Ep.8 - Marcus Sailler, Global Director of Red Team at MUFG
Download MP3In this episode of Hackers to Founders, Chris Magistrado interviews Marcus Sailler, a seasoned expert in cybersecurity with over 25 years of experience. They discuss Marcus's journey from the military to leading red teams, the importance of understanding business impact in cybersecurity, and the nuances of interviewing in the field. Marcus shares insights on building effective red teams, the significance of program development, and how aspiring professionals can transition from pen testing to red teaming. The conversation emphasizes the need for intellectual curiosity, practical experience, and the ability to communicate effectively within organizations. In this conversation, Chris and Marcus delve into the dynamics between red and blue teams, discussing the transition of professionals between these roles and the importance of understanding various vulnerabilities. They explore the relevance of legacy vulnerabilities in modern cybersecurity, the challenges faced in building effective red team programs, and the ethical considerations surrounding the use of zero-day vulnerabilities. Additionally, they highlight the significance of industry breaches in validating security programs and the value of certifications and training for aspiring red teamers. In this conversation, Chris and Marcus delve into various aspects of cybersecurity, focusing on the importance of critical thinking in exams, the transition from on-premises to cloud environments, and the necessity of understanding cloud infrastructure for red teaming. They also explore social engineering techniques, particularly vishing, and discuss the #WeHackHealth movement, which combines fitness and cybersecurity. Additionally, they touch on the discovery of CVEs and the challenges of vulnerability management in software. In this conversation, Chris REal0day and Marcus Sailler discuss various aspects of the cybersecurity industry, including investment opportunities, content creation strategies, the importance of networking, and career transitions. They explore the challenges of building relationships in a corporate environment, the significance of soft skills, and the complexities of navigating global cybersecurity issues. The discussion also touches on the differences between vulnerability research and red teaming, highlighting the unique challenges and rewards of each career path. In this conversation, Marcus Sailler and Chris REal0day delve into various aspects of cybersecurity, leadership dynamics, cultural insights, and personal growth. They discuss the challenges of reporting vulnerabilities without rewards, the complexities of different leadership styles, and the importance of understanding interpersonal relationships through concepts like love languages. The conversation also touches on the significance of cultural adaptation in language learning, the tools essential for cybersecurity professionals, and the value of continuous training and development in red teaming. Additionally, they share insightful book recommendations that emphasize resilience and self-awareness in both personal and professional contexts.
Takeaways
Takeaways
- Red teamers must understand the business impact of their findings.
- Interviews should be interactive and allow for discussion.
- Early career experiences can be valuable in cybersecurity.
- Joining the military can provide a strong foundation for IT careers.
- Building a red team requires maturity in the organization's security posture.
- Learning from experts and networking is crucial for career development.
- Program development is essential for legitimizing red team efforts.
- Demonstrating curiosity and initiative can help in career transitions.
- Creating internal communities can foster talent and interest in cybersecurity.
- Understanding operating systems is key for effective red teaming. Red teamers often transition from blue team roles due to frustration with unaddressed issues.
- Understanding foundational vulnerabilities is still valuable, even if less prevalent.
- The usefulness of vulnerabilities depends on the organization's maturity and vulnerability management program.
- Building a red team requires investment in talent development and retention.
- Using industry breaches can effectively validate the need for security programs.
- Ethical considerations arise when using zero-day vulnerabilities in demonstrations.
- Training and certifications are crucial for effective red teaming.
- Practical experience is essential for understanding red team operations.
- The urgency of red teaming requires quick execution in complex environments.
- A strong understanding of both offensive and defensive strategies is necessary for red team success. The exam structure emphasizes critical thinking and situational awareness.
- Understanding cloud infrastructure is crucial for aspiring red teamers.
- Vishing is an effective social engineering technique that uses phone calls.
- The #WeHackHealth movement promotes fitness within the cybersecurity community.
- Vulnerability management requires collaboration and team effort.
- Process Hacker is a valuable tool for discovering vulnerabilities.
- Mitigating vulnerabilities can involve clever solutions that obscure predictable patterns.
- The complexity of multi-cloud environments presents unique challenges for security professionals.
- Social engineering tactics are evolving with advancements in technology. Investing in cybersecurity contributes to industry growth.
- Networking is essential for career advancement.
- Building relationships should be genuine, not transactional.
- Career transitions can lead to exciting new opportunities.
- Soft skills are crucial for effective networking.
- Global challenges require tailored approaches in cybersecurity.
- Red teaming offers a different perspective than vulnerability research.
- Trial and error is part of building effective teams. Bounties in cybersecurity can complicate vulnerability disclosure.
- Leadership styles can significantly impact team dynamics.
- Understanding love languages can enhance workplace relationships.
- Cultural adaptation is crucial when learning new languages.
- Bloodhound is a powerful tool for Active Directory reconnaissance.
- Continuous training is essential for red team effectiveness.
- Books on personal growth can provide valuable perspectives.
- Ego can hinder personal and professional development.
- Resilience is key to overcoming challenges in cybersecurity.
Guest - Marcus Sailler
Linkedin - https://www.linkedin.com/in/marcus-s-8bbb5340/
Trainings Mentioned
SpectorOps.io - https://specterops.io/training/
Books Mentioned
Red Team Development and Operations: A practical guide by Joe Vest and James Tubberville - https://amzn.to/4145X5a
The Art of Attack - Attacker Mindset for Security Professionals by Maxie Reynolds - https://amzn.to/3Ops6n5
The 5 Love Languages: The Secret to Love That Lasts - https://amzn.to/4fJR1O3
The Obstacle Is the Way: The Timeless Art of Turning Trials into Triumph by Ryan Holiday - https://amzn.to/3Vc8juW
Linkedin - https://www.linkedin.com/in/marcus-s-8bbb5340/
Trainings Mentioned
SpectorOps.io - https://specterops.io/training/
Books Mentioned
Red Team Development and Operations: A practical guide by Joe Vest and James Tubberville - https://amzn.to/4145X5a
The Art of Attack - Attacker Mindset for Security Professionals by Maxie Reynolds - https://amzn.to/3Ops6n5
The 5 Love Languages: The Secret to Love That Lasts - https://amzn.to/4fJR1O3
The Obstacle Is the Way: The Timeless Art of Turning Trials into Triumph by Ryan Holiday - https://amzn.to/3Vc8juW
Creators and Guests
Host
Chris Magistrado
Host of @HackerToFounderOwner of @TopClearedRecSecurity Researcher. Defcon is fun. CCCamp is a trip.
