“A blue team at its core is an organization focused on defensive information security posture, analysis, investigation, and response.”

Twitter: @teck923

Ricky Banda is a principal cybersecurity engineer at Blackbaud in Austin, Texas. With just over 10 years of experience in the field, he was recruited by the Air Force at age 16 as a government civilian to learn and support cyber operations around the world. Since then, he has worked in various organizations, from systems administration to hunting operations at an MSSP. While still young, Ricky is pressing forward to teach and open the door for those within his generation to follow similar paths to ensure growth within the information security sector.

How do you define a blue team?

A blue team at its core is an organization focused on defensive information security posture, analysis, investigation, and response. Dependent on the size of the organization, blue team may be the general term to reference a single department or multiple teams that make up defensive operations.

What are two core capabilities that a blue team should have?

Universally, the blue team should be able to perform the two following actions within an organization:

• Consultation: Educate, communicate, and assist stakeholders on the complexities of navigating the threat landscape, serve the organization as an area of expertise on risk mitigation, ...