TECH Talk: Regulatory Red Teaming

May 15, 2018 @ 11:00 EST/16:00 GMT | Duration: 30 minutes

In the face of increasing data protection regulations and cybersecurity threats, Red Team Assessmentssimulated cyber-attacks intended to assess a company’s ability to detect and respond in real-world scenarios – have become a key approach for organizations to ensure their cybersecurity controls and processes are fit for purpose.graphic5-small

In the United Kingdom, The Bank of England has been stress testing the cyber defenses of the country’s biggest financial institutions since 2015 with the introduction of the CBEST intelligence-led cyber resilience testing framework. Since then we have seen global financial and non-financial regulators worldwide (especially across Europe and Asia) adopt similar testing frameworks – quickly making the Regulatory Red Teaming approach the gold standard for multiple regulated industries.

As global regulatory pressures continue to intensify, Regulatory Red Teaming as a cybersecurity best practice is extending beyond financial services with adjacent industries, such as telecommunications and government also beginning to adopt this approach. Regulations such as the General Data Protection Regulation (GDPR) will only further drive this type of testing across all industry sectors, as organizations, more so than ever, are forced to ask themselves how susceptible they are to being breached.

In this session you will learn:

  • Why Red Team testing?
  • Common features of the regulatory Red Team schemes already in place (CBEST, TIBER, iCAST, GBEST)
  • Understanding nuances and differences between the schemes
  • Overview of schemes in development or pilot (ECB/TIBER-XX, TBEST, NBEST)
  • Top tips on preparing for your regulatory Red Team test

Who should attend:

  • Information security professionals

  • Risk management professionals


Justin Clarke-Salt
Co-Founder, Gotham Digital Science & Managing Director, Stroz Friedberg, an Aon company

Justin has over 19 years of risk management, security consulting and security testing experience in the United Kingdom, the United States, and New Zealand. He is the author of several books, a frequent speaker at a number of security conferences and events, and heavily involved in industry groups, including OWASP, for which he was the London chapter leader for seven years before stepping down in early 2016.

Gavin Jones
Director, Gotham Digital Science

Gavin Jones is a Director at Gotham Digital Science, a Stroz Friedberg company, with over 10 years of experience as a full time penetration tester for multiple enterprise clients within the public and private sectors. He has held CHECK Team Leader status for 6 years and is a CREST Certified Infrastructure Tester and CREST Certified Simulated Attack Specialist. Gavin is responsible for the Red Team service line within GDS (including regulatory red teaming) and can usually be found managing large scale projects for several key clients and mentoring new consultants.