

4 Modules

pencil and paper icon

4-6 Hours of Work per Module

digital badge for Building a Red Team Capability from EmergingEd powered by EmergingEd

Digital Badge

Jeffrey Groman, CISSP

Your Subject Matter Expert:

Jeffrey Groman, CISSP

“If you've got the right skills and people in your security team already, they’re going to know your environment intimately. They know your technologies and applications, they understand what's going on in the network and they'll have some really good ideas for what they might want to red team against.”

Course Modules

This focused cybersecurity course is ideal for managers who want to develop the knowledge necessary to adeptly assess and utilize complex threat intelligence. Sharpen your decision-making ability by developing an understanding of the forms that contemporary threat intelligence can take and explore real-world examples of threat intelligence in action.

Module 1: What Is Threat Hunting and Where Does It Fit In?

Define the activities, goals and objectives of your threat hunting capability. Identify assumptions and knowledge of your network in order to determine valid targets to hunt for. Explain key steps involved in building a threat hunting function inside your current program. Describe key ingredients for maximizing your team's threat hunting outcomes.

Module 2: Building Hypotheses and Hunt Targets

Describe key components of the hunt process including the role of the hypothesis in the process. Define the elements of a good hunt hypothesis. Evaluate the quality of various hunt hypotheses. Create a hunt hypothesis. Explain how available tools can become the limiting factor in developing good hypotheses. Describe the role and functionality of MitreAtt&ck in the hunt process.

Module 3: Hunting Maturity Model

Describe the role of the maturity model as applies to threat hunting activities. Explain key components of the hunting maturity model. Describe the relationship between the pyramid of pain and hunting maturity. Explain key steps involved in progressing your team to perform different and higher quality hunting activities.

Module 4: Packaging and Maintaining Threat Intelligence

Describe how to use metrics to measure your team's effectiveness and trends over time. Apply metrics to measure threat hunting effectiveness. Justify the investment in time and money and its value to leadership using metrics. Evaluate sample metrics.

Ready to redefine your future?

Get started with EmergingEd today.

Jeffrey Groman, CISSP

Jeffrey Groman, founder of Groman Consulting Group, is dedicated to helping organizations identify and resolve their greatest cybersecurity risks. Mr. Groman has worked in the security field for more than 20 years. As a cybersecurity consultant, he has guided major corporations, including banks, insurance companies and software providers through risk prevention and rapid response to incidents and security breaches.

Mr. Groman is certified in forensic analysis and application security, and previously worked with Mandiant Security Consulting Services and FireEye, providing strategic and incident response consulting to security teams and educating executives through delivery of SOC assessments. In these roles, Mr. Groman led a team of consultants and functional experts in working with a wide range of clients across multiple verticals, including NYC Health and Hospitals, Blue Cross Blue Shield Association, Ameriprise Financial, American Express, Ally, Huntington National Bank, Eaton, Caterpillar, DST Systems, Sprint and TransAmerica.

Mr. Groman is passionate about cybersecurity and partnering with clients to find solutions to complex issues. His book “Avoid These 11 Pitfalls and Minimize the Pain of Your Next Data Breach” is designed to help organizations learn from his decades of real-world experience. He has presented at Information Systems Security Association (ISSA) International, NetSecure, and Infragard conferences; briefed boards of directors; conducted tabletop exercises and workshops; and helped clients build security processes to be better prepared for the inevitable.

Mr. Groman has a BS in Electrical and Computer Engineering from the University of Colorado, Boulder.