Building a Red Team in a complex environment
2019-11-30, 15:40–16:10 (Europe/Vienna), Dachsaal

The question which have been always asked, do we really need an offensive security team in our organisation?

In this presentation I'm going to talk about my journey of building-up the offensive security team at one of the biggest Dutch banks. What are the takeaways, approach, achievement and mistakes done during that journey.


As described in the above abstract, the following topics will be covered:
  • The challenges during the recruitments
  • What makes the pentest team activity different than the red team ?
  • How we can make the Red-Team more inline with the DevOps ?
  • Who are the relevant stakeholders for the pentest and Red-Team ?
  • What are the biggest mistakes done and how we can avoid it in the future.
  • is it really worthy to have an internal Red-Team or penetration testing is enough ?
  • What makes it different to build-up the team in a complex environments ?

Most of organisations think that performing penetration testing should be enough to assess the security posture of its assets. However, in this talk you will be introduced to a different experience.

Ahmed is a professional penetration tester with over 5 years of experience in penetration testing including but not limited to the web application, infrastructure, and mobile security testing. During his work, Ahmed occupied the role of penetration tester in various industries and companies helping the clients securing their applications and infrastructure. His main focus was not only on performing penetration tests but also the application security is an interest, working closely with the development teams starting from the design to the deployment of the solutions to advice on security manners.

Ahmed performed security tests for many high profile entities in the Middle East and Europe, Highly skilled hands-on application security assessment and development of security tools with a deep understanding of vulnerability management process and risk assessment.

In his spare time, he used to play CTF and discover vulnerabilities affecting different products. He has been acknowledged for his security findings in a different hall of fame of different vendors.

https://twitter.com/@_ahmadsherif