Wednesday, 7 April 2021

The InfoSec Wheel

In the conventional realm of information security, there tend to be two main groups:

1) The Red Team, employees or contractors hired to be Attackers, ethical hackers that work for an Organization finding security holes that a malicious individual could exploit.

2) The Blue Team, the Organization’s Defenders, who are responsible for protective measures within an Organization.

While it is good to have people dedicated to secure an Organization through defense or attack methods, Organizations and their systems do not stay static. Additional processes, automations, products and being built constantly — with the potential attack surface area growing with each new change or integration.


Only having Red and Blue Security Teams is not enough. The people building what must be defended need to be included.


Red, Blue and Yellow are our Primary Colours. Combine two of them and you get Secondary Colors