You will hear, in Cyber Security conversations, whether someone is considered a Red or Blue shirt, or if they’re part of a Red or Blue team.
Blue Team
A Blue shirt, or if you are on a Blue team, simply means you are Protecting the environment. Think of blue as in the police. You are policing the network and ensuring everything is safe. Blue team members will assess vulnerabilities, review logs, monitor and harden security protocols.
Blue Team Examples
- Incident Response
- SIEM Administrator
- Vulnerability Management
Red Team
A Red shirt, or if you are on a Red team, means you are trying to gain unauthorized access into an environment or network. Think of a red alarm going off when someone breaks in. Red team members focus on social engineering, phishing attempts and penetration testing to exploit vulnerabilities and obtain admin access.
Red Team Examples
- Phishing Simulation Administrator
- Penetration Tester
- Exploit Developer
Purple Team
A Purple shirt, or if you are on a Purple team, means you utilize tactics and methodologies from both Red and Blue. You may think like a red shirt attacker and create counter measures and hardening standards like a blue shirt. Red teams and Blue teams are both sides of the same security coin.
One team is not better than another. Both red and blue teams are needed within Cyber Security. There will always be various techniques on engagement, information reconnaissance, and security mitigation methodologies that decide the distinction among red, blue or purple.