Red teaming services


Red Teaming Services

Penetration tests and security assessments are essential to understand your organization’s exposure to cybersecurity risks. However, they do not always prepare your employees, executives and Incident Responders against real threats. Red Team Operations aim to improve your asset’s and personnel’s readiness through a realistic security incident drill that can target your organization’s cyber, physical, and human information security elements.

How do Red Team Operations work?

During red teaming engagements, Deloitte Luxembourg’s Red Team, composed of experienced cyber security specialists, designs realistic attack scenarios using gathered open source intelligence (OSINT) and threat intelligence relevant to your organization, and its IT infrastructure, personnel and premises.

Each attack scenario has a specific and tangible objective tailored to your organization (a.k.a critical functions or flags), which, under other circumstances, would cause significant damage to your organization’s assets, reputation or regulatory compliance. The objective may include the following:

  • Large unauthorized fund transfers
  • Highly confidential data theft or exfiltration
  • Access to highly sensitive physical locations
  • Disruption of industrial processes or industrial control systems

The Red Team will then proceed with the defined scenario, by mimicking the tactics, techniques and procedures (TTPs) of real-life threat actors, putting your organization’s incident response and crisis management team (i.e. the blue team) to the test. For the operation to be effective, it is essential that the blue team members are not aware that the attack originates from a planned Red Team engagement. This will ensure they react as if a real security incident was underway.

At the end of the Red Team Operations, a debriefing is performed between the Red Team and the Blue Team (a.k.a replay session) in which an analysis of the executed scenario is made on both sides and key areas of improvement are discussed. In conjunction to this replay session, a Purple Team session can be conducted to deep dive on the lessons learned. As the simulated threat agent, the Red Team can propose additional steps that, when implemented, would improve the detective and preventive measures, and can highlight the actions the Blue Team could have taken to improve detection and response times.

Deloitte Luxembourg’s Red Team Operations also include crisis management exercises (also known as “war games”) and resilience trainings to ensure that your team is ready when a real “live-fire” incident occurs.

Why choose Deloitte Luxembourg?

By choosing Deloitte Luxembourg for your Red Team engagements, you can ensure that your organization’s security architecture and incident response teams will be tested and improved by a team of highly skilled professionals. Our expertise in cyber risk, data privacy laws and regulations, as well as business advisory (Deloitte’s historical core of business) helps us tailor our engagements to your business needs.

Moreover, our teams are able to leverage a global team of cybersecurity specialists throughout Deloitte’s member firms. This helps us provide the best possible blend of security professionals and expertise that lets us anticipate new threats and risks that might target your organization on a global level.

How does red teaming operations work?


Stéphane Hurtaud

Stéphane Hurtaud

Partner | Cyber Risk Leader

Stéphane is a partner within our Risk Advisory practice. He has over 25 years of experience in the IT risk, Information Security and IT audit fields, with a strong focus on the financial services indu... More

Maxime Verac

Maxime Verac

Director | Cyber Risk

Maxime joined Deloitte in 2012, and currently serves as Director in Risk Advisory. Maxime has extensive experience in Cyber Security – especially in the Financial Services Industry and for Government ... More

Yasser Aboukir

Yasser Aboukir

Director | Cyber Risk

Yasser joined Deloitte in 2015, and currently serves as Director in Risk Advisory, specialized in Cyber Risk. Since 2011, Yasser built an extensive experience in security assessments, incident respons... More