Red team vs. Blue team

Red Team and Blue Team are teams organized by security management, and have different objectives.

The Red Team will work on the offensive security information, which means, they will apply techniques and tools used by attackers, to test and validate the security of the company.

The Blue Team, on the other hand, will work on defensive information security, protecting the company from attacks and using the results of the Red Team as a source of information.

There is also the Purple Team, with professionals from both teams, in a mixed one, with the aim of being more agile and getting answers in a short time.

This is a managerial approach for information security, dividing between teams is a decision until recently, but it proved to be an economical and viable alternative.

Having a resource constantly testing the technological environment increases the chances of detecting flaws and security risks early.

Red team and Blue team, do they fight?

In the video made for the “Fique Seguro” channel, I discuss these points and others regarding the managerial approach of operating teams.

I comment about the profiles of each of the professionals and how they work together in a fight to have a safer company.

This video was originally recorded in Brazilian Portuguese:

Os times red team e blue team são divisões no time operacional de segurança, mas será que rola uma disputa ou mesmo briga entre os times?

Author: fabio

Fabio Sobiecki is a systems analyst, graduated from Unopar and specialist in Information Security from Senac and has an MBA from FGV. Since 2004, he works with Information Security, between 1998 and 2004, he worked with information technology, in the area of infrastructure and computer networks. Fabio Sobiecki is certified by (ISC) 2 as CISSP and CCSP, since 2008 and 2017, respectively. He is currently president of the São Paulo chapter (ISC) 2 and is a solutions engineer at RSA.