Skip to content

Skills and experience

Due to the critical role of the White Team during a TIBER-EU test, its members should be selected based on specific skills and experience. This chapter outlines the skills and experience required for the specific functions of the White Team.

White Team Lead

One of the entity’s members must be the White Team Lead. This person has overall responsibility for the test and is the primary point of contact for the TCT.

Skills

As the manager of the White Team and the TIBER-EU test, the following skills are essential for the White Team Lead:

  • people and process management skills;
  • ability to communicate with different levels of staff, from C-level to operational teams;
  • ability to work under pressure;
  • strong communication skills;
  • ability to be pragmatic and decisive;
  • strong project management skills.

Experience

In addition to the skills above, there are many areas in which the White Team Lead needs experience and knowledge. If the White Team Lead does not have some of these attributes, these would have to be supplemented by other members in the White Team.

The White Team Lead should as far as possible have the following experience:

  • insi ght into and deep understanding of the entity and its infrastructure (including its IT landscape and business operations);
  • experience working with other relevant departments of the entity (e.g. legal, procurement, communications, IT, business, security, fraud, etc.);
  • experience in leading cyber resilience testing, specifically red team testing;
  • experience with crisis management;
  • experience with procurement processes, including knowledge of the relevant vendor market;
  • general knowledge of privacy and security, and specifically their legal aspects, including the ability to identify when to involve the legal department.

External White Team Lead

If the entity outsources the role of the White Team Lead to an external person, it should ensure that the external White Team Lead possesses all the requisite skills and experience cited above. If the external White Team Lead does not possess all the necessary skills and experience, these must be supplemented by the other members in the White Team.

Given the intrusive and confidential nature of the test, the entity should take all the normal precautions like vetting and having the external White Team Lead sign an NDA, and should ensure that no sensiti ve data are kept by this person or the company from which the White Team Lead is hired. If the external White Team Lead is from a specialist external provider, the entity should carry out the required due diligence on this person and /or the company the White Team Lead is hired from, ensuring that the y have the right skills, expertise, qualifications, experience and security measures in place to manage a TIBER-EU test.

Any such arrangements should be formalised through contracts. Further guidance on the principles for such procurement can be found in the TIBER-EU Services Procurement Guidelines. This is important, as the role of the White Team Lead is critical for such a sensitive test, and therefore the specialist external provider should be able to demonstrate its expertise in providing staff that can deliver such services.

To avoid any conflict of interest, the external White Team Lead cannot also work at the same time for the TI or RT provider procured for the TIBER-EU.

Skills and experience of the White Team members

The other White Team members, or more specifically the subject matter experts, should also have certain skills and experience to make sure they are able to fulfil the tasks of the White Team. The COO and CISO are functions predefined by the entity itself; as such no specific skills and experience have to be set for those functions.

The specific skills and experience that should be met collectively, as far as possible, by the subject matter experts in the White Team are as follows:

  • extensive and specific knowledge of business processes within an entity;
  • extensive knowledge of the IT landscape of the entity;
  • sufficient risk management knowledge;
  • sufficient experience in project management;
  • experience in cyber resilience testing, including red team testing;
  • suffi ci ent up-to-date knowledge of tactics, techni ques and procedures used by cyber threat actors.

Not every subject matter expert needs to possess all of the above-mentioned skills and experience, but all skills and experience should be met by them as a whole.