Software Integrity Blog

Author Archive

Thomas Richards


Thomas Richards, a principal security consultant within the Synopsys Software Integrity Group, has been in information security consulting for 8 years. Thomas is currently responsible for overseeing Synopsys' network penetration testing and red teaming services. He currently holds the Offensive Security Certified Professional (OSCP) certification and has publicly disclosed dozens of vulnerabilities.

Posts by Thomas Richards:


How to build a game-changing red team

Building a red team requires finding the right personnel with the malicious mindset, technical talent, and vision to drive the program to success. An impactful and game-changing red team will increase your organization’s security posture by performing holistic testing and emulating real-world threat actors. Your team will identify areas where vulnerability protection, attack detection, and reaction processes can be improved to prepare for a real attack. How do I build a red team? Your team must have a leader who can drive the program and technical staff who will perform the day-to-day activities. As you build a red team, keep in mind some key characteristics that make for a group that works together effectively. Leadership Key personnel with leadership and vision can drive a red teaming program to success. Your team leaders should have not only the technical expertise but also the business sense to identify and pursue opportunities in the organization. This will help them communicate strategic goals to their team and outline business risks with senior organization leadership. They’ll also shape and drive the mission of the team and lead the program to success.

Continue Reading...

Posted in Application Security