“A blue team must have a core membership that is intellectually curious, thoughtful, and passionate about their field of work.”

Twitter: @dsmcf • Website: www.linkedin.com/in/dmcfarlane

Donald McFarlane provides management/board consulting and “vCISO” services, mostly in the enterprise sector. He is a passionate information security architect and risk management evangelist who helps run DEF CON's Skytalks and donates his time to several other industry conferences.

His experience implementing, operating, and protecting IT systems started early on, running his own BBS in prep school and dumpster-diving line printer output from the local university. His first paid InfoSec job was to secure Unix systems for the UK's version of DARPA. Since then, he has secured online trading systems, global data centers, and branch networks in more than 100 countries and advised on several billion-dollar acquisitions, mergers, and divestitures.

When he's not thinking about how things might go awry, he cooks, plays golf, and runs a small ISP. He lives with his wife, son, and dog in a log cabin that he built himself on the side of a mountain in New Hampshire.

How do you define a blue team?

The concept of a blue team/red team is that of simulating engagement with a threat to try to improve the enterprise's defenses and to learn better defensive strategies and recovery strategies. ...