“The ultimate objective of a blue team is to detect, contain, and eradicate threats.”
Stuart Peck is the director of cybersecurity strategy for ZeroDayLab and runs the situational threat awareness program for executives and general employees and has personally delivered threat briefings to many FTSE 100 and FTSE 250 board-level executives and directors throughout the United Kingdom and Europe. He is also the incident manager and has responded to many major international breaches including global ransomware attacks and data breaches.
Stuart has more than 13 years' experience in the information security industry, including delivering threat intelligence, social engineering, application threat modeling, GRC, and incident response projects. Stuart also founded The Many Hats Club, an online community and podcast. He is a well-known public speaker at conferences and events in the United Kingdom and Europe.
How do you define a blue team?
Everyone who performs some action to detect, react, and respond to an attacker is part of the blue team, not just the SOC (although arguably this is the standard definition). For example, a well-formed computer security incident response team (CSIRT) should be comprised of SOC analysts, incident manager/responders, specialists from infrastructure security, AppSec, service ...