“The blue team first proactively defends our systems, responds to threats and incidents, and looks for areas of improvements within our security posture to close gaps.”

Twitter: @tjackson78 • Website:www.terence-jackson.com and www.linkedin.com/in/terencejackson

Terence Jackson is currently the chief information security officer at Thycotic Software. His responsibilities include protecting the organization's information assets and managing the risk and information technology programs. Terence is an industry-acknowledged expert and public speaker and is regularly invited to speak and share his insights by some of the largest and most respected organizations in the world, including Forbes, Dark Reading, BrightTalk, Cloud Security Alliance, SC Magazine, InfoSec Magazine, Tech News World, The Guardian Hedge Fund Monthly, and Spectrum News. When not working, he enjoys spending time with his wife and two children.

How do you define a blue team?

I define the blue team as my internal SWAT team. The blue team first proactively defends our systems, responds to threats and incidents, and looks for areas of improvements within our security posture to close gaps.

What are two core capabilities that a blue team should have?

I would say detection and response are two core capabilities that every blue team should have. They are fundamental tenants. Without them the blue ...