By Paul Richards, Head of Education at The Cyber Scheme
“Today I was invited to a meeting regarding our new Cyber Scheme Red Team Manager assessment. (CSRTM). Up until today I have had very little involvement; I’m not a red teamer, my specialism is in training and assessing security testers (previously known as pen testers).
I do have an interest in social engineering and the psychology of social engineering, but I’m too short to climb through windows to put in devices for network exfiltration! However, I’m told all short bald men look the same, so maybe I could just walk through reception as I look like the other short bald man that works there… “Morning Dave”, the secretary shouts as I walk in.
Anyways back to the Red Team meeting… as well as all the good stuff already mentioned on various webinars the Cyber Scheme has hosted, I learned that, assuming alignment with Chartered levels is embedded for this assessment, there will be no Trainee, Junior, Practitioner, or Principal Red Team Manager; it’s destined to go straight in at Chartered level, top of the tree, the highest level The Cyber Scheme offers. This makes complete sense to me as it blows my tiny mind when people ask about moving into pen testing when they have no (and I mean no) IT experience. It’s like someone saying ‘I want to be a brain surgeon, but I’ve never even given someone a sticking plaster’. People without experience of being a Red Team Manager stand little hope of gaining this certificate and very few will hold it. I do think that with the stakes at hand, i.e. red teaming in MOD, blue light, government, national infrastructure etc are such that we shouldn’t be giving out this certificate to those that are still cutting their teeth.
It goes without saying that there will be significantly more red team technical specialists out there than managers. We will be developing further certification once the Manager role is launched and underway.
Reach out today, living the dream, in the red team at The Cyber Scheme.