“In addition to threat hunting and incident response, the blue team is the team that looks for unsecure configurations, finds security flaws, and monitors for unauthorized behavior in the internal infrastructure, be it internal or external.”

Twitter: @Carlos_Perez

Carlos Perez has been active in the security community since 1999 working for the government of Puerto Rico to secure networks and perform internal pentests. He later joined Compaq/HP where he worked as a senior solution architect for the security and networking consulting practices covering 33 countries in Central America, South America, and the Caribbean. He helped customers to design and implement security solutions to meet their business needs in a secure way.

Carlos also worked as the director of reverse engineering at Tenable, Inc., where he was in charge of all remote code execution checks and finding zero-day vulnerabilities on products tested. He is currently the practice lead for research at TrustedSec, where he researches and develops both offensive and incident response tools for the consulting teams. He is best known for his contributions to open source security tools such as Metasploit, DNSRecon, and others. He has presented and provided training at conferences like Derbycon, DEF CON, Troopers, PSConfEU, HackCon, and BSidesPR.

How do you define a blue team?

In addition to threat hunting ...