Open elisaachen opened 4 months ago
bpdesigns
commented
3 weeks ago @elisaachen is red teaming something teams do at 18F?
I do agree with that this is a useful method but my sense if that the Methods should be things we are actively doing on projects.
elisaachen
commented
3 weeks ago @bpdesigns yes, this is more aspirational and queued up once we practice this. Our dev/engineering colleagues do this more given its a concept stemming from cybersecurity testing.
@elisaachen is red teaming something teams do at 18F?
I do agree with that this is a useful method but my sense if that the Methods should be things we are actively doing on projects.
A description of the work
User story
As a tech practitioner, I'd like to see a new method card added on red teaming so that I have new tools/practices that help safeguard new products/services that I build.
Additional information about the request
Red teaming is a method largely used in cybersecurity but can be applied in other contexts. The purpose of this methodology is to have a team identify vulnerabilities and risks in whatever your designing (e.g. product, service, feature) as a risk reduction activity. A "red team" would take on differing bad actor personas to see how they might exploit or misuse the product/service/feature under various scenarios. This methodology was covered in an 18F implicit bias training by David Dylan in 2020.
Background No response
Open questions No response
Point of contact @elisaachen (original author)
Billable? No
If yes, Tock code: No response
Point of contact on this issue
Elisa Chen
Reproduction steps (if necessary)
No response
Skills Needed
Does this need to happen in the next 2 weeks?
How much time do you anticipate this work taking?
2-3 days
Acceptance Criteria