“Those who are working to build, maintain, and grow not only security but computer systems within an organization are blue teams.”

Twitter: @tothehilt

Stephen Hilt is a senior threat researcher at Trend Micro. Stephen focuses on general security research, threat actors, malware behind attacks, and industrial control system security. Stephen enjoys breaking things and putting them back together with a few extra parts to spare. Stephen is a world-renowned researcher, having spoken at Blackhat US, RSA, HITB, and many more. His research has gained him Dark Reading top hacks of the year twice. Stephen is an Nmap contributor, and he has written some Nmap scripts for ICS and other mainstream protocols. This work took him into becoming an expert on ICS protocols and coauthoring the book Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions.

How do you define a blue team?

A blue team is the team that counters the red team, which is the “attacker.” The blue team is the “defense.” Those who are working to build, maintain, and grow not only security but computer systems within an organization are blue teams.

One of the best examples I have of this idea is the DHS training that they put on at Idaho National Labs for Control Systems. At INL, the blue team is trying to prevent attacks by patching systems, working on figuring out critical information ...