Skills required to be in a blue team
Blue teamers work with a pre-defined aim to secure the business network infrastructure and strengthen its cybersecurity posture. The methodologies and strategies they use to defend the network and systems from cyberattacks intertwine with each other. Management must have a better understanding of the goals and functions of the blue teamers.
Eager to learn and detail-oriented
To avoid leaving security vulnerabilities in a company’s infrastructure, a very detail-oriented approach is required. Knowing how to create custom tools has several advantages. Writing software takes a great deal of practice and ongoing learning, thus the skill set gained aids any red team in executing the greatest offense strategies imaginable.
In-depth knowledge of networks and systems
A thorough understanding of computer systems, protocols, libraries, and well-known TTPs paves the way for the security personnel’s success. A red team’s ability to grasp all systems and keep up with technological advancements is critical. Knowing how to work with servers and databases will provide additional alternatives when it comes to discovering their flaws. Knowing how to use software packages that allow SOC analysts to monitor the network infrastructure for any unexpected or potentially hostile activities is very crucial. SIEM is a solution that analyzes security incidents in real time. It receives data from multiple sources and analyzes it according to a given set of criteria. Blue teams, similar to red and purple teams, utilize a variety of security technologies, including honeypots, sandboxes, XDRs and NGAVs, threat detection frameworks, and SIEM solutions. The following is a list of some of the most popular cybersecurity tools that are often used by these teams for their operational work:
- Splunk
- Haktrails
- Cuckoo Sandbox
- SecurityTrails API
Outside-the-box and innovative thinking
The cybersecurity team’s major trait is their ability to think outside the box, always developing new tools and approaches to improve organizational security. To keep up with attackers, cybersecurity professionals must constantly think outside the box and uncover new tools and approaches. Cyber security teams deploy a variety of tools throughout their operations, including those for reconnaissance, privilege escalation, lateral movement, and exfiltration.
Ability to cross conventional barriers to perform tasks
SOC analysts always detect a good number of False Positives (FPs). To decrease the number of FPs they encounter on their SOC tools, sometimes, the senior SOC analysts have to cross several conventional barriers. They have to configure rules involving multiple filter criteria, which sometimes becomes overwhelming. Mind-mapping all the use cases helps these professionals as they would have to connect various use cases configured in the SOC tools. They would have to check whether certain rules that have been configured to serve a use case do not override other rules. Conflict resolution in the shortest time possible without the SLAs getting affected is very important. In many cases, this is like looking for a needle in a haystack.
Academics, qualifications, and certifications
Blue teaming roles do not require any kind of expensive certification or academic degree. Hands-on skills and talents are the most important for any blue teamer as this helps the professionals work better in any organization. However, having the right academic qualification and/or certifications may be considered good to have in various job descriptions. Many blue teamers are usually self taught and not spoon fed. However, some organizations may look for certain specific skills on the blue teamer’s resume before shortlisting the candidate’s profile for an interview. Hence, such academic accomplishments may end up becoming a shortlisting tactic, rather than a recruitment requirement by an organization. Some popular certifications in blue teaming are issued by bodies such as CompTIA, SANS, EC-Council, ISC2, ISACA, and others. There are multiple other technology/vendor-specific training programs and certifications that help blue teamers improve their hands-on skills on a given security product.
This section explained the skills needed and what talent to hire. However, this alone does not suffice. In the next section, we will cover talent development and retention.