“The blue team uses all the information they can gather and combines it to inform and create strategies and tactics to assess and address threats.”

Twitter: @mitchparkerciso • Website: www.linkedin.com/in/mitchparkerciso

Mitch Parker is the CISO at IU Health, the largest health system in Indiana. He started his information security career as a contractor information assurance analyst for a defense agency. Through the years, he has picked up significant experience in defense through running the information security organizations as both a consultant and CISO. Mitch has written for Ars Technica, Healthcare IT News, CSO Online, Healthcare IT Today, and numerous other publications. He has also spoken and guest lectured at conferences and universities.

How do you define a blue team?

I define the blue team as the part of the organization responsible for defending against cyber-based threats to the enterprise. They take the information from those parts of the organization that are building secure systems and platforms and combine that with their own knowledge and sources of intelligence. The blue team uses all the information they can gather and combines it to inform and create strategies and tactics to assess and address threats.

What are two core capabilities that a blue team should have?

The two capabilities that a blue team needs are to be able to have are a strong ...