I’ve always gravitated towards defensive positions. I draw a lot of satisfaction from disrupting the guy who’s trying to score against my team.
So, it’s no surprise that I’m primarily a blue teamer*.
Unfortunately, in infosec, it’s the red team activities that get the most attention. It makes much better headlines when a researcher finds a new zero-day or a major database is breached.
It’s not particularly newsworthy when a server log file shows that a potential attack was thwarted.
Football highlights show both the circus catch touchdowns and the big defensive hits, but working to defend your servers is never glamorous.
So you’ve got to have a lot of pride in defending your assets to be successful.
Over the next few posts, I am going to outline my keys to a strong defense.
The three M’s: Monitoring, Misdirection, and Misery.
(Normally I would write this up in one large post, but I’m cheating a bit to make my post per day this month.)
*for anyone not familiar with the terminology, red teams are the penetration testers who attempt to compromise an environment and the blue team are those that secure systems from intrusion.