Ahead of the Breach

Gary Lobermier on Scaling Red Team Automation with AI to Run Hundreds of Real Attacks Daily

31 min · 1 de may de 2026
Portada del episodio Gary Lobermier on Scaling Red Team Automation with AI to Run Hundreds of Real Attacks Daily

Descripción

Most security teams test their detections once a year. Gary Lobermier, Lead Adversarial Security Engineer at Northwestern Mutual, built something different: a custom automation platform that executes hundreds of MITRE ATT&CK techniques daily across Windows, macOS, Linux, and AWS, giving his team real-time signal on whether their defenses actually hold. In this episode, Gary breaks down why off-the-shelf purple team tools fall short at enterprise scale, the procedure-level gap nobody talks about in the MITRE ATT&CK framework, and what EDR vendors don't advertise about their own coverage limits. He also shares how his non-traditional path (from network admin to red teamer) shaped the way he thinks about adversary emulation and detection engineering. If you're building or scaling an offensive security program and want to know what continuous validation actually looks like in practice, this one's worth your time.

Comentarios

0

Sé la primera persona en comentar

¡Regístrate ahora y únete a la comunidad de Ahead of the Breach!

Prueba gratis

Empieza 7 días de prueba

$99 / mes después de la prueba. · Cancela cuando quieras.

  • Podcasts solo en Podimo
  • 20 horas de audiolibros al mes
  • Podcast gratuitos

Todos los episodios

51 episodios

episode Gary Lobermier on Scaling Red Team Automation with AI to Run Hundreds of Real Attacks Daily artwork

Gary Lobermier on Scaling Red Team Automation with AI to Run Hundreds of Real Attacks Daily

Most security teams test their detections once a year. Gary Lobermier, Lead Adversarial Security Engineer at Northwestern Mutual, built something different: a custom automation platform that executes hundreds of MITRE ATT&CK techniques daily across Windows, macOS, Linux, and AWS, giving his team real-time signal on whether their defenses actually hold. In this episode, Gary breaks down why off-the-shelf purple team tools fall short at enterprise scale, the procedure-level gap nobody talks about in the MITRE ATT&CK framework, and what EDR vendors don't advertise about their own coverage limits. He also shares how his non-traditional path (from network admin to red teamer) shaped the way he thinks about adversary emulation and detection engineering. If you're building or scaling an offensive security program and want to know what continuous validation actually looks like in practice, this one's worth your time.

1 de may de 202631 min