The Blue Teamer’s Journey – LikelyMalware Blog

After understanding what red teamers are all about, I had to show the other side of this equation – the blue teamers.

Well, the obvious thing to say about the blue teamers is that they are the complete opposites of red teamers and their main purpose is well, to protect.

A Blue Teamer, often seen as the guardian of an organization’s digital fortress, is a cybersecurity expert dedicated to protecting information systems, networks, and data from malicious actors.

But what types of roles considered as blue team? is a security analyst that creates IDS signatures for multi-billion dollars company like i used to do, considered blue team? let’s find out together!

In this blog post, we will delve into the fascinating world of Blue Teaming as a career path, exploring its significance, responsibilities, required skills, and the exciting challenges it presents.

The People Behind The Blue Shield

So first let’s make things straight, Blue team positions are often depends on where you stand as a cyber security professional, the positions with the defensive nature will always be considered as Blue Team.

There are many positions that are considered as Blue Team, here are couple of examples:

Security Analyst:My first position in my cyber security career was a security analyst for CheckPoint, one of the most popular cyber security firms in the world.My job was to create signatures for malicious traffic that eventually improved the product. Now of course, it improved it by very little, but this type of work is still needed by many big organizations.However, the security analyst role can vary is it’s name is very generic and a lot of companies assign different tasks for this role. Overall, security analysts doing many types of roles such as monitoring networks, systems, and applications for potential security incidents or vulnerabilities. They also can do work like analyzing security logs, investigate alerts, and respond to incidents.
Incident Responder:Incident responders are responsible for rapidly assessing and mitigating security incidents.They investigate and contain breaches, analyze attack vectors, and restore systems to a secure state.Incident responders collaborate with other team members to develop incident response plans and improve the organization’s overall incident handling capabilities. They are very technical as they must have a good knowledge in procedures, networking and network architectures, security technologies, network forensics and malware analysis.
Threat Intelligence Analyst:Threat intelligence analysts monitor and analyze the cybersecurity landscape to identify emerging threats, attack trends, and potential vulnerabilities.They gather information from various sources, assess the relevance and impact of threats, and provide impactful Intelligence to enhance an organization’s defensive strategies. Threat intelligence analysts help to stay ahead of potential threats by providing timely and accurate intelligence.In addition, they also contribute in investigations, regional and strategic threat assessment, hunting, and drawing an overall picture of the organization’s threat landscape.
Security Operations Center (SOC) Analyst:SOC analysts monitor networks and systems for security incidents, review logs, and investigate alerts. They actively analyze threats, triage incidents, and coordinate response efforts.SOC analysts play a crucial role in maintaining situational awareness, detecting and responding to security incidents in real-time, and ensuring the organization’s security posture remains robust.

These are only a small part of the positions you have as Blue Teamer. you have more advanced positions such as malware analyst, reverse engineer, pentester, threat intelligence researchers and much more.

Requirements For Blue Team Positions

There are tones of ways you can become a blue teamer, and i am a person who don’t believe in the traditional ways to gain information, especially when we talking about cyber security, but still here are some basic knowledge and tools and will help you get your first job as a blue teamer:

Bachelor’s degree:It seems like two sentences ago is said the complete opposite. Well, you are right, but still, as a bachelor of science my self, i can tel you that some people need the disciple and structure you have in collage or in the university. It help you grow your learning skill and to be autodidactic which is a crucial skill to have in cybersecurity.
Certificates:Certificates are a tricky thing. A lot of them costs a lot of money but some places require them. to save yourself a lot of time, effort, and of course money, try to understand what position you want to start with, because each certificate will lead you to a specific position, for example if you want to become an incident responder, the certificates that will help you will be the Certified Incident Handler (GCIH) and Certified Computer Forensics Examiner (GCFE).
Networking:Most of today’s cyber threats are activated in the purpose of rather stealing or giving control and other information to the threat actors behind the, you can see it in infostealers, spyware and even ransomware. What all have in common is that eventually they final stage, or the outcome of these threats, is going over the network of course. Understanding networking better and know the fundamentals is crucial to EVERY position in cyber security, red, blue, purple, whatever. You got to know it better.
Community:You don’t have to be active, but being part of the community is also very important, you need to no what’s going on around you, what are the latest techniques, trends, who got arrested, who are the rookies, etc.I honestly believe that this will help you know what to expect in your work and eventually will make you stand out for everyone else. I’m not talking about being on Twitter and Telegram all the time, but reading blogs of other researchers and companies every know and then will give you a great boost.
Doubt your knowledge but never you journey:You have to take into consideration, especially in the first stages of your journey, that you don’t have all the answers, and you don’t know it all.Don’t worry, it’s totally fine! but when you aware of that, you are aware of everything you need to improve in yourself to become a better professional. You will never get better if you think you already have all the answers.
YouTube YouTube YouTube:YouTube! the holly grail. By far YouTube is the number one source of knowledge when you know what to look for and how to separate the ones who actually try to bring value and the influencers. Once you do that you can have so many great mentors and channels that can teach you a lot about cybersecurity of any kind. I wrote a blog about several YouTube channels you can follow, feel free read it.
Coding:Yeah, this one is inevitable, you got to know coding, and not just Python, i mean it will be a great start, but at some point things like C, and C++, even assembly at some point.
SysInternals:It depends which type of role you are at, but at some point i believe that you will have to know better what is sysinternals, basically how everything works. it can be tough at the beginning but these extra miles are the ones who differ you from a good professional to a great professional.

Conclusions

Like many other positions in the cyber security realm, the blue teamer’s road are also dark and full of terrors, and i know it seems overwhelming, especially if you are a beginner, but consistency is the name of the game here, start small, improve constantly bit by bit and after only one year you will be amazed at what you have accomplished.

I truly believe that cybersecurity is one of the most interesting and fun fields out there. It takes some effort, like all great things.

I hope i helped you understand better what is Blue Team and their positions. Have fun and good luck!