Role Playing for Red Team Testing

Share on LinkedInShare on FacebookTweet about this on TwitterShare on Google+Pin on PinterestEmail this to someone

surveillanceA key element of security training is testing.  And the best testing is in the form of red teaming or simulated adversarial tests.  You may already be familiar with the kind of red teaming that the TSA does, where for example, their agents try to infiltrate a weapon onto a flight.  There is much more to it than that.

We use role players to test the security systems of our clients.  The role player mimics the behavior and actions of a would-be criminal or terrorist who could be trying to get a weapon through or, just casing the joint.  Maybe they are conducting surveillance or researching potential targets.  The operational possibilities are endless and always reflect the methods of operation the adversary would use against the protected target.

Red teaming and role players support our quality assurance services.

In fact, we often turn to our clients’ security officers to act as the role players for the test exercises.  A security officer from perhaps another property or who is normally on a different shift – steps in.  A Method of Operation (MO) is decided upon.  Perhaps the MO is purse-snatching.  The officer starts acting like a purse-snatching thief, following potential targets and mimicking that behavior.  Hopefully, the Security Officer on duty notices.  If he does, he passed the red team.  If he does not, it is a fail and a learning experience.

There are multiple benefits to this technique:

  • The role playing officer gets a chance to walk in the adversary’s shoes.  Seeing the security situation from the other side can be a real eye opener.  The adversary is no longer theoretical.  Having to act the part, the officer is closer to being ‘in the head’ of the bad guy.  That’s a good place to be if you are trying to prevent threats from becoming events.

 

  • The officers have an added sense of responsibility.  There is a tendency for officers to feel isolated and in fact often they are alone on post, that’s the nature of the job.  However, after a red teaming experience they often realize that they are a part of a bigger picture.

 

  • Rather than hear descriptions of the MOs and the suspicion indicators, the officer experiences them.  They also gain a better understanding of Suspicion Indicators because they are obliged to act them out.

 

  • Officers get a better perspective on what good performance looks like versus under performance.  The difference between getting it right, or not, becomes crystal clear in a red team situation.

 

  • The red team testing is a great training tool, both for the role player and the security officer.  The approach should never be one where the role player is trying ‘to get’ the officer.  A red team fail is not a win for the role player.  It’s just a chance to bolster a weak skill or to fill in missing knowledge about the MOs and associated suspicion indicators for a given protected environment.  Everyone responsible for security there stands to benefit from the lessons learned.

Statistically, officers do a much better job on post after having had such an experience.  Imagine the experience for yourself and you’ll have no doubt it’s effective.

1 Comment

  1. John Booth on March 8, 2017 at 8:03 pm

    A well written and cogent article. I suggest that anyone who is remotely interested in Red Teaming visit RED TEAM JOURNAL at http://redteamjournal.com/ They have been doing Red Teaming science well before 9/11 and the articles and studies found at the site are truly erudite and compelling. Their Red Team reading list is a “go to” source for well researched and peer reviewed information about all aspects of Red Teaming.

Leave a Comment