“The primary capabilities of a blue team should be keeping systems secure but also educating other areas of the business.”

Twitter: @ctrlshifti • Website: codemopolitan.com

Kat Maddox is a security architect who frequently calls herself a “one-girl security team.” She focuses on helping small companies get a head start on their security posture and works in fields including vulnerability management, application security, compliance, and risk analysis. Having previously worked as a pentester before moving to a blue team, Kat is an advocate for closing the gaps between offensive and defensive security and building a culture of knowledge sharing and collaboration. When not putting out fires, Kat writes tech jokes on Twitter.

What are two core capabilities that a blue team should have?

This answer is a little unorthodox, but here goes: The primary capabilities of a blue team should be keeping systems secure but also educating other areas of the business. Blue teams are usually much smaller than we need to be, so it's crucial to get help from other departments. This includes things such as teaching employees what phishing scams look like, empowering people to champion security in their own department, and maintaining good DevSec relationships. The developers have saved me more times than I can count.

One of the coolest things I did in my current role was hold a lock-picking ...