Blue - Defensive Operations

Blue teaming is the bread and butter of the security industry. While offensive security looks cooler, and has more pop culture around it, defensive operations are what really keeps us all safe. Defending is a multi-faceted process that combines hardening your network against attacks, as well as improving your visibility and trying to detect attacks when they hit you or happen to slip by your other defenses. The odds are stacked against defenders. Remember, Defenders have to successfully protects against thousands of different types of attacks. Attackers, only need one that you miss.For developing your defensive cyber skills, you must start as a generalist. Your knowledge must be an inch deep and mile wide, simply to understand where you need to go in the future. This starts with basic certification and terminology. From here you will learn more complex concepts and develop into a specialty. Understand one big important thing: Understanding how to successfully use a security tool, is just as important as understanding the theory behind it. A SIEM is useless if you don't know how to perform a query.

In this section I have added every bit of tool and reference to defensive operations that I have used. Try tools out, practice the labs, and as always, READ THE DOCUMENTATION.

For those wanting to build up their certifications and progress in your career, check out the to see what is next for you.

Blue team resources

• - A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

• - A collection of awesome software, libraries, documents, books, resources and cool stuff about security.

• - A curated list of resources related to Industrial Control System (ICS) security.

• - The Framework is voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. This is a great place to start when building a security program from the ground up.

  • - An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

  • - Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

  • - Security and Privacy Controls for Information Systems and Organizations

• - SANS Blue Team wiki built by the instructors of the SANS defensive courses.

• - The Institute for Security and Open Methodologies (ISECOM) is an open, security research community providing original resources, tools, and certifications in the field of security.

• - Looking for a place to start when improving your security program? Start here!

• - Guide for levels of maturity and development of a security program.

• - Relationships between indicators and effectiveness of protection.

• by Mandiant

Training and Resources

For resources including offensive security courses, books, CTFs and much more, please check out the Training and Resources section of this guide.

Contents