Red teaming is a practice as old as the role of the Devil’s Advocate, the eleventh-century Vatican official charged with discrediting candidates for sainthood. Today, red teams—comprised primarily of fearless skeptics and those assuming the role of saboteurs who seek to better understand the interests, intentions, and capabilities of institutions or potential competitors—are used widely in both the public and private sector. Red teaming, including simulations, vulnerability probes, and alternative analyses, helps institutions in competitive environments identify weaknesses, challenge assumptions, and anticipate potential threats ahead of the next special operations raid, malicious cyberattack, or corporate merger. But not all red teams are created equal; indeed, some cause more damage than they prevent.
In Red Team, CFR Senior Fellow Micah Zenko provides an in-depth investigation into the work of red teams, revealing the best practices, most common pitfalls, and most effective applications of these modern-day devil's advocates. The best practices of red teaming can be applied to the Central Intelligence Agency, New York Police Department, or a pharmaceutical company, and executed correctly they can yield impressive results: red teams give businesses an edge over their competition, poke holes in vital intelligence estimates, and troubleshoot dangerous military missions long before boots are on the ground. But red teams are only as good as leaders allow them to be, and Zenko shows not only how to create and empower red teams, but also what to do with the information they produce.
Essential reading for business leaders and policymakers alike, Red Team will revolutionize the way organizations think about, exploit, compensate for, and correct their institutional strengths and weaknesses. Drawing on little-known case studies and unprecedented access to elite red teamers in the United States and abroad, Zenko shows how any group—from military units to friendly hackers—can win by thinking like the enemy.
Table of Contents
Al Kibar: “Gotta Be Secret, Gotta Be Sure” Why Organizations Fail, But Can’t Know It How Red Teams Function How Red Teams Succeed or Fail Into the World of Red Teaming
Best Practices in Red Teaming The Boss Must Buy In Outside and Objective, While Inside and Aware Fearless Skeptics with Finesse Have a Big Bag of Tricks Be Willing to Hear Bad News and Act on It Red Team Just Enough, But No More The Overarching Best Practice
Origins: Modern Military Red Teaming Red Team University Card Tricks: Mitigating Hierarchy and Groupthink Marine Corps Red Teaming: Challenging Command Climate Millennium Challenge: “The Significant Butt-Kicking” Military Red Teaming Abroad
Alternatives: Intelligence Community Red Teaming Team B: “Reflecting the World as They Saw It” Al Shifa: A Missed Opportunity Inside the CIA Red Cell: “I Wanted My Mind Stirred” Osama bin Laden’s Compound: From Zero to Fifty Percent
Adversaries: Homeland Security Red Teaming Pre-9/11 FAA Red Team: “A Substantial and Specific Danger to Public Safety” How to Shoot Down a Plane: MANPADS-Vulnerability Assessments NYPD Tabletop Exercises: “Never Let the People Believe That They’ve Solved the Problem” Information Design Assurance Red Team (IDART): Making Red Teaming a Commodity Tool
Competitors: Private-Sector Red Teaming Simulating Strategic Decision-Making: Business War Gaming White-Hat Hackers and Hamster Wheels: Cyber Penetration Tests I Can Hear You (and Everyone Else) Now: Hacking Verizon Why Your Secure Building Isn’t: Physical Penetration Tests
Modesty, Misimpressions, and the Future of Red Teaming Realistic Outcomes of Red Teaming Red-Teaming Misimpressions and Misuses Recommendations for Government Red Teams The Future of Red Teaming
"In today's complex world, decision makers need smart, sophisticated, and insightful options. Red Team shows policymakers and CEOs alike that the way to make the best use of your organizational talent is to break down your organization." --Jami Miscik, former Deputy Director for Intelligence, Central Intelligence Agency
"Complacency, groupthink, inertia, tunnel vision. These are the most common after-the-fact explanations of big failures in politics, government, war, and business. In these pages Micah Zenko offers a lucid analysis backed by many fun-to-read examples of common mistakes as well as a useful compendium of best practices. Red Team is must-read for decision makers everywhere." --Moises Naim, Distinguished Fellow, Carnegie Endowment, author of The End of Power
"This is the book the red teaming community has long required to grow and reach a new generation of red teamers. It captures the domain's founding experiences and stories, previously available only anecdotally to a small network of insiders. By writing this book, Micah Zenko has done a great service to both the current and future red teaming community." --Mark Mateski, Director of the Watermark Institute and Vice President, Red Teaming and Strategic Analysis
"Everyone has heard the clichés about 'playing devil's advocate' or 'avoiding groupthink.' Red Team is an impressively clear, convincing, and practical-minded study of how organizations can put in-house contrarians to the most valuable use." --James Fallows, Correspondent, Atlantic
"Zenko, a security expert and fellow at the Council on Foreign Relations, explains, in absorbing detail, the value of red teams, groups formed to act as devil’s advocates...Zenko shows just how these practices can help companies improve performance and identify failings...Armed with case studies ranging from the discovery of vulnerabilities in the Verizon network to the hunt for Osama bin Laden, Zenko offers readers much to consider and an effective way to take action." --Publishers Weekly
“Overall, this is an excellent book for members of the national security community, even if you think you are familiar with the concept of red teaming. Additionally, I enthusiastically recommend it for the business community, as relevant techniques like red teaming and wargames are increasingly being used in the commercial world. In fact, there are few business or government officials who could not derive some insights from the wide breadth of examples Zenko exploits so effectively. His ideas about the future of red teaming, including a formal assessment of U.S. government lessons and experiences, should be followed up on. Ultimately, in the business of strategy, as Winston Churchill said many years ago, one has to take the enemy into consideration. The techniques, best practices, and advice Red Team offers allow tomorrow’s leaders to do just that.” --Frank Hoffman, War on the Rocks
“Overall, this was an enlightening and warming book to read, as it codified many of the theories and beliefs red teamers have but have never put into any formal canon….Ultimately, this was an enjoyable and educational book, both from the perspective of a professional penetration tester and the perspective of a CEO. Finally, I'd like to reiterate that Micah's six best red team practices are pretty spot on…” --LockBoxx Blog
"Grimly well-timed book...Zenko offers a compelling argument for forcing ourselves to think differently, which is ultimately the main purpose of a red team. Even if we won’t know exactly what to expect, we might be better equipped to respond when the unexpected strikes." --Carlos Lozada, Washington Post
"Micah Zenko captures perfectly and eloquently the enormous value of red teams. The best practices Zenko describes are far cheaper and far more effective than any amount of after-the-fact recrimination and retribution. If you're a strategist or decision-maker, you need this book. If you're a citizen, you want this book so you can know how your government can get things better... and might even be getting things right." --Mark Chussil
"The truth is, I’m only partially through reading this book, but it is so good that I need to share this with you now to remove the mental “Blogging tic” and be totally free to absorb its goodness...This is a super and thoroughly enjoyable read, it’s not dry and academic, but immensely informative, vibrant, alive and most importantly – real. Zenko’s passion, knowledge and enthusiasm for Red Teaming positively vibrates from the pages and is delightfully infectious. This book came at just the right time for me and I’d encourage you to grab a copy." --Stuart Winter-Tear, information security researcher
“A gripping, deeply informed overview of red teaming…Red Team is filled with harrowing stories of red-team failures but also successes in the domains of both national security and the private sector, where companies, for example, red team against hackers. These stories reinforce the crucially important strategies (e.g., red teams should inform, not decide) and best practices (e.g., red teams should be semi-independent but sensitive to the constraints of the organization) proposed by Zenko to help the world avoid another catastrophe such as 9/11.” --Soundview Executive Book Summaries
"The time, intellectual effort, and monies allocated to the project were well spent, for the work is likely to become a significant milestone for the discipline....The publication of Red Team by Dr. Micah Zenko is an impressive accomplishment. It has allowed for a glimpse of the entire red teaming universe to be provided to the reader in one work. As a reviewer, and someone who knows something about this discipline, I admittedly found myself learning quite a bit about red teaming applications with which I have not been associated in the past. What Dr. Peter Perla’s book The Art of Wargaming did 25 years ago to help mainstream an understanding of military wargaming, we can only hope Dr. Zenko’s new work will now do for the red teaming community." --Robert J. Bunker, Red Team Journal
"For anyone interested in using a Red Team, developing one for their organization or have been tasked to participate on a Red Team this book is a must read." --James King, Small Wars Journal
“I teach red teaming and I would recommend this book to my students. The purpose of the class is not to teach students to be red teamers, but to teach them how to use war games and red teams when they become senior leaders.” --Gary Anderson, Washington Times
"His valuable analysis and advice will be of particular interest to executives, and anyone charged with strategic planning."
--Gen. H.R. McMaster, Survival: Global Politics and Strategy
In Red Team, Micah Zenko, a fellow at the Council on Foreign Relations in New York, sets out to explain how leaders might improve institutional performance....His valuable analysis and advice will be of particular interest to executives, and anyone charged with strategic planning.
Such external testing will improve your internal penetration testing, including patching systems, says Micah Zenko, a senior fellow at the Council on Foreign Relations who writes frequently about security. “[Hiring a hacker] will tell you which patches are most consequential and which you can prioritize.”
Zenko provides a handy roadmap to the mistakes of others as a guide to future organizations. In an arena where failure results in loss of life or treasure, Red Teamwill be a critical resource for leaders that want to give their organization the best chance at success.
For centuries, the Vatican has used a devil’s advocate to vet all applicants for sainthood. Today, our military, the intelligence community and the private sector employ a technique known as “red teaming” to test vulnerabilities, play war games and give an alternative strategic and tactical analysis of a proposed action. Council on Foreign Relations Senior Fellow Micah Zenko, author of a fascinating book called "Red Team: How to Succeed by Thinking Like the Enemy," tells Jim Zirin of a principled way to arrive at the right answer.
None of the examples that Micah Zenko draws on in this excellent book Red Team come from academia. Yet, while reading Red Team, I kept thinking of ways that the methodology could be applicable to our work in higher education.
Hello r/IAmA. I’m Micah Zenko, senior fellow at the Council on Foreign Relations (CFR)and author of Red Team: How to Succeed by Thinking Like the Enemy(Basic Books, 2015). I’m here today to answer any questions you have about red teaming.
"Our mandate is basically to break as many things as we can," says Chris Rohlf, who heads Yahoo's six-person penetration testing group and red team. Its mission is "to be the offense and find as many security vulnerabilities inside of Yahoo before attackers can find and exploit them to gain access to our systems," he says. "And the primary reason for this role existing is because 'you can't grade your own homework.'" That's a quote from the book "Red Team: How to Succeed By Thinking Like the Enemy" by Micah Zenko, a senior fellow at the Council on Foreign Relations.
I teach red teaming and I would recommend this book to my students. The purpose of the class is not to teach students to be red teamers, but to teach them how to use war games and red teams when they become senior leaders.
“These estimates matter; they matter politically, and they matter in terms of setting the historical record straight,” said Micah Zenko, a senior fellow at the Council on Foreign Relations and Foreign Policy columnist, who has written about the death count. “If you claim to care about protecting civilians from harm, you have to understand how civilians are being harmed, specifically what is the form of lethality that leads to deaths.”
The publication of Red Team by Dr. Micah Zenko is an impressive accomplishment. It has allowed for a glimpse of the entire red teaming universe to be provided to the reader in one work...What Dr. Peter Perla's book The Art of Wargaming did 25 years ago to help mainstream an understanding of military wargaming, we can only hope Dr. Zenko's new work will now do for the red teaming community.
“A gripping, deeply informed overview of red teaming…Red Team is filled with harrowing stories of red-team failures but also successes in the domains of both national security and the private sector, where companies, for example, red team against hackers. These stories reinforce the crucially important strategies and best practices proposed by Zenko to help the world avoid another catastrophe such as 9/11.”
Micah Zenko, a senior fellow at the Council on Foreign Relations and author of the new book “Red Team: How to Succeed By Thinking Like the Enemy.” We talk to Micah about techniques to prevent domestic terrorism, parallels between physical security and computer security and red teaming.
“If you had a Mumbai-like situation in Manhattan, you would not want beat cops coming out of their patrol cars going after them; they would be outgunned and outmanned on the scene,” said Micah Zenko, a senior fellow at the Council on Foreign Relations and the author of “Red Team: How to Succeed by Thinking Like the Enemy,” which includes analysis of the New York Police Department’s counterterrorism preparedness.
"The truth is, I’m only partially through reading this book, but it is so good that I need to share this with you now to remove the mental “Blogging tic” and be totally free to absorb its goodness. The book is: Red Team How to Succeed By Thinking Like the Enemy, published in November and written by MicahZenko....This is a super and thoroughly enjoyable read, it’s not dry and academic, but immensely informative, vibrant, alive and most importantly – real. Zenko’s passion, knowledge and enthusiasm for Red Teaming positively vibrates from the pages and is delightfully infectious. This book came at just the right time for me and I’d encourage you to grab a copy."
Micah Zenko has a piece of advice for frazzled security executives: Start thinking like the enemy...The Parallax recently caught up with Zenko, a member of the Council on Foreign Relations, to learn how they’re doing it. Here is an edited transcript of our conversation.
The events are fictional, but the failure was real enough, as Micah Zenko recounts in his grimly well-timed book, “Red Team.”...Zenko offers a compelling argument for forcing ourselves to think differently, which is ultimately the main purpose of a red team. Even if we won’t know exactly what to expect, we might be better equipped to respond when the unexpected strikes.
You might not be familiar with the term “red team” but it’s a concept that is used by the CIA, the military and many corporations to assess their vulnerabilities and better protect themselves against threats. Micah Zenko, a senior fellow with the Council on Foreign Relations, analyzes this concept in his new book “Red Team: How to Succeed By Thinking Like the Enemy.” He tells Here & Now‘s Indira Lakshmanan that the theme of his book is “you can’t grade your own homework.”
For over a decade, those of us who teach wargaming and red teaming have used Millennium Challenge ‘02 (MC ‘02) as a poster child for how not to design or run a wargame. Micah Zenko offered the most comprehensive account to date of MC ’02 earlier this week here at War on the Rocks.
Millennium Challenge 2002, a U.S. military red teaming exercise, was doomed to fail from the start. In an excerpt from his book, Red Team: How to Succeed by Thinking Like the Enemy, Micah Zenko tells a more comprehensive version of the story than has ever been told, featuring interviews with numerous leaders of the military exercise.
These are some of the awkward questions the intelligence agency’s shadowy Red Cell was designed to answer. In a gripping report for Foreign Policy, author Micah Zenko has revealed how the experimental unit transformed the intelligence community since it was set up after 9/11 with the express aim to “p*** off” senior officials.
Micah Zenko is a Council on Foreign Relations fellow who has written what is arguably the first and definitely the most comprehensive examination of Red Teaming, its history and modern applications. His new book is called “Red Team: How to Succeed by Thinking like the Enemy” and is a supremely interesting investigation into a little studied aspect of national security and foreign policy making.
Though employees may think their company’s office building is secure, the outward appearance of security is rarely correlated with the actual protection of that building, or the people and contents within. In an excerpt from his book, Red Team: How to Succeed by Thinking Like the Enemy, Micah Zenko details how penetration tests are used to identify vulnerabilities in a building’s physical security.
The New York Police Department runs simulated exercises, called tabletop exercises, to test the responses and decision-making of senior commanders in advance of prominent events (the Thanksgiving Dayparade), in response to complex threats (missing radioactive material), or for new potential perpetrators (lone wolf attackers). Micah Zenko explores the use of NYPD tabletop exercises in his new book, Red Team: How to Succeed by Thinking Like the Enemy, including his firsthand experience attending one.
Micah Zenko gives the first, ever look inside the CIA’s Red Cell—a unit tasked with conducting alternative analyses to anticipate threats and challenge conventional thinking. This is an excerpt of his book, Red Team: How to Succeed by Thinking Like the Enemy.
The Zenko book is a good complement to Superforecasting, because it shows how organizations, not just individuals, can overcome their biases toward false certainty and make good predictions, in geopolitics and business, in public and private sectors. With simulations, vulnerability probes, and alternative analyses that offer fresh eyes on a complex situation or intentionally oppose a certain position, red teams can greatly improve the accuracy of forecasts in the same way that Tetlock’s experts do.
“It’s both expected and helpful if there are dissenting viewpoints about conflicts in foreign countries,” said Micah Zenko, a fellow at the Council on Foreign Relations and author of a forthcoming book, “Red Team,” that includes an examination of alternative analysis within American intelligence agencies. What is problematic, he said, “is when a dissenting opinion is not given to policy makers.”
“Kill-em-all with airstrikes” is not working against ISIS.That’s the acid conclusion from the Council on Foreign Relations’ Micah Zenko, who notes: 1) U.S. officials estimated in 2014 that the Islamic State group numbered about 30,000 fighters, 2) recently said 25,000 have been killed since then; and 3) now believe there are about 30,000.Council on Foreign Relations' Micah Zenko discusses terrorism. He speaks on "Bloomberg Surveillance."