Daniel Miessler is an experienced security practitioner and virtual CISO with more than 20 years in information security. His areas of interest and focus are web application security, IoT security, OSINT/recon, and security program design.
How do you define a blue team?
I define a blue team as the group that defends an organization from both real attackers and red teams by employing adversarial empathy. Adversarial empathy is the ability to not just use similar TTPs to the enemy but to successfully think like they do.
What are two core capabilities that a blue team should have?
Deep visibility into the environments being attacked through widely deployed, detailed, and centralized logging/alerting, and a deep understanding of normal that can help the blue team when something is amiss.
What are some of the key strengths of an incident response program?
Adoption of an attacker mindset as a culture
The use of metrics to objectively understand current-state and future-team performance goals
The capture of every step of the response process so that continuous improvements can be made
Formalized improvement based on lessons learned from ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month, and much more.
