Blue team or Red team?

2018.08.18

Are you blue team, or are you red team? And no, Im not talking about Pokemon Go. (Although...go Team Valor!) No, what Im talking about is whether your offensive or defensive in infosec? Do you like to defend or break in?

You may be new in infosec and may not know what this means, so Im here to help (mainly rant). Most will often ask you this question at a conference because they want to see what peaks your interest, and what type of work do like doing at excel at? There is no wrong answer. We want to see someones face light up when they talk about what they do.

But yes, Red in infosec is offensive security, meaning you like breaking (ethically) into things. You want to figure you how something works, find bugs and see if you can exploit it and/or fix it. Additionally, your book collection may be filled with terms like (glances over at book collection) "Penetration testing", "Hacking", "Exploit" etc. And I get it! I like all that stuff! Its fun! (even if we're not the greatest at it ) But its the "fun side" of infosec, and its honestly how I first got into it. Have a great mentor how had just taken their CEH and got me into it. It a fun starting point to get into infosec. From my experience, it will be the reason you love your career and that will never feel like you're working.

And then theres the Blue in infosec, and this I think is the harder of the two, but if your skilled at it, youll defintely be a cybersecurity badass. And I say its the hardest of the two because, in red team you get an indefinitely amount of chances to break into something, where as in blue, you only get one, and THAT is a ton of pressure. Blue protects and defends. Blue means your defending your systems, network, servers, etc. You value the systems you manage, and want to make sure that its not easily penetrable. It means you've configured your firewalls appropriately, you've architected your network appropriately, youve tested your servers for vulnerabilities and the chances of someone breaking has been minimized. I say minimized because there is always risk, but you always want to reduce that as much as possible.

Now I'm not here to make you switch sides, or deny that red team isn't fun. My book collection very much demonstrates the career I hope to pursue in the coming years. But my collection isnt limited to just that. I have both red and blue books.

I'm simply here to promote a more purple centric mind in infosec. Lets stop creating a divide and instead promote both, whether we're a mentee or mentor. Promote both and be purple. Demonstrate both sides are immensly valuable because yes you'll ask are you able to exploit a vulnerability, but if the roles were reversed, would you be able to prevent and correct said vulnerability?

That's my quick rant. Lets be purple and stop dividing ourselves. Rant over.

Anyways, take care! Byeeee!


< >