Skip main navigation

New offer! Get 30% off your first 2 months of Unlimited Monthly. Start your subscription for just £35.99 £24.99. New subscribers only T&Cs apply

Find out more

In-house or Contracted

In this video, you will go through the considerations a user needs to take into account when deciding to set up a Red Team and/or a Blue Team.
In this video, we’re going to be talking about whether your Red Team or Blue Team should be in-house or contracted, assuming that you’re going to be setting up a Red and Blue Team - and/or Blue Team, rather. So before we just go off and either set up our own Red and Blue Team or begin to go out there and contract, we need to take some things into consideration. So what do we need to consider before we even begin? Well, one major factor is going to be are you a small organisation or large?
Now, the reason I bring this up is it - having a team is really going to depend on - well, this is assuming you’re already going to want to have a Red Team and/or Blue Team. Depending on your organisation size, this is going to help to make that determination. So if you have a small organisation, depending how small you are, it may not make sense to have a in-house Red Team/Blue Team. After all, do you have the resources, the staff to support such a team? If you have a small IT team, you’re probably better off looking at training your network team.
Outsourcing is likely going to make more sense for this because, again, if you have a small IT team, you’re not really going to have the resources, too, in order to train them. After all, they’re probably going to be pretty busy with doing their day-to-day work instead of actually setting up a dedicated team to attack or defend. You’ll be spreading yourself too thin. So again, if you’re really going to be setting up a Red Team/Blue Team, you’re probably better off outsourcing at that point. Now, if you have a large organisation, well, you do have some more leeway. You tend to have a larger staff and resources to support a in-house team.
Larger organisations tend to have a larger pool of IT personnel. The larger organisation also tends to have a larger budget in order to facilitate training or - and/or the proper pay scale for those positions. After all, a Red Team member or a Blue Team member should be making more than, say, a desktop technician because they are doing a lot more work. They’re doing a very specialised job. Ultimately, it’s going to come down to management, though. If they see a benefit of having a in-house or contracted - or even if they don’t believe in a Red Team or Blue Team exercises, unfortunately, it does always come down to management.
So if it’s important to you, you do need to make the case for it. But again, large organisations are going to have more flexibility in this because, again, they will have a larger IT personnel. They do tend to have a larger budget. And they have more to lose.
So pros and cons - outsourcing means that you don’t have to have staff trained to do this. That means that your staff, your current IT staff, could be - well, they could be doing what they were originally hired to do. Outsourced companies are specialised, tend to be specialised, in this type of work. And there’s a lot of really great companies out there that do this. Overall, costs can be cheaper outsourcing it. So depending on how often you run these exercise - if it’s going to be once, if it’s going to be, say, once a year or once a month or whatnot, it might be cheaper to outsource it.
Having a internal team - well, having an internal team is, off the bat, they should know your network and company better than someone coming from the outside. Someone coming from the outside is going to - you have to do a Blue Team. And they’re going to have to spend some time learning your network, learning your policies, and whatnot. If you’re just doing a Red Team, that doesn’t necessarily apply because a hacker is probably not going to know everything there is to know about your network or have someone on the inside briefing them on the network right off the bat. So that’s going to be more for a Blue Team side.
Internal teams will be able to test as often as you want or need them to. After all, they’re your employees. So you could just say, well, I want you to run a simulation every week, every month, whatnot. And you can restructure and specialise your Team as needed if it is in-house.
There’s really no way to say, well, yes, you should run a Red Team/Blue Team in-house. You should run a Red Team/Blue Team out. As you saw in the previous slides, the answer’s going to vary from company to company. Again, it’s going to depend on your resources. It’s going to depend on your company’s objectives. It’s going to depend on what your resources are. It really has a lot of factors to consider over running a Red Team or Blue Team. And again, if you make the decision that you do want to have a Red Team or Blue Team, how often are you going to be running these exercises?
Is it necessary to have a Red and Blue Team or can you just get away with a Red Team or just a Blue Team? And how much resources do you have? Do you have the resources to train your internal staff to take on those roles? If you don’t, well, then you should probably outsource it. Do you have the resources to outsource it? And also, do you have management’s approval and blessing for this, because that is ultimately going to determine whether you’re able to do this?
So this was about Red Team/Blue Team, whether they should be in-house or outsourced. In the next video, we’re going to be talking about one of my favourite topics, which is OSINT. And it stands for Open Source Intelligence. And we’re going to be talking about tracking attackers using this technique. So thank you for watching. I’ll see you in the next video.

In this video, you will go through the considerations a user needs to take into account when deciding to set up a Red Team and/or a Blue Team for their network security testing.

In the last step, you had to explain why you would select a Red Team or a Blue Team if you had to choose only one team to test your network security. This video will go through the considerations that you should take into account when setting up either team, or both, as part of your network security plan. One of these considerations is whether you could use an in-house team or a contracted team; in this video, you will see what information should inform this decision.

Reflect and share: If you are going to set up a Red Team/Blue Team for your company, would you do this in-house or contract it out? Share your reasoning for your decision in the comments section below.

This article is from the free online

Advanced Cyber Security Training: Network Security

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now