O'Reilly logo
live online training icon Live Online training

Cybersecurity Blue Teams vs. Red Teams

Omar Santos

In this course you will learn all about cybersecurity blue and red teams while also building the skills necessary to create your own teams. We will start with exploring the concepts of red, blue and "purple teams" or "purple teaming," which combines the elements of defense and offense within an organization. Next you will find out how to create and manage cybersecurity red, blue and "purple" teams before jumping into best practices for understanding how your teams can effectively collect and analyze data to defend your organization against threat actors. You will also learn different tools that are appropriate for blue and red teams and how to proactively and iteratively "hunt" and isolate advanced threats that evade existing security solutions within your organization. We will then end with a look at threat intelligence and how blue and red teams use it in their engagements.

What you'll learn-and how you can apply it

  • Learn how enterprises create and manage red and blue teams.
  • Best practices of cybersecurity offensive and defensive practices.
  • Learn how to perform threat hunting.
  • Learn about tools used by blue and red teams.
  • Learn best practices on how to use threat intelligence within a blue or a red team.
  • Learn how large enterprises are building ethical hacking and penetration testing capabilities, as well as automating some of the processes to continuously monitor and assess their infrastructure.

This training course is for you because...

  • You have an understanding of cybersecurity fundamentals.
  • You want to learn different methodologies and best practices to identify, track, and contain advanced adversaries and to response and remediate cybersecurity incidents.
  • You want to learn more about cybersecurity red and blue teams and their practices.
  • You want to learn how to perform threat hunting, how to use threat intelligence, and how enterprises are developing enterprise-wide ethical hacking programs.

About your instructor

  • Omar Santos is a Principal Engineer in the Cisco Product Security Incident Response Team (PSIRT) within Cisco's Security Research and Operations. He mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities in all Cisco products, including cloud services. Omar has been working with information technology and cyber security since the mid-1990s. Omar has designed, implemented, and supported numerous secure networks for Fortune 100 and 500 companies and the U.S. government. He is an active member of the security community, where he leads several industry-wide initiatives and standard bodies. Omar is often delivering technical presentations at many conferences and he is the author of over 15 books and video courses.

Schedule

The timeframes are only estimates and may vary according to how the class is progressing

Segment 1: Understanding Cybersecurity Blue vs. Red Teams (30 minutes)

  • In this segment you will learn what are cybersecurity blue and red teams. You will also build the skills necessary in blue and red teams.

Segment 2: The Hybrid Approach: Purple Teams (30 minutes)

  • Many organizations hire red teams to perform penetration testing and assess their security posture and also have blue teams that defend the organization. In this segment you will learn the concept of “purple teams” or “purple teaming” which combines the elements of defense and offense within an organization.

Break: 10 minutes

Segment 3: How to Build and Manage Cybersecurity Red, Blue, or Purple Teams (30 minutes)

  • In this segment you will learn how to create and manage cybersecurity red, blue or “purple” teams. You will learn best practices that will allow you to understand how your teams can effectively collect and analyze data to defend your organization against threat actors. You will also learn different tools that are appropriate for blue and red teams.

Segment 4: Introduction to Threat Hunting (30 minutes)

  • In this segment you will learn what is threat hunting. You will learn how proactively and iteratively “hunt” and isolate advanced threats that evade existing security solutions within your organization.

Break: 10 minutes

Segment 5: Threat Intelligence (30 minutes)

  • In this segment you will learn what is threat intelligence and how to blue and red teams use it in their engagements.

Segment 6: Enterprise-wide Ethical Hacking and Continuous Monitoring (30 minutes)

  • In this segment you will learn how large enterprises are building ethical hacking and penetration testing capabilities, as well as automating some of the processes to continuously monitor and assess their infrastructure.