Course Overview
Active defense of an enterprise is not only the responsibility of the equipment, applications, and security processes of an organization but is ultimately driven by Blue Team actions. Whether as a team, designated position, or assigned set of additional responsibilities, understanding and performing Blue Team actions are essential aspects of an effective cybersecurity program. Some of the fundamental concepts for Blue Team operations include “Defending the Castle” by environment and threat landscape awareness, establishing “normal” vs “abnormal” for your environment, understanding Threat Hunting tools and techniques (including intel and open-source research), as well as the components of some of the more significant threats to your organization such as lateral movement, malware, ransomware, and Command & Control. This course will also briefly introduce the concepts and relationships between the Blue Team with the related White, Red, and Purple Teams.