Red Teams – How to plan for what you haven&#...

Red Teams – How to plan for what you haven’t thought of


Leadership can be a terrifying thing sometimes. A good leader must provide direction and clarity in instructions on how to get to the end goal. This can be extremely difficult when you are plagued by the unknown. Often times the best made plans can come apart due to unforeseen circumstances. The question of “What if there is something we haven’t thought of yet” can be paralysing to even the most experienced leaders, especially in times of critical decisions where revenues, jobs, entire businesses or even lives are on the line.

So what is the solution?


“Red Teams” are a paradigm named by the CIA and have been used since the cold war. However the origins of the paradigm dates back to the 13th century and was used by the Vatican in the appointment of saints. The term “Devil’s Advocate” was given to someone employed by the pope to ascertain and uncover any reasons why a particular person should not be named a saint. The Devil’s Advocate would try and uncover any evidence of unholy behaviour and would present the evidence in a sort of ‘trial’ – arguing against the nominated.

Red Teams have been used in the intelligence community to test for weaknesses or develop alternate strategies or explanations. The team would quite often act as the enemy and attempt to break in, steal or disrupt the intelligence efforts. As this was in the cold war era, the term “Red Team” loosely refers to The Soviet Union.

The same tactics have since migrated to the corporate world in areas such as IT security, business analysis and risk analysis. The Organisation will typically employ a red team to ascertain what has not been thought of yet.

There are 3 Methodologies for Red Teams:

  1. Simulations
  2. Vulnerability probes
  3. Alternative analysis


An example of a simulation would be where a red team attempts to “break in” to a system, either physically or virtually. This is then used to test the security measures and staff on how to react in one of these situations. Multiple simulations are typically run to cover all methods of attack.

Vulnerability Probes

This methodology is similar to a simulation however it is not used to test the strength of the security team, but the strength of the system or idea itself. This can range anywhere from a team attempting to break into a system, through to a team attempting to find problems with a plan or strategy.

Alternative Analysis.

An example of alternate analysis can be seen in how the CIA famously used a red team. Analysts deliberated over satellite photographs obtained of a building in the middle east. The analysts ascertained that the building was likely a nuclear reactor with 60% certainty. A Red Team was employed to develop an alternate theory on the photographs. The Team ultimately ascertained that the most likely explanation for the photographs was that it was a nuclear reactor. Given that two separate teams had reached the same conclusion, the CIA was confident that the photographs did in fact show a nuclear reactor. This is an example of how Red Teams can be used in times of critical decisions.


DK is a writer, publisher, editor, guitar player, excessive beer drinker and reader of books. On weekends you can find him in some shady bar picking a fight with a barstool.