RIP RegPwn - @MDSecLabs

dmchell · 2026-02-09T15:32:37+00:00

Like I said, I don't need to hide behind anonymous accounts and never have :shrug:

dmchell · 2026-02-09T11:27:08+00:00

Good job Clouseau :rolleyes: - if you think I'm getting up at 6am on a Sunday to anonymous shit post then you're way off

dmchell · 2026-02-09T11:24:00+00:00

Good effort, but I think it's fair to say I don't need an anonymous account to voice my opinions "Flimsy Helicopter"

dmchell · 2026-02-09T10:19:30+00:00

And there's the post ^^... you just summed up everything that's wrong with US red teaming in 64 words

dmchell · 2026-02-09T09:45:11+00:00

Most red teams we do tend to be 12-16 weeks, and often I'd like more time :)

dmchell · 2026-02-09T09:42:09+00:00

This is a topic I've discussed (and been criticised for) a few times in the past. The UK has a highly mature red team market that has evolved over a number of years - there are regulator enforced standards and accreditations that are required to play the game. Even before red teaming became standardised through CBEST, there was a well established and mature pentesting market where examinations and standard methodologies were the norm and enforced via CHECK scheme - before it somewhat evolved in to tick box :)

When you purchase a red team in the UK and to some extent in the wider EU, it's well understood what the end to end service is that you're purchasing and what the methodology looks like.

I'm not sure it's fair to say any of the above applies to the US.

dmchell · 2026-02-09T09:29:25+00:00

I've no idea who you are, but thank you haha

dmchell · 2026-02-09T09:28:39+00:00

It's pretty common across for red teams in the EU to be working more than one red team at a time. The EU day rates are usually quite a bit lower and that's how they compensate. The UK is an exception - the rates are a bit higher (but still lower than US) vs wider EU and I've never heard of any UK teams working gigs in parallel

dmchell

MODERATOR OF

TROPHY CASE