“The blue team is responsible for the detection, assessment, investigation, correlation, and recommendations to the system owner to remediate an incident.”

Twitter: @SATCOM_Jim

James Medlock is a 25-year Army veteran with multiple job skills, a cyber operations specialist, a satellite network engineer, and an SME. He also has worked on designing and supporting communications systems for the military as a senior satellite engineer and staff engineer for General Dynamics, has written his name on a Milstar communications satellite before it was launched into space, has a bachelor's degree and a master's degree in management of information systems, has eight years working with IT and OT in the oil and gas industry, has a bunch of certificates in a box in his closet, serves as a high school cyber patriot mentor, was the technical editor for three books, has written multiple technical manuals for Army communication equipment, is a board member for a couple of conferences, is a DEF CON walker of 15,000 steps a day, was an illuminati party-goer, and is a friend to many, father of five, and spouse to one.

How do you define a blue team?

The blue team is responsible for the detection, assessment, investigation, correlation, and recommendations to the system owner to remediate an incident. They should also be involved in post-remediation validation. This does not mean ...