Securing Facebook with Red Teams
I'm a Director of Security at Facebook, and I've been intentionally causing security incidents to happen for the past couple of years. It's a miracle I'm still employed there.
I'll speak about aggressive "Red Team" exercises we run. These are planned security incidents caused by an external team of hackers that I organize. The Facebook Security team is not involved in the planning of these exercises and must respond to them unannounced and unprepared. They are designed for months for about a week of pain and suffering for Facebook Security. As you can imagine, we improve a lot from these exercises.
Ars Technica wrote about two drills, where we held the security team hostage and used zero day exploits against our employees.
We'd like to speak about the third exercise. I'd like to keep the punchline secret, but I can promise it's better than than the first two.
Additional Supporting Materials
- What are "Red Teams" and how does Facebook use them?
- How does Facebook Security prepare for security breaches?
- How do you plan a Security Incident?
- How is this different from traditional Red Teams?
- What is Facebook's employee culture towards Security like?
- Ryan McGeehan Facebook
Ryan McGeehan Facebook
Show me another