There are 12 primary colors on the color wheel. They already covered red, and now authors Marcus J. Carey and Jennifer Jin are back with Tribe of Hackers Blue Team: Tribal Knowledge from the Best in Defensive Cybersecurity (Wiley). Good news is that there are many colors remaining.
As the title notes tribal knowledge, the authors pose many questions to more than 50 security professionals. While a blue team generally refers to an internal security team that works to ensure adequate security controls are in place, the definition is far from written in stone, to which many of the professionals interviewed give their ideas of what that is.
While many people may think that information security is black and white, what is fascinating to see here is the divergence of opinions and approaches by the various contributors.
While there are plenty of security software and hardware vendors that want you to think that all you need to do for security is to get their products in a rack in your data center or your cloud instance, the reality is far from that, for which Carey and Jin have many penetrating (no pun intended) questions that force the reader to think about how they want to ensure their infrastructure is secure.
Some of these questions include:
- What would you start with if you were the only information security staff member at a small to medium-size business with a primitive security infrastructure?
- How do you reward good blue teaming work?
- Where should an organization use cryptography?
- What is your opinion on compliance?
- What is the most bang-for-your-buck security control?
One of the book’s common themes is the notion that security has to be a community effort, which Eddie Clark (chapter 11) said that it never ceases to amaze him how helpful people in the information security space can be.
Another point reiterated numerous times is that your security team has to be adequately compensated. Obviously, there will be much variance depending on the person’s experience, location, industry and more. But a recurrent problem in the industry is that far too many security professionals are not adequately compensated.
And for those who are perpetually complaining about the difficulties of finding security staff, much of the problem is that the firms that are having the most significant challenges are the ones that refuse to pay market rates. As I wrote in The fallacy of the information security skill shortage, any firm that is willing to adequately compensate their security teams will, for the most part, not have significant problems finding people to join their security team.
Many people go to Gartner® for high-level strategic advice. In Tribe of Hackers Blue Team, the authors bring the collected wisdom from the trenches of the people who are actually doing security, know how to do it and how to make it work.
There is obviously a lot more to be covered than just what is written here. The book takes on the blue team approach of building a defensive infrastructure for the organization. In their previous work, Tribe of Hackers Red Team, the experts there discussed the role of an external adversary.
I have this book on my list of the Best Information Security Books of 2020; this is an excellent read and should also be on your reading list.