“Whether you are a SOC analyst, security architect/engineer, compliance manager, or CISO, you're on the inside defending.”

Twitter: @coffeewithayman • Website: www.linkedin.com/in/infosecleader, cloudsecuritylabs.io/about, and gettingintoinfosec.com

Ayman Elsawah is a vCISO who helps high-growth companies get their security in order, with a technical focus on AWS security. He loves educating, whether it's helping CTOs start with their security program or helping engineers understand the complexities of AWS security. His passion for giving back led him to teaching at bootcamps and local colleges. He is the author of Breaking IN: A Practical Guide to Starting a Career in Information Security and host of the Getting Into Infosec Podcast, a Fresh Air–style podcast walking through the career transitions of those new and old in the industry.

How do you define a blue team?

Blue team to me means any team internally focused on detecting, preventing, and stopping security incidents. Keep in mind security incidents (attacks, misconfigurations, data mishandling, etc.) can be malicious or accidental, internal or external. Whether you are a SOC analyst, security architect/engineer, compliance manager, or CISO, you're on the inside defending. If you are none of those, guess what—security is still your responsibility!

Blue teamers are inherently builders, whereas red teamers ...