The Umbrella of Cybersecurity
When I talk to people looking to get into Cybersecurity, many often ask “Should I pursue Blue team or Red team?”
Or something along the lines of “Is Blue team better or Red team?”
This is not a straightforward answer, as it can depend on your target goals and your skill set.
To start, you have to realize that Cybersecurity is a broad field with many sub-fields under it. Think of it as an umbrella, and underneath it you have many different job families and roles one go can pursue.
For another big picture overview of this, check out NICE Framework for Cybersecurity.
We will dive a little deeper into these and explain the differences.
Blue Team
On one side, you have the Blue Team. This generally consists of defending a company’s resources, this could include the network, laptops, cloud infrastructure, and its data.
As shown in the diagram above, there are several avenues one could go down in the blue team (and there are usually more jobs on this side)
Just to name a few roles that fall under the Blue team family.
Compliance Analyst
Triage Security Analyst
Detection Engineer
Detection Engineering is where I have been spending most of my time in recent years. If you want to learn more about this side of things, see this post.
If you want to learn more about what you can expect in an interview for a Blue Team role, see a previous post I wrote. Where we talked about Cybersecurity technical interviews and what could be expected.
Red Team
On the Red team, we have roles targeted around testing the defenses of a company. This can be either an internal Red team, where a company has dedicated staff for this reason. Or an external company that performs Penetration testing engagements from company to company, this could also be called consulting.
Just to name a few roles.
Penetration Tester
Consultant
Red Team Engineer
I’ll write a future post, detailing each of these roles.
From there, there is an intersection where there is overlap between the Blue Team and the Red Team.
This is where Purple teaming comes into play.
Rarely a team on its own, it is a practice where there are learnings applied from both Blue team and Red teams. The exception being large companies, who have a dedicated Purple Team, along with a Red Team, and a Blue team.
You can think of Purple teaming as having a facilitator on the job, their sole purpose should be to drive collaboration between the Blue team and the Red Team and ensure a good outcome, and seek ways to be continuously improve.
In Summary
In conclusion, we can say that Cybersecurity is a broad field, and there are many paths one can go down. This can provide a starting ground for you to analyze where your interests and skills fit.
I hope this helps you in your learning journey!