The Umbrella of Cybersecurity
Blue Team, Red Team, What
Whenever I talk to people looking to get into Cybersecurity, many often ask “Should I pursue Blue team or Red team?”
Or something along the lines of “Is Blue team better or Red team?”
This is not a straightforward answer, as it can depend on your target goals and your skill set.
To start, you have to realize that Cybersecurity is a broad field with many sub-fields under it.
Think of it as an umbrella, and underneath it you have many different job families and roles one can pursue.
I wrote about this previously in the Career Paths series.
There are many domains one can pursue, and at times we don’t know which one to focus on.
For another big picture overview of this, check out NICE Framework for Cybersecurity.
We will dive deeper into these and explain the differences.
Blue Team
On one side, you have the Blue Team. This generally consists of defending a company’s resources, this could include the network, laptops, cloud infrastructure, and its data.
As shown in the diagram above, there are several avenues one could go down in this path (and there are usually more jobs on this side)
Just to name a few roles that fall under the Blue team family.
Compliance Analyst
Triage Security Analyst
Threat Hunter
Detection Engineer
Detection Engineering is where I have been spending most of my time in recent years. If you want to learn more about this side of things, see this post.
If you want to learn more about what you can expect in an interview for a Blue Team role, see a previous post I wrote. Where we talked about Cybersecurity technical interviews and what could be expected.
Red Team
On the Red team, we have roles targeted around testing the defenses of a company.
This can be either an internal Red team, where a company has dedicated staff for this reason. Or an external vendor that performs Penetration testing engagements from company to company, this could also be called consulting.
Just to name a few roles.
Penetration Tester
Consultant
Red Team Engineer
I’ll write a future post, detailing each of these roles.
Purple Team
From there, there is an intersection where there is overlap between the Blue Team and the Red Team.
This is where Purple teaming comes into play.
Rarely a team on its own, it is a practice where there are learnings applied from both Blue team and Red teams. The exception being large companies, who could have a dedicated Purple Team, along with a Red Team, and a Blue team.
Let’s think of Purple teaming as having a facilitator on the job, their sole purpose should be to drive collaboration between the Blue team and the Red Team and ensure a good outcome, and seek ways to be continuously improved.
Now, in my opinion you’re better off pursuing the Blue team path as there are many more roles out there. If you follow the Law of Large Numbers, you’ll have probability on your side.
That being said, these domains converge the more experience you get.
What I Read This Week
Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool
Leading InfoStealer “Lumma” suffered a hit to their infrastructure last week
Microsoft seized 2,300 domains and cut off 394K Windows implant
The title is a bit of a mouthful, but impressive how OpenAI o3 found this vulnerability after some benchmarking.
Of course, this was a researcher with deep knowledge in the vulnerability and then prompted accordingly
This model is best for multi-step tasks or deep analysis, so makes sense this was the model used
Iranian pleads guilty to RobbinHood ransomware attacks, faces 30 years
This is from a five-year operation attempting to extort millions of dollars
These attacks ranged from 2019 to 2024
Zscaler’s agreement to acquire Red Canary sent shockwaves post Memorial Day
This move looks to combine human expertise and AI-driven workflows to stop threats
In Summary
In conclusion, we can say that Cybersecurity is a broad field, and there are many paths one can go down. This just serves as a reminder that there’s no one path to go down or one “right way”.
This can provide a starting ground for you to analyze where your interests and skills fit or what to pursue next.
I hope this helps.
See you in the next one.