An Overview of the Umbrella that is Cybersecurity
Many people often ask “Should I pursue Blue team or Red team?”
Or something along the lines of “Is Blue team better or Red team?”
This is not a straightforward answer, as it can depend on your target goals and your skill set.
One thing to start with is this, you have to realize that Cybersecurity is a broad field with many sub-fields under it. Think of it as an umbrella and underneath it, you have many different job families and roles one go can pursue.
We will dive a little deeper into these and explain the differences.
Blue Team
On one side, you have the Blue team. This generally consists of defending a company’s resources, this could include the network, laptops, cloud infrastructure, and its data.
As shown in the diagram above, there are several avenues one could go down in the blue team (and there are usually more jobs on this side)
Just to name a few roles that fall under the Blue team family.
Triage Security Analyst
Incident Manager
Detection Engineer
Compliance Analyst
If you want to learn more about what you can expect in an interview for a Blue Team role, see the previous post. Where we talked about Cybersecurity technical interviews and what could be expected.
Red Team
On the Red team, we have roles targeted around testing the defenses of a company. This can be either an internal Red team, where a company has dedicated staff for this reason. Or an external company that performs Penetration testing engagements from company to company, this would also be called consulting.
Just to name a few roles on this side.
Penetration Tester
Consultant
Red Team Engineer
The diagram below explains some of the differences between these roles.
From there, there is an intersection where there is overlap.
This is where Purple teaming comes into play. Rarely a team on its own, it is a practice where there are learnings applied from both Blue team and Red teams.
You can think of Purple teaming as having a counselor on the job, their sole purpose should be to drive collaboration between the Blue team and the Red Team and ensure a good outcome, and seek ways to be continuously improve. Usually, only mature large companies will have Purple Teams.
In Summary
In conclusion, we can say that Cybersecurity is a broad field , and there are many avenues one can go down. This can provide a starting ground for you to analyze where your interests and skills fit.
In the next post, we will go over what are some factors to consider when making a decision on which route you want to go. We’ll cover resources and tools available to help with this process.
I hope this helps you in your learning journey!