Cybersecurity Teams

Green Team

Yellow Team
"The Builders"

Orange Team

Red Team
"The Breakers"



Purple Team

Function

increasing their security awareness by providing education to benefit software code and design implementation

offensive critical thinking included in builder's intrinsic thought pattern

Function

Blue Team
"The Defenders"

White Team

Includes

Logistics

Management

Compliance

Analysts

inspire Yellow Team to be more security conscious

Penetration tests

Black box testing

Exploiting vulnerabilities

Social engineering

Ethical Hacking

Web App scanning

Offensive Security

Incident Response

Operational Security

Damage control

Threat Hunters

Infrastructure protection

Digital Forensics

Defensive Security

Functions

Application Developers

Software Engineers

Software Builders

System Architects

Focus

user experience

functionality

requirements

back-end performance

good quotes

If debugging is the process of removing bugs, then programming is the process of putting bugs into the application. Testing only proves the presence of bugs, not the absence of them.

cycle

in theory

reality

Yellow Builds it. Red Breaks it. Blue Defends it. Yellow Fixes it.

Yellow Builds it. Red Breaks it. Blue Complains about it. Yellow ignores it. Management hides it

ideal

Yellow are educated with Red and work hand-in-hand with Blue

Function

DevSecOp

Function

Sharpened the skills of Blue and Red team members

effective for spot-checking systems in larger organizations

Facilitate improvement in detection and defense

Integrating defensive tactics with offensive results

maximize the results of Red Team engagements and improve Blue Team capability.

knowing both attack and defense is a huge asset to any organisation, team and individual

decrease in overall security bug count over time

understand

use cases

mis-use cases

abuse cases

Risk/Threat Model

STRIDE

Desired property

Threat

Spoofing

Tampering

Repudiation

Information disclosure

Denial of Service

Elevation of Privilege

Authenticity

Integrity

Non-repudiability

Confidentiality

Availability

Authorization

Safer Change Management including integrity monitoring

better data for digital forensics and incident response cases

Full coverage monitoring including improved Anti-Virus and End Point Protection on systems

improved logging capability,working to standardized and prioritize important events

w/o green team, blue team:

Injects security and monitoring requirements into projects, however, that in turn increases time frames and budgets, which tend to become categorized as non-essential requirements for launch.

ask and beg and push for monitoring improvements once a production system is live, forcing double the amount of work to add in improvements at the end of the development lifecycle.

to integrate Automated Security Testing

can be seen as

“too demanding” for the defenders

“too much of a killjoy” for the attackers

"too corporate” for the developers

Functions

set the rules of engagement

organise teams

set strategy

perform risk assessments

sets plans and monitors progress

encompass, and manage all of the colours, without directly being one of them.

Having White Team interact with a secondary colour team will decrease conflict since secondary colours understand the language of the primary colours they come from, but they are “closer to white” and understand multiple pieces of the security puzzle.