“Technical security reviews, creating security tools, and managing vulnerabilities are all functions of a blue team.”

Twitter: @BrendonKelleyBK • Website:www.linkedin.com/in/brendonkelley

Brendon Kelley is a resident of Austin, Texas, where he was raised, and is currently a security engineer at a healthcare payment software company where he leads security operations and initiatives. He is a security advisor to a government consulting company focused on military and defense and a former security engineer at Bazaarvoice. He is a graduate of Baylor University in computer science and was cocaptain of the Baylor University Cybersecurity team that won the Southwest Collegiate Cyber Defense Competition (SWCCDC) in 2018 and finished fourth in the National Collegiate Cyber Defense Competition at NCCDC in 2018.

How do you define a blue team?

I'd define blue team as more than incident response. A core responsibility of a blue team is responding to incidents, but that's really a subset of its functions. Technical security reviews, creating security tools, and managing vulnerabilities are all functions of a blue team. They're always continuously working to reduce application and network security threats and mature their organization's security posture.

What are two core capabilities that a blue team should have?

Depending on your function on a blue team, some capabilities ...