Building a Red Team in a complex environment
2019-11-30, 15:40–16:10, Dachsaal

The question which have been always asked, do we really need an offensive security team in our organisation?

In this presentation I'm going to talk about my journey of building-up the offensive security team at one of the biggest Dutch banks. What are the takeaways, approach, achievement and mistakes done during that journey.


As described in the above abstract, the following topics will be covered:
  • The challenges during the recruitments
  • What makes the pentest team activity different than the red team ?
  • How we can make the Red-Team more inline with the DevOps ?
  • Who are the relevant stakeholders for the pentest and Red-Team ?
  • What are the biggest mistakes done and how we can avoid it in the future.
  • is it really worthy to have an internal Red-Team or penetration testing is enough ?
  • What makes it different to build-up the team in a complex environments ?

Most of organisations think that performing penetration testing should be enough to assess the security posture of its assets. However, in this talk you will be introduced to a different experience.