“If you aren't assessing an organization's defensive capabilities from an operational perspective, you are not likely on a blue team.”

Twitter: @bullz3ye

Mark Clayton is a former red teamer turned detection engineer. Additionally, he does security engineering and application development. Professionally he is all security, and at night it is all web and mobile application development. Having an earlier focus on DevSecOps to blend both his security and development experience, he recently focused on applying his previous experience to detection and response. At a young age, he was under the mentorship of a Cult of the Dead Cow (cDc) member, who showed him the ropes and taught him the security ecosystem, and he's stayed true to those lessons.

How do you define a blue team?

The blue team shares the responsibility alongside a red team of assessing an organization's operational security posture and identifying network, application, and outer-space vulnerabilities (outer space is a joke by the way…or is it?). At the highest level, the red team attacks, while the blue team defends.

Recognize that as a blue teamer your job is to not only defend but to continuously find ways of improving your defensive (detection) and reactionary (response) capabilities, tactics, and methodologies. It is a practice and continual process of improvement between both teams to make the organization ...