“To me, a blue teamer is essentially an ‘all-around defender,’ a security professional who is versatile and possesses an arsenal of skills that are critical to protect an organization from a wide variety of threats.”

Twitter: @aboutsecurity • Website: aboutsecurity.io

Since he founded one of the first IT security consultancies in Spain, Ismael Valenzuela has participated as a security professional in numerous projects across the globe over the past 20 years. Prior to his current role as senior principal engineer at McAfee, Ismael led the delivery of SOC, IR, and forensics services for the Foundstone Services team within Intel globally.

Ismael is a SANS Certified Instructor and coauthor of the CyberDefense and Blue Team Operations course, SANS SEC530: Defensible Security Architecture, and holds many professional certifications, including the highly regarded GIAC Security Expert (GSE #132).

How do you define a blue team?

Let me start by defining what I picture in my head when I think of the blue teamer. To me, a blue teamer is essentially an “all-around defender,” a security professional who is versatile and possesses an arsenal of skills that are critical to protect an organization from a wide variety of threats. Let's be honest, a lot of blue teams out there are composed of a great, single team of one (does it sound familiar?). That's one of the reasons ...