“We are all blue team.”

Twitter: @DAkacki • Website: www.randoh.net

Who is Danny Akacki? He's just a storyteller perpetually looking for a stage. He loves nothing more than being able to attend conferences, give talks, write blogs, and find new ways to reach as many people as he can to educate them about security. For Danny, there is no greater satisfaction than community building.

He has been fortunate enough to spend his career in defense, learning from some of the best in the business, including teams at Mandiant, GE Capital, and most recently as a senior TAM with Gigamon. Danny loves what he does and the people he gets to do it with.

How do you define a blue team?

I define the blue team as every person in an organization. Everyone with a company login is inherently tasked with keeping the miscreants out. We are all blue team.

What are two core capabilities that a blue team should have?

A blue team should have an awareness of what data they have at their disposal and a way to look at it. Blinky boxes are nice, and vendor lunches are awesome, but if you don't know what data you have to begin with, or, more importantly, what data you're missing, you're dead in the water.

What are some of the key strengths of an incident response program?

• Project management: Making the trains run on time, or at least knowing where the fire extinguishers are when the engine is ...