“In my opinion, the term blue team shouldn't be so squishy that it is unclear who is included in that group.”

Twitter: @nathanmcnulty

Nathan McNulty is the security architect for a large school district with more than 40,000 students. With a BS in computer science, his career started on an IT help desk and then transitioned to desktop engineering for a civil engineering firm. He later took a role as the client architect for the school district where he has managed everything Microsoft. For the past four years, he has been doing security-focused work utilizing Graylog, Nessus, Panorama, Microsoft 365 E5 Security, and Kali for internal pentesting. Nathan also serves on the board of OpsecEdu.com, a community for empowering and building up InfoSec people in education.

How do you define a blue team?

I personally define blue team as those responsible for actively and directly protecting the organization, whether through implementing security controls to prevent incidents or by responding to incidents. I prefer more defined roles, so while a network admin may perform blue team activities such as making security changes to the firewall, I wouldn't consider them blue team as that is not their primary responsibility. In my opinion, the term blue team shouldn't be so squishy that it is unclear who is included in that group.

What are two core capabilities that a blue ...