“An individual who foremost thinks about the implications of an action, event, or decision, and the impact that has on a user or an organization, is utilizing the practices of a blue team.”

Twitter: @MSAdministrator • Website: letsautomate.it, www.linkedin.com/in/josh-rickard, and www.github.com/msadministrator

Josh Rickard has a diverse background from system administration, digital forensics, and incident response to managing teams and building security products. As an automation and security expert, Josh focuses on creating tools to help defend and automate everyday processes using PowerShell and Python.

How do you define a blue team?

Most believe that a blue team is comprised of security professionals who specialize in different security verticals. This team could be part of a security operations center (SOC), a team of security analysts, or some other combination. You would not be wrong if you believed this; in fact, this is probably what most think of when asked how to define a blue team.

I believe the definition of a blue team is anyone who supports, drives, trains, implements, or cares about the defense of an organization. You do not have to be a security specialist to be part of a blue team. An individual who foremost thinks about the implications of an action, event, or decision, and the impact that has on a user or an organization, is utilizing the ...