“Within an organization, the blue team is often a team of people with various disciplines ranging from security operations to incident response and forensics.”

Twitter: @AlyssaM_InfoSec • Website: www.linkedin.com/in/alyssam-infosec and www.alyssasec.com

Alyssa Miller has been a hacker and programmer since her pre-teens when she bought her first computer. While IT was not her original career plan, she ended up working as a developer and later a penetration tester in the financial services industry. As she moved into consulting, her focus on defending corporate systems grew to the point where she was advising Fortune 100 companies on how to build comprehensive security programs. She's a security advocate, public speaker, and author with a passion for sharing her ideas and knowledge to help improve the ways we defend our digital world.

How do you define a blue team?

To me, blue team refers to anyone who is responsible for designing, deploying, maintaining, supporting, or operating security controls and defenses. Within an organization, the blue team is often a team of people with various disciplines ranging from security operations to incident response and forensics.

What are two core capabilities that a blue team should have?

Every blue team starts with the security operations capability. These are the frontline people who are responsible for monitoring and ...