“The blue team defends the organization's networks, endpoints, data, and all digital assets against cyber threats.”

Twitter: @ashleytolb • Website: www.linkedin.com/in/ashleytolbert

Ashley is currently a senior security engineer at Netflix focusing on crisis management and incident response; she has also worked for the Department of Energy and Stanford University Linear Accelerator Center (SLAC). Her diverse background includes researching compromises of electrical SMART grids at NASA's Jet Propulsion Lab. Ashley holds an MS in information security from Carnegie Mellon University and a BS in software engineering from Auburn University. She currently sits on the Board of Women in Security and Privacy (WISP). When not defending cyberspace, she's running outside, discovering new music like Afrobeats, or traveling to be inspired.

How do you define a blue team?

I define the blue team as the incident response and defense function at any organization—those responding to cyberattacks and cyber crisis. Many organizations customize their recipe of which “ingredients” are baked into their blue team; it could include a tier 1 SOC, detection team, networking team, threat intelligence, forensics, etc. Smaller organizations may have a subset or all functions baked into one team, while larger organizations are often large enough to staff these functions separately. The blue ...