BLUE TEAMS – The Cinderella of Cyber Security?

--James Burns (@Unstable_Alpha)

2

A Confession...

3

So Why the “Cinderella“ Thing?

A motivated, mature blue team can speed the development of staff and add significant value to an organisation, yet defensive cyber continues to be under-represented in the wider community.

4

Under-Represented

SIEM's will never look as cool as Metasploit

Being successful means admitting to (perceived) failures

Blue-teaming done right is not news-worthy

5

Adding Value

Data from blue teams feeds into intel, malware, red teams

Blue teams have a greater emotional investment

Not just looking for the known vulnerabilities

6

Speeding Staff Development

Defensive skills have never had more offensive relevance

Blue teams form an incubator into all other areas of cyber

Teams that share info and work together upskill faster

7

So Why the “Cinderella“ Thing?

A motivated, mature blue team can speed the development of staff and add significant value to an organisation, yet defensive cyber continues to be under-represented in the wider community.

8

Who Was This Guy?

James Burns Security Consultant with IRM. Previously a Security Analyst for Selex ES

All views have been my own