“A blue teamer is someone who is committed to the defense of systems.”

Twitter: @SriLankanMonkey

Sahan has nearly a decade of experience architecting, testing, and defending systems and networks of all sizes. Sahan utilizes his background in business information to ensure that IT and InfoSec programs are available, scalable, and secure while aligning with business objectives and needs. Sahan has assisted and led the creation of programs at organizations of all sizes. Sahan oversees all of Intrinium's managed and engineering services, which include the 24/7 SOC/NOC. Sahan is a graduate of Gonzaga University, obtaining a BBA and MA. Outside of the office, he enjoys rowing, music, food, and spending time with his dog.

How do you define a blue team?

To me, a true blue team is anyone involved in information security defenses, whether directly or indirectly. The SOC is obviously critical, but the system administrators and service desk people who are involved in building secure systems contribute significantly as well. A blue teamer is someone who is committed to the defense of systems.

What are two core capabilities that a blue team should have?

Two core capabilities that a blue team should have are the ability to detect and respond to a security event (identify, detect, triage, respond, review) and the ability to provide input on how to secure business objectives ...