@@ -78,6 +78,20 @@ For stealth or higher-visibility operations, it's beneficial to share the story
By doing this, we help foster a culture of security awareness throughout the organization and ensure that everyone can benefit from our work.
### Leadership Read-Outs
For stealth operations, we conduct a focused leadership read-out after the final report is delivered. This is a 45-60 minute session with security leadership and leaders from teams involved in the operation, consisting of a structured presentation followed by Q&A.
The goals of a leadership read-out are to:
- Give leadership direct visibility into the threat scenarios we emulate and their real-world implications
- Confirm ownership of recommendations with decision-makers in the room
- Provide the Red Team an opportunity to explain our methodology and thinking, which can be lost in written reports alone
The read-out follows a standard structure: an introduction, operation objective and outcome, attack path walkthrough, security observations, threat landscape implications, recommendations and ownership, and a closing Q&A. We use the [`stealth-09-leadership-readout`](https://gitlab.com/gitlab-com/gl-security/security-operations/redteam/redteam-public/resources/red-team-issue-templates/-/blob/main/.gitlab/issue_templates/stealth-09-leadership-readout.md) issue template to track preparation and capture outputs from the session.
Where time zones require it, a second session should be scheduled to ensure all relevant leaders can attend; it may also be recorded.
## Red Team Maturity Model
We use a custom maturity model to measure our progress and help guide our decisions. This is loosely based on the [Capabilities Maturity Model (CMM)](https://en.wikipedia.org/wiki/Capability_Maturity_Model). [Our model](https://gitlab.com/gitlab-com/gl-security/security-operations/redteam/redteam-internal/red-team-maturity-model/-/boards/5905165)(available internally only) contains five stages of maturity, each with very specific behaviors we strive to demonstrate and states we hope to achieve.
We release a [report](how-we-operate/#reporting) which summarises the entire operation and our recommendations, suitable for a broad audience.
We release a [report](how-we-operate/#reporting) which summarises the entire operation and our recommendations, suitable for a broad audience. Additionally, we may offer a [leadership readout](how-we-operate/#leadership-read-outs) for security leadership and relevant stakeholders.
