Thinking Like An Adversary

Having an understanding of who the adversary is, how he thinks, what his motivations are, how he acts, and how he might exploit weaknesses and security vulnerabilities will make any security prfessional and any organization better prepared.

Organizations should move beyond merely reacting to security events and adopt a more proactive approach, inspired by the red team mindset. This means thinking like an attacker, anticipating what vulnerabilities could be exploited, and staying two or three steps ahead, planning and preparing in advance and implementing detection and deception strategies. This way of thinking allows organizations to be ready for future attacks, and make it harder for the adversaries to be able to exploit any security issues.

If one has enough visibility into what an adversary might do, their TTPs (tactics techniques and procedures) and motives, a much better overall security defense posture can be set, a better plan with various degrees of contingencies can be prepared, and when a new challenge presents itself, the whole organization is better suited to deal with it.

Note: a slightly different version was posted on the Red Teams Blog as well.