Hello guys , i feel like im thinking all the time about , for eample i had all the certifications needed to be a red hat engeneer in addition to some previous rols in IT , hacking and sec what the companys tell them to do , whats happening with them , whats the tasks they give them and how they work toghether , im going to be crazy with these questios in my head 
Hi There,
I work as multi-role for one MSP and how it works is that we do security assessment and red teaming. Now I can’t go into details as it is a bit covered with NDA but, we utilize Qualys, CIS Controls, MITRE and RMM solution for majority of the work.
It really depends on infrastructure what client has, it can be on-prem, cloud or mixture. For both assessment and red teaming there is probability/impact representation provided so that they can understand risk. It usually involves Statement of Work and also statement of work for remediation if they accept it or risk acceptance.
Some of the work is external and internal vulnerability scan.
Enumerating Cloud platform with CIS controls and benchmarks.
Reviewing AD DS environment.
Reviewing FW and network devices.
…
After all info is summarized in report of 60-100 pages, there is also Impact Probability heat map built and future security remediation roadmap.
I’ve worked on cca 60 companies to do both security assessment, red teaming and remediation.
It is important to distinguish red teaming vs pen testing.
Honestly, you won’t find any materials on how to do it as it is more internal thing company builds with experience and needs of their clients. How to get started, in most cases do it in your lab, showcase your boss, expand offering and automate process, expand offerings etc.
Not sure about pentesting but, each person has its own project which means the following:
Initial meetings with clients to understand needs and compliance.
Scooping environment to build SoW or RoE.
Doing the work
Writing documentation and findings in specific standard such as CIS or NIST
Presentation meeting with clients about findings.
So, in most cases, 80-90% is documentation writing/boring.
2 Likes
I Heared that companys can have a 50 Bleuteam cybersec engeneers and non of them is a red team , and i though that they work in isolated privet teams with companys
Client companies usually don’t even have dedicated person for cybersecurity. This is especially case for SMBs. The companies that offer red teaming, depends…but usually small teams. Never meet any blue team person in any company until now. They all shifted to AI based MDR with SOC behind it.
1 Like
Thanks Brother , I prechet yur answer❤