“What I have come to understand over the past few years is that the blue team is more or less the defenders of the network operations of an organization.”

Twitter: @MrJeffMan • Website: www.linkedin.com/in/jeffreyeman

Jeffrey Man is a respected information security advocate, advisor, evangelist, international speaker, keynoter, host of Security & Compliance Weekly, and co-host on Paul's Security Weekly. He has nearly 40 years of experience working in all aspects of computer, network, and information security, including cryptography, risk management, vulnerability analysis, compliance assessment, forensic analysis, and penetration testing. He is a Certified Cryptanalyst by the National Security Agency and was part of the first penetration testing “red team” at the NSA. For the past 25 years he has been a pentester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation's best-known companies.

How do you define a blue team?

This first question is a great starting point but also implies that at least part of the definition of blue team involves incident response. To be completely honest, it is not really a term that comes up in consulting/advisory duties, primarily in the area of credit/debit card security (you know, PCI). I've heard the term numerous times at hacker/security conferences, but it is not ...