Security Assessment Teams

This will be a living document and will get content added and/or updated as often as possible.

You will hear, in Cyber Security conversations, whether someone is considered a Red or Blue shirt, or if they’re part of a Red or Blue team.

Blue Team

Blue

A Blue shirt, or if you are on a Blue team, simply means you are Protecting the environment. Think of blue as in the police. You are policing the network and ensuring everything is safe. Blue team members will assess vulnerabilities, review logs, monitor and harden security protocols.

Blue Team Examples

Incident Response
SIEM Administrator
Vulnerability Management

Red Team

Red

A Red shirt, or if you are on a Red team, means you are trying to gain unauthorized access into an environment or network. Think of a red alarm going off when someone breaks in. Red team members focus on social engineering, phishing attempts and penetration testing to exploit vulnerabilities and obtain admin access.

Red Team Examples

Phishing Simulation Administrator
Penetration Tester
Exploit Developer

Purple Team

A Purple shirt, or if you are on a Purple team, means you utilize tactics and methodologies from both Red and Blue. You may think like a red shirt attacker and create counter measures and hardening standards like a blue shirt. Red teams and Blue teams are both sides of the same security coin.

One team is not better than another. Both red and blue teams are needed within Cyber Security. There will always be various techniques on engagement, information reconnaissance, and security mitigation methodologies that decide the distinction among red, blue or purple.

VULNERABILITY SCANNING

You can scan hostnames, IP addresses, IP ranges, credentialed, or non-credentialed, in order to find vulnerabilities, open ports, and any threat that can be exploited.