Onyewuchi's Blog!

DevSecOps - Red, Blue and Every Other Colour in Between.

DevSecOps - Red, Blue and Every Other Colour in Between.

Precious Onyewuchi's photo
Precious Onyewuchi
·

2 min read

Table of contents

In security, the red and blue teams refer to the attackers and defenders of a system, respectively. If it’s not obvious, the red team are the attackers, and the blue team are the defenders. They’re both security conscious, but while one exploits vulnerabilities, the other enforces and enhances the security system, so malicious attackers can’t penetrate.

What the red team does:

  • Attacks you

  • They’re on offence

  • Checks for vulnerabilities and exploits them

What the blue team does:

  • Defends from attackers

  • They’re on defence

  • They monitor for vulnerabilities and fix them

  • They assess how they can mitigate the possible risks without causing harm to the business need/use case.

Now, aside from the red and blue team, just like a colour wheel, other teams are involved in the devsecops process.

Image Source

Brief Summary of the other colours:

  • Yellow team: These are the builders. Developers, engineers, etc.

  • Purple team: This is a mixture of the red and blue teams. The attackers find vulnerabilities, and the defenders figure out how to fix these vulnerabilities.

  • Orange team: A mixture of the red and yellow teams, this team learns about the many vulnerabilities available and then fixes them.

  • Green team: A mixture of the blue and yellow teams, this team works with the yellow team getting continuous feedback from the blue team on how to strengthen their defences by designing and building a code base that’s defence conscious from the beginning.

  • White Team (My favourite): These are the “non-technical” folks who look after everyone. They’re responsible for regulations, making sure the ‘colour wheel’ teams do everything within the confines of the law. This is because regardless of all the awesome work the Information Security team does, they’re still regulated by governance, policies, etc.

    They may not be liked so much by other team members, but the truth is, most of what they come up with, is to help everyone.

That's the end, for now. Thank you for geeking out with me and reading until the end. I'm following the #90DaysOfDevOps challenge and most of the knowledge here is from this article.

See you next time!

Connect with me on Twitter: @preshh0

Connect with me on LinkedIn: Precious Onyewuchi

DevopsDevSecOps#operationsdevelopmentsecu