“In some sense, the blue team is comprised of the individuals whose core job responsibility is to ensure the security of the organization.”

Twitter: @megan_roddie

Megan Roddie currently works as a cyberthreat researcher. With previous experience in the public sector and a current position in the private sector, she has a variety of experience in different types of environments. With a love for public speaking, she has spoken at DEF CON, multiple BSides events, and various other conferences around the world. Megan has a master's degree in digital forensics and holds several industry certifications.

How do you define a blue team?

Defining blue team is such a challenge because of the large scope of everyone involved in such operations. In some sense, the blue team is comprised of the individuals whose core job responsibility is to ensure the security of the organization. However, the team of security engineers, SOC analysts, and incident responders who may fall in this category could not be successful in their roles without the support of the entire organization, developers, network engineers, help desk, and more.

What are two core capabilities that a blue team should have?

Communication and management support. While not necessarily traditional “capabilities” from a technical/skill perspective, all the technology in the world isn't going to provide any value without ...