Book Review: Red Team: How to Succeed by Thinking Like the Enemy
Red Team: How to Succeed by Thinking Like the Enemy; By Micah Zenko. Basic Books; basicbooks.com; 336 pages; $30.
A thorough and concise red teaming resource, Red Team: How to Succeed by Thinking Like the Enemy provides a clear introductory outline of the beginnings, functions, and types of red team operations. It then expands on the topic to include best practices and how red teaming can be used in various settings, such as homeland security, the military, and private firms.
Author Micah Zenko enumerates six best practices: 1) the boss must buy in; 2) outside and objective, while inside and aware; 3) fearless skeptics with finesse; 4) have a big bag of tricks; 5) be willing to hear bad news and act on it; and 6) red team just enough, but no more.
These are supported in the words of the red team professionals and illustrated with examples and storytelling that many readers can directly apply to their service sector or industry. The author provides insight and lucent examples into the three main techniques commonly used in red teaming: simulations, vulnerability probes, and alternative analyses.
The remainder of the book expands on recent military red teaming, red teaming in the intelligence community, homeland security and government red teaming, private sector red teaming, and, finally, thoughts for the future.
Not only is this book an asset to inform the novice of the history, purpose, methods, and results of red teaming, but it also provides new insights and a superb review of the subject. It is informative for all experienced penetration testers, simulation exercisers, and analysts in any career field, and well worth reading for any security or safety professional.
Reviewer: Joshua D. Fowler is a retired U.S. Air Force officer with 28 years of antiterrorism, emergency preparedness, and law enforcement experience. He conducts worldwide red team testing of U.S. Customs and Border Protection locations for hazardous materials, smuggling, and narcotics threats.