Better Privacy Through Offense: How To Build a Privacy Red Team

Presented at Black Hat USA 2022, Aug. 10, 2022, 11:20 a.m. (40 minutes).

Red teams are an important component of a holistic cyber security program because they test how well the program stands up to threats from real adversaries. In 2021, Meta created a privacy red team to help improve our privacy posture and preserve the privacy of our ~3 billion users and their data. Based on that experience, we present the case for why a privacy-focused red team is an important part of a holistic privacy program.

In this talk, you'll learn what a privacy red team is, how it's different from a security red team, the challenges we faced, and examples of real operations we performed. You'll walk away with a better understanding of how privacy red teaming can benefit your organization, and the role that offense can play in your privacy defense.


Presenters:

  • Scott Tenaglia - Engineering Manager, Privacy Red Team, Meta
    Mr. Scott Tenaglia is an Engineering Manager at Meta supporting the Privacy Red Team. Previously, Mr. Tenaglia was a Research Director and Principal Research Engineer at Two Six Labs, and a Lead Cyber Security Engineer at MITRE. In these roles, Mr. Tenaglia led teams that create new and novel offensive and defensive cyber capabilities, perform offensive cyber operations, develop cyber intelligence, and provide technical capabilities to include binary and program analysis, reverse engineering, vulnerability research, incident response and malware analysis. Mr. Tenaglia earned bachelors degrees in Computer Science and Mathematics from Purdue University, and a masters degree in Computer Science with a concentration in Machine Learning from Johns Hopkins University.

Links:

Similar Presentations: