Time Management for Red Teams

This post is likely going to take a while for me to write. The good news is you don't need to wait as by the time you are reading this I will have finished.

I am often asked by friends and co-workers, "How are you able to do so much? Where do you find the time?" For context, I work a full-time red team job, I have a family, I have a commute now that is about four hours total, I serve at my church in various fashions, I perform research, I write blog posts, I teach cyber security to middle and high school students and also coach four CyberPatriot team (same students). Starting to understand the question posed to me?

I often joke by responding "I neglect a LOT!" but the truth is that managing time is HARD, but doable. This post is meant to be some of the tips/tricks that I use to make sure I can fit everything in, and is not a sure solution for everyone.

Prioritize

The first thing I do is set for myself a list of priorities. This for me is not written out, but is on my mind all the time when it comes time to determine what/when I would do something. What are YOUR priorities? What are they currently, and what do you want them to be?

For me my priorities are God, family, friends, work. For many that might be strange, but each have their own order of priorities. This means if there is a conflict of activities between a work event and my son or daughter's school play, I will be doing what is needed to make sure I can make it to the play. This isn't always possible, but based on my priorities, I would place that play as a higher priority than a work event.

Once you have your priorities set, start making time for the higher priority items. I am not saying neglect things that you need to do with work, but if a work holiday party and a family party land on the same night, I know which one I am going to and which one I am declining.

Set Time Limits and FOCUS

How many times throughout the day do you switch tasks? For me it is constantly. This is BAD and wastes time, and this is an area I need to work on more. If you can stop switching tasks, focus on one task and set a time limit to complete that task, you will be better managing your time.

One thing I have learned that has been a huge help (thanks to Tim Medin's talk at the SANS Pentest Hackfest in November 2017) is to set a time to check email, and otherwise ignore it. Tim also talked about culling the notifications on your phone, which will help keep your mind from losing focus and starting to wonder what that buzz or ding was.

Kill off the time wasters

You likely have a smartphone. These devices can be a great help, but also a huge hindrance. I love playing mobile games. It is very easy to pick up my phone, play a quick game, then go back to doing something else. Maybe for you it is social media. Pick up your phone, log in Facebook or Twitter or any of the other social media sites and scroll through all the updated statuses and pictures of food or cats.

While these can be useful, it is also a huge time waster. I killed off my Facebook account, I only check Twitter occasionally, and I am working on my mobile gaming addiction. I try to only play when I have downtime, though I do still find myself killing time. Hey, it is a work in progress right!

Once you start killing off the things that tie up "small" amounts of time, all that time adds up and gives you back some of your time.

Take Breaks

Maybe you aren't willing to get rid of Facebook or you have so much work that you have to keep working longer and longer hours to just keep up. Sometimes what you really need is a break!

Taking a break from work to rejuvenate ala a vacation. Even simply taking a break from Facebook or other social media can do wonders for you. Try this social media break for a few weeks and you then may want to disable your accounts. When on vacation, try turning your phone off. Enjoy the little things and re-adjust your priorities.

Perhaps you don't need a full vacation and you are just stuck on a problem. Taking a break from that problem, going for a walk, and thinking of other things will often help bring the solution.

So what does this have to do with red teaming?

Great question. When on a penetration test, you get access to a machine, you get excited and focus in on that machine. You grab data, you escalate privileges, you pivot to other systems, and you do so as quickly as possible, but usually this is done during normal working hours.

With red team, you could be working various times of the day. You also have a different flow of work. Instead of an interactive session, you likely have some sort of "beacon"-like callback. This slows things down. When on a red team, each action has to be carefully thought out to evade detection or to trigger detection. You want to make sure that what you do is what you mean to do and that it meets the objectives you have.

So in essence, you need to set your priorities for tasks. You need to set your time limits for tasks and focus on the task at hand. You need to kill time wasters and instead carefully think through and plan all your actions, and you need to take breaks from time to time to clear your head.

“Red team your life!”

So basically what I’m suggesting is how to red team your life! Hopefully this helps you manage your time a little better. These things have helped me but I am open to hearing other tips for managing time. Leave a comment with your tips/tricks!