Meet The Blue Team

The Unsung Heroes of Infosec

An Article Review

While cybersecurity continues to be one area of tech that seems to be a perpetual growth industry, some people in the industry have noted that a great deal of attention is paid towards red teaming—much to the detriment of the humble blue team.

For the uninitiated, “Blue Team” and “Red Team” are incident response testing terms referring to the defenders and the attackers in a cybersecurity war game.  The Blue Team is typically the organization’s security team, while the Red Team is a third party brought in to test the organization’s defenses. 

As you can imagine, being a part of the attacking team—being given permission to play as the “bad guys” and try to breach an organization’s defenses—is an easy thing to sell to people interested in cybersecurity, and so a great deal of the industry’s attention seems to focus on this aspect of testing.  And while it is true that a good red team exercise can be an important learning experience, it is the Blue Team that will be working for your organization day in and day out.

Adding to the trouble is while there are many resources available for free online that can teach someone penetration testing techniques, there are far fewer for those on the other side of the testing who are trying to determine whether there is evidence of a threat on their network, which is an imbalance many in cybersecurity are trying to address.

After the testing, when the Red Team is on their way to probing another group’s network, it will be your Blue Team that will be going over the results of the test and working to protect your assets now and in the future.  So, while the Red Team may get the lion’s share of the attention today—and certainly does have an important role–who you have on your Blue Team can matter far more in the long run.

infotex offers a Blue Team Testing exercise! You can reach out to us about it by going to offerings.infotex.com!

Original article by David Spark writing for CISO Series

This Article Review was written by Vigilize.


Matt Jolley is the current Vigilize, he is also the recipient of the 2023 & 2024 Cyb3rP0e+ designation!

To see more content like this in your inbox, sign up for our newsletter here!

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

The Magnificent Seven 2023

Seven Trends . . . …that small bank Information Security Officers face in 2023 Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Welcome t...

“Keep Systems Updated” – Awareness Poster (Re-Release)

Another awareness poster for YOUR customers (and users). Now that we have our own employees aware, maybe it’s time to start posting content for our customers!Check out posters.infotex.com for th...