Executive brief on how PCI DSS 4.0 affects offensive security practices, penetration testing, and segmentation testing. Watch Now

CybHER Conversation - From Black Badge to Red Team: Alethe Denis on Social Engineering and Offensive Security

Date:
June 13, 2025
Location:
CybHER Youtube Channel
Illustration of a superhero character with binary code flowing from her cape, representing CybHER Conversations. Includes the CybHER logo, the word 'Conversations' in bold script, and the Dakota State University logo at the bottom.

Session Summary

In this CybHER Conversation from June 2025, Alethe Denis, a Senior Security Consultant on the Red Team at Bishop Fox, shares her journey and expertise in cybersecurity. As a social engineering expert and DEF CON Black Badge Hall of Fame inductee (2019), Alethe provides valuable insights into the world of offensive security, particularly focusing on red team operations and social engineering.

The conversation covers Alethe's non-traditional path into cybersecurity, her current role simulating attacks to test organizational defenses, and the critical relationship between red teams (attackers) and blue teams (defenders) in maintaining robust security postures. Throughout the discussion, she emphasizes the importance of ethical considerations, human psychology, and professional communication skills in cybersecurity work.

Key Takeaways

  1. Understanding Cybersecurity Fundamentals
    1. Industry Structure: Cybersecurity fundamentally involves two complementary teams: defenders (blue team) who protect data and systems, and attackers (red team) who validate that security controls work properly.
    2. Mission Critical: The primary goal is protecting people and their data within organizations as information is shared across networks and with external parties.
    3. Collaborative Process: Red teams and blue teams work together, with red teams helping to identify vulnerabilities and blue teams implementing fixes to strengthen security posture.
  2. Red Team Operations & Methodology
    1. Simulated Attacks: Red teams conduct authorized attacks against organizations to test security defenses and identify vulnerabilities before real attackers can exploit them.
    2. Trophy Objectives: Red team engagements often involve a specific goal or "trophy" that the team must reach by finding the most efficient path through security controls.
    3. Comprehensive Reporting: After testing, red teams provide detailed reports documenting vulnerabilities, attack paths, and specific recommendations for improving security.
    4. Anonymous Reporting: Alethe emphasizes the importance of anonymizing findings to focus on systemic issues rather than individual mistakes.
  3. Social Engineering Expertise
    1. Human Vulnerability: Social engineering exploits human psychology rather than technical vulnerabilities, making it particularly effective and difficult to defend against.
    2. Ethical Boundaries: Alethe maintains strict ethical boundaries in her work, avoiding fear-based or highly manipulative tactics even when they might be effective.
    3. Bias Exploitation: Unconscious biases often create security vulnerabilities that can be exploited, such as assumptions about what a "typical hacker" looks like.
    4. Advanced Techniques: Modern social engineering now incorporates technologies like deep fakes, which Alethe uses in her work to simulate increasingly sophisticated attacks.
  4. Career Path in Cybersecurity
    1. Non-Traditional Route: Alethe's path into cybersecurity was unconventional, coming from various industries and leveraging transferable skills from different professional experiences.
    2. Entry Points: Multiple pathways exist into the field, including military service, traditional education, certifications, and internships/apprenticeships.
    3. Continuous Learning: The field requires ongoing education as threats and technologies constantly evolve—standing still means falling behind.
    4. Networking Importance: Building and maintaining professional relationships is crucial for career growth and finding opportunities in the industry.
  5. Professional Development & Skills
    1. Technical Foundation: Problem-solving skills, critical thinking, and technology aptitude form the foundation of cybersecurity work.
    2. Communication Excellence: Strong written and verbal communication skills are essential for conveying technical findings to non-technical stakeholders.
    3. Presentation Skills: Public speaking abilities help practitioners share knowledge and build credibility in the industry.
    4. Adaptive Mindset: Being open to emerging roles is vital as the cybersecurity landscape continues to evolve rapidly.
  6. Advanced Security Testing
    1. Tabletop Exercises: Alethe created a tabletop exercise service at Bishop Fox that helps organizations practice incident response without experiencing actual breaches.
    2. Physical Penetration Testing: Beyond digital security, Alethe conducts physical penetration tests to identify vulnerabilities in physical security controls.
    3. Proactive Planning: The goal is to prepare organizations before incidents occur—"you don't want to be reading the fire extinguisher instructions while the building's on fire."
    4. Cross-Team Coordination: Effective security requires coordination between technical and non-technical teams during incident response.

Who Should Watch

  • Security professionals seeking to improve social engineering defenses will benefit from Alethe's expertise on human psychology and vulnerability testing
  • Organizations considering red team assessments will better understand the process, benefits, and ethical considerations involved
  • Blue team defenders looking to understand how attackers think and operate to strengthen defensive controls
  • Women interested in cybersecurity who want to see representation and practical advice from a recognized female leader in the field
  • Public speakers in technical fields will appreciate Alethe's candid discussion about overcoming speaking anxiety and developing presentation skills
  • Students exploring cybersecurity careers will gain valuable insights into non-traditional entry paths and the diverse skills needed in the field


Microsoft Teams image 13

About the speaker, Alethe Denis

Senior Security Consultant

Alethe Denis is a Senior Security Consultant at Bishop Fox. She is best known for social engineering, open-source intelligence (OSINT), and performing security assessments and trainings for both the private and public sectors with emphasis on critical infrastructure organizations. Alethe was awarded a DEF CON Black Badge at DEF CON 27 for Winning the 10th annual Social Engineering Capture the Flag (SECTF) contest. Using both OSINT and Social Engineering skills, she compromised her target Fortune 500 company using just a telephone. She, along with her teammates, received a bronze, silver, most valuable OSINT, and black badge award from a series of TraceLabs capture-the-flag contests, including first place in

She’s a frequent conference speaker and podcast guest, including speaking at DerbyCon, BsidesSF and ConINT, as well as an appearance on the TraceLabs, Layer 8 Conference, and Darknet Diaries podcasts.

Alethe is always focused on giving back to the information and cybersecurity community, including her work conducting free Security Awareness Trainings and hosting workshops for people who want to get into the cybersecurity industry.

More by Alethe

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.