Many people have asked me where to get started for learning more about cybersecurity roles and the kind of work it involves. Although some may think of Cybersecurity as pentesting or “hacking”, it is much broader than that. Here is an overview of the makeup of Cybersecurity.

Blue Team: IR, Detection and Response, Threat Hunting, Threat Intel, AppSec, Compliance Red Team: Internal Red Team, External Penetration Testing, Physical Penetration Testing.

You can think of each of these as a field of their own. There are many roles in just one of either Blue team/Red team. Here is a brief overview of the roles that make up these fields. This is not an exhaustive list, but a gist of what you can expect to see.

Snapshot

Blue Team

On one side, you have the Blue team. This generally consists of defending a company’s resources, this could include the network, laptops, cloud infrastructure, and its data. As shown in the diagram, there are several avenues one could go in the blue team (and there are usually more jobs on this side)

Red Team

In the Red team, we have roles targeted around testing the defenses of a company. This can be either an internal Red team, where a company has dedicated staff for this reason. Or an external company that performs Penetration testing engagements from company to company, this would also be called consulting.

From there, there is an intersection where there is overlap. This is where Purple teaming comes into play. Rarely a team on its own, it is a practice where there are learnings applied from both Blue team and Red teams. You can think of Purple teaming as having a counselor on the job, their sole purpose should be to drive collaboration between the Blue team and the Red Team and ensure a good outcome.

In the past I’ve asked the community at Career Karma what were some topics that were of interest related to security and we we were able to discuss some great future topics.

If you have any others please feel free to comment your idea or reach out.