“A blue team is defined by offensive and defensive security capabilities.”

Twitter: @sirmudbl00d and @hatnull • Website: www.linkedin.com/in/o-shea-bowens-52344915 and nullhatsecurity.org

O'Shea Bowens is a 12-year cybersecurity enthusiast. He's the founder of Null Hat Security, which focuses on the areas of incident response, threat hunting, SOC operations, and cloud security. Null Hat Security also addresses workforce issues with skills and gap assessments via cybersecurity training.

His background is in incident response, security architecture, and security analytics. He's an international speaker and has presented at conferences such as DEF CON, ITWeb Security Summit, Qubit-Prague, Texas Cyber Summit, and SANS Blue Team Summit.

O'Shea is also the cofounder of the Intrusion Diversity System Podcast, founder of the SkiCon Conference, board member of ISSA – New England, board member for Cyber Security Non Profit (CSNP), advisor to SANS Blue Team Summit, and advisor to the Layer8 Conference.

How do you define a blue team?

A blue team can be defined in two distinct buckets: industry collaboration and offensive and defensive security capabilities.

• Bucket 1: A blue team is a global effort for cybersecurity defense practitioners across the industry to collaborate. If a company is breached by an attacker, anywhere in the world, that's unfortunate. If another company ...