2 answers
John
Student
Rexburg, Idaho
1
Question
Asked
328 views
What made you choose a career in defensive cybersecurity?
What led you to choose a career in Blue Team (defensive) cybersecurity, and how did you get your start in this field?
What tools and techniques do you rely on most for threat detection and response in your role?
Can you describe a memorable incident your team handled and what you learned from the experience?
How does your Blue Team role intersect with Red Teams or other cybersecurity functions?
What skills or certifications do you consider essential for someone interested in a Blue Team role?
What advice would you give to someone entering the cybersecurity field, specifically on the Blue Team side?
Login to comment
2 answers
Angel S
UI/UX Design Aspirant
156
Answers
India
Updated
Angel’s Answer
My friend chose Blue Team cybersecurity because she wanted to protect systems from hackers. She started by taking online courses and earning certifications like CompTIA Security+. Through internships, she gained hands-on experience with tools like Splunk and CrowdStrike. A memorable experience was handling a malware outbreak, where she learned the importance of teamwork and quick response. She collaborates with Red Teams to improve security defenses. For anyone interested in Blue Team roles, she recommends learning networking basics, getting certifications like CISSP, and staying curious. Cybersecurity is always evolving, so continuous learning is key!
Thank you for sharing your friend's experiences!
John
Biplab Panda
Engagement Director
70
Answers
Atlanta, Georgia
Updated
Biplab’s Answer
Although I myself am not a blue team analyst, many people on my team are, so I can provide some examples
1. Several of them realized that cybersecurity is a growing field that is largely resistant to market pressures even in the post-Covid world where IT has seen some market pressures. They also find threat hunting to be an interesting game of "cat and mouse".
2. Many of them utilize the MITRE ATT&CK framework as a guide for the kinds of techniques that adversaries will use and employ appropriate countermeasures and pivoting amongst other tools, techniques and procedures.
3. Conferring threat databases and detonating suspected malicious files in a sandbox environment are some examples.
4. A non-confidential one would be responding to the CrowdStrike Falcon blue screen situation by being able to quickly identify and let our clients know machines on their network that may be experiencing the outage so they could take appropriate measures
5. We work with pen testers and other red team functions to get feedback on detections as well as to identify areas of vulnerability in order to come up with remediation recommendations.
6. Consider Security+, CYSA and other security certifications - eventually down the line you'd want to make CISSP an "endgame" certification goal.
7. Learn Splunk or other MDR tools and gain some basic certifications in addition to, if possible, taking cybersecurity and computer science coursework in college.
Good luck!
1. Several of them realized that cybersecurity is a growing field that is largely resistant to market pressures even in the post-Covid world where IT has seen some market pressures. They also find threat hunting to be an interesting game of "cat and mouse".
2. Many of them utilize the MITRE ATT&CK framework as a guide for the kinds of techniques that adversaries will use and employ appropriate countermeasures and pivoting amongst other tools, techniques and procedures.
3. Conferring threat databases and detonating suspected malicious files in a sandbox environment are some examples.
4. A non-confidential one would be responding to the CrowdStrike Falcon blue screen situation by being able to quickly identify and let our clients know machines on their network that may be experiencing the outage so they could take appropriate measures
5. We work with pen testers and other red team functions to get feedback on detections as well as to identify areas of vulnerability in order to come up with remediation recommendations.
6. Consider Security+, CYSA and other security certifications - eventually down the line you'd want to make CISSP an "endgame" certification goal.
7. Learn Splunk or other MDR tools and gain some basic certifications in addition to, if possible, taking cybersecurity and computer science coursework in college.
Good luck!
Thank you so much for the advice!
John