“Blue teams are traditionally the teams actively and directly engaged in assessing the operating environment to ensure security and thwart attacks by opposing forces.”

Twitter: @magg_py

Maggie Morganti is a technical staff member for the Power and Energy Systems team at Oak Ridge National Laboratory focusing on electric grid cybersecurity and resilience research. Prior to joining Oak Ridge National Laboratory, Maggie was a graduate intern at FireEye and worked as a threat intelligence analyst on their iSight cyber-physical team. She holds an MS in intelligence studies with a focus on cybersecurity from Mercyhurst University. As a graduate student, she worked as an intelligence analyst for the university's Center for Information Research Analysis and Training (CIRAT) program and served as an active member of the university's cyber-threat research analysis, data science, and nuclear nonproliferation clubs. She is an IEEE member and active in local chapter events.

How do you define a blue team?

The lines of blue team roles have definitely become more encompassing and blurred with the addition of so many folks doing tangential system security tasks.

I find the easiest way to think about “What defines a blue team?” is by going back to the military origins of red team/blue team. Blue teams are traditionally the teams actively and directly engaged in assessing the ...