The National Institute of Standards and Technology (NIST) defines a red team as “a group of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture.” The red team plays the part of the attacker or competitor with the intention of identifying vulnerabilities in a system.
When you’re part of a red team, you’re tasked with thinking like a hacker in order to breach an organization’s security (with their permission). Some common red team activities include:
Social engineering
Penetration testing
Intercepting communication
Card cloning
Making recommendations to blue team for security improvements
The offensive mindset of red team activities requires its own set of skills. If you’re interested in a red team role, building these skills could set you up for success:
Software development: When you know how applications are built, you’re better able to identify their possible weaknesses (as well as write your own programs to automate the attack process).
Penetration testing: Much of a red team’s job is to identify and try to exploit known vulnerabilities on a network. This includes familiarity with vulnerability scanners.
Social engineering: An organization’s biggest vulnerability is often its people rather than its computer network. Social engineering tactics like phishing, baiting, and tailgating can sometimes be the easiest way past security defenses.
Threat intelligence and reverse engineering: Knowing what threats are out there—and how to emulate them—can make you a more effective attacker.
Creativity: Finding ways to beat a blue team’s defenses often requires creating new and innovative forms of attack.
Even if a company doesn’t have defined red and blue teams, certain roles tend to have similar tasks and skill requirements as red teams. If you enjoy playing the part of the threat actor in cybersecurity, look for jobs like:
Vulnerability assessor: $80,096
Security auditor: $83,015
Ethical hacker: $98, 177
Penetration tester: $102,274
If you’re looking for a job as an offensive security specialist or red team member, having a credential to validate your skills in penetration testing and offensive security could enhance your resume. Here are some popular cybersecurity certifications that target offensive skills:
Certified Ethical Hacker (CEH)
Licensed Penetration Tester (LPT) Master
CompTIA PenTest+
GIAC Penetration Tester (GPEN)
GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
Offensive Security Certified Professional (OSCP)
Certified Red Team Operations Professional (CRTOP)
NIST defines a blue team as “the group responsible for defending an enterprise’s use of information systems by maintaining its security posture against a group of mock attackers.” If the red team is playing offense, the blue team is playing defense to protect an organization’s critical assets.
As a blue team member, it’s your job to analyze the current security posture of your organization and take measures to address flaws and vulnerabilities. Playing for the blue team also means monitoring for breaches and responding to them when they do occur. Some of these tasks include:
Digital footprint analysis
DNS audits
Installing and configuring firewalls and endpoint security software
Monitoring network activity
Using least-privilege access
Defending a company against attack involves understanding what assets need to be protected and how to best protect them. Here are some skills that could serve you well in a blue team role:
Risk assessment: Risk assessment helps you identify key assets that are most at risk for exploitation so you can prioritize your resources to protect them.
Threat intelligence: You’ll want to know what threats are out there so you can plan appropriate defenses. Blue teams have to stay a step ahead of attackers.
Hardening techniques: Recognizing weaknesses in your organization's security is only helpful if you know the techniques for fixing them.
Monitoring and detection systems: As a blue team professional, you’ll need to know how to use packet sniffers, security and information event management (SIEM) software, intrusion detection systems (IDS), and intrusion prevention systems (IPS).
The roles and responsibilities of a blue team more closely match with those of traditional cybersecurity roles. If you’re interested in a career in defensive cybersecurity, look for jobs like:
Cybersecurity analyst: $80,003
Incident responder: $88,818
Threat intelligence analyst: $90,257
Information security specialist: $96,942
Security engineer: $111,630
Security architect: $153,160
Many of the most commonly-requested cybersecurity certifications are also appropriate for defensive security professionals. Some popular options include:
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)
CompTIA Security+
GIAC Security Essentials Certification (GSEC)
GIAC Certified Incident Handler (GCIH)
Systems Security Certified Practitioner (SSCP)
CompTIA Advanced Security Practitioner (CASP+)