“To me, the idea of a blue team is a team that is protecting the company by building protections and putting them into practice.”

Twitter: @__muscles • Website: www.linkedin.com/in/william-bengtson

Will Bengtson is the director of threat detection and response at HashiCorp, focused on security operations and scaling security for the enterprise. Prior to HashiCorp, Bengtson worked at CapitalOne, Netflix, and Nuna, and spent many years consulting and working for the Department of Defense. Bengtson has experience in many areas of security and finds passion in infrastructure security, cloud security, and the detection space. Bengtson contributes to numerous open source projects and has spoken on topics of security across the world.

How do you define a blue team?

My definition of a blue team is any team that is not a red team or, in other words, any team whose job is not to continuously attack and try to find weaknesses in a company. This goes beyond the traditional threat detection or incident response team.

To me, the idea of a blue team is a team that is protecting the company by building protections and putting them into practice. If you stay within the confines of security, this is the team building detections, the team making sure infrastructure is secure by default, the team helping application owners secure their applications, the team helping secure corporate ...