{"id":39244,"date":"2021-01-21T17:00:39","date_gmt":"2021-01-21T17:00:39","guid":{"rendered":"https:\/\/www.microsoft.com\/security\/blog\/?p=92601"},"modified":"2021-01-21T17:00:39","modified_gmt":"2021-01-21T17:00:39","slug":"the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/","title":{"rendered":"The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 2"},"content":{"rendered":"
<\/div>\n

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the first post of our new Voice of the Community blog series, Microsoft Product Marketing Manager Natalia Godyla<\/a> talks with Jake Williams<\/a>, Founder of Rendition InfoSec<\/a>. In part two of this blog, Jake shares his best practices on how to structure and evolve red and blue teaming within your organization.<\/em><\/p>\n

What are best practices for organizations maturing their blue team?<\/strong><\/h3>\n

First and foremost, go in and look at the event logs and turn on all of the logging that you think will be useful. I work with blue teams today up and down the Fortune 500, and I ask, \u201cWhere is this in your event logs?\u201d And they say, \u201cI think maybe my endpoint detection and response (EDR) platform<\/a> may catch that.\u201d Windows catches that. Windows detects the thing we\u2019re talking about if you have it configured. It\u2019s more than 100 event logs, and a lot of them are empty and the ones that are populated are not logging the best things you can log. A lot of the reason for that is logs get big.<\/p>\n

The second cybersecurity best practice is to use Group Policy Object (GPO) and increase the size of your event logs dramatically. I think the security event log pegs at 20 megabytes. The way that I explain this to folks is I\u2019ve never been an instant responder and worked the case where I walk in and think, \u201cWhat am I going to do with all these logs?\u201d<\/p>\n

Third, actually walk through the audit policy. I want you to go look at it. If you\u2019re a systems architect or a systems engineer, you have to know what\u2019s even available. Not knowing what\u2019s available from an audit standpoint is almost like going to a restaurant, never reading the menu and saying, \u201cI heard you had a burger so I\u2019m going to have that.\u201d And you have no idea what else could be there that could be way better. Go read the menu. Find out what audit logs are available and increase the size of them dramatically.<\/p>\n

We\u2019ve had folks do one but not the other. There was this heartbreaking case a couple of years back where they called, and I ended up being on the flyaway team. When they called, we asked, \u201cWhat auditing do you have available?\u201d We told them to turn it on and increase the size of the event log, and they did one of those two. And when I got onsite, and I got into that server, there were 18 seconds of security event logs. 18 seconds. It was awesome that they turned some stuff on, but at the same time, I needed the log in general, not 18 seconds of activity. It was just heartbreaking.<\/p>\n

What is your guidance to red teamers? What best practices should they consider?<\/strong><\/h3>\n

Stop trying to be sexy. Every time there\u2019s a major security conference like a Black Hat or a ShmooCon, I get some red teamers who come back and say, \u201cI just saw this super cool, super awesome technique.\u201d I ask, \u201cAre attackers using that?\u201d and they say, \u201cI\u2019m sure they will be.\u201d When we have credible intelligence that they are, then we\u2019re going to invest that time. Make sure you\u2019re actually providing value back to the organization and understand what that means.<\/p>\n

In late 2019, I was at a major insurance company and they have a red team that is about a third of the size of their blue team, which is just wrong. I asked, \u201cCan I see an example of a report?\u201d And the red team leader says, \u201cNo.\u201d I said, \u201cYou do know I have an NDA with you. We\u2019re physically here at your headquarters.\u201d He said that they only share these reports with management and that executives understand the risks. He said that if they tell the blue team how they\u2019re doing everything, they\u2019ll catch the red team immediately.<\/p>\n

The biggest outcome of this exercise became how do we stop doing red team for red team\u2019s sake, such as to be a bunch of cool hackers and go break stuff. How do we turn this around where the red team is providing value to blue team? Security is a service provider to the organization, and red team ultimately should be driven by blue team<\/a> (their customer). The red team\u2019s goal isn\u2019t to go sneak around and remain undetected for the sake of their egos. The goal is to identify vulnerabilities, missing patches or misconfigurations, or find gaps in coverage for monitoring. The customer for that is blue team. I look at the blue team as tasking the red team and saying, \u201cHere\u2019s what we need from you.\u201d Red team\u2019s hacking, sexy, cool stuff is secondary.<\/p>\n

What kind of training would you recommend for red and blue teams?<\/strong><\/h3>\n

If I\u2019m a blue teamer, I\u2019m going to be staying on the cutting edge of what\u2019s the latest thing happening with system logs. I\u2019m less about tools than I am about techniques. What do I have available from a detection standpoint? I\u2019m not interested necessarily in my blue teamers going out and trying to figure out how to go through exploits, run exploits. That\u2019s a red team kind of thing.<\/p>\n

For a red team, send them to conferences. People don\u2019t like to hear this, but the conferences are going to pay off better than any red team courses for anybody who has got more than a year of red team experience. The reason is the networking. You network, and you start getting put in these private Slack groups or on email lists. Everybody knows everybody. You\u2019re going to hear about those newer techniques. I\u2019m less about formalized training than I am about getting them into networking opportunities.<\/p>\n

What do you think red and blue teams will continue to think about even after the pandemic? What changes are going to make long-lasting impacts on the security industry?<\/strong><\/h3>\n

This applies to both red and blue teams, and it\u2019s understanding the attack surface. Something that we\u2019ve seen more than any previous year has to be software-as-a-service (SaaS). We shifted to work from home, depending on which part of the country, either over a 24 or a 48-hour period all the way up to maybe a two-week period. By any measure, it\u2019s insanely fast for a lot of folks to do, and so they made a lot of changes to get stuff done without really looking at the long-term security implications.<\/p>\n

I\u2019m already discussing with clients how to go back and memorialize what they did as we ran home. In late March, most CISOs I talked to didn\u2019t believe we\u2019d still be at home at the end of the year. They thought this was a one-month or two-month situation so risks we were ready to accept for a month look a whole lot different than risks we\u2019re going to live with in perpetuity.<\/p>\n

For the folks rolling into holiday standdown time, now is the time to make some of those changes. On the red team side, another big one is: Know your scope, know your scope, know your scope. Just because I have data in Salesforce doesn\u2019t mean you can go hack Salesforce. Your red team needs to know what they legally can do and what they ethically should do and make sure everyone is aligned there. From a blue team side, you figure out how you want them to evaluate the security of your Salesforce tenant. I think that\u2019s really it, knowing what architecture changes we made as we moved into that fully remote environment, and how many of those need to be revisited. And the answer is a lot of them. I think it\u2019s no secret that a lack of change control drives a lot of breaches.<\/p>\n

Any last words of wisdom to help red and blue teams strengthen cybersecurity?<\/strong><\/h3>\n

Both red and blue should absolutely be using threat intelligence. That doesn\u2019t mean every org needs a dedicated cyber threat intelligence (CTI) analyst. It doesn\u2019t mean go buy another threat intelligence feed. What I\u2019m looking at is what we need to prioritize not based on what could happen but on what we know is happening. Those are two very different things. When I look at the range of possible bad things that could happen to us, I think: What are we actually seeing in the wild, both in our organizations and in other organizations?<\/p>\n

When you learn about a threat that\u2019s targeting a different industry, like healthcare<\/a>, should you be paying attention to it? The answer is obviously yes, you should be. Just because it\u2019s a big push in one industry doesn\u2019t mean it\u2019s not coming to you. All things equal, I\u2019m going to prioritize more in my vertical, but I have to have an ear to the grindstone for what\u2019s happening in other verticals as well.<\/p>\n

To learn more about Microsoft Security solutions visit our\u202fwebsite<\/a>.\u202fBookmark the\u202fSecurity blog<\/a>\u202fto keep up with our expert coverage on security matters. Also, follow us at\u202f@MSFTSecurity<\/a>\u202for on LinkedIn<\/a> for the latest news and updates on cybersecurity.<\/p>\n

READ MORE HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

In this blog Jake Williams, Founder of Rendition InfoSec shares his insights on the 2020 threat landscape\u2014who to watch for and why\u2014and offers cybersecurity guidance and best practices on how to structure and evolve red and blue teaming within your organization.
\nThe post The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 2 appeared first on Microsoft Security. READ MORE HERE…<\/p>\n","protected":false},"author":2,"featured_media":39245,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[276],"tags":[347,9127],"class_list":["post-39244","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-secure","tag-cybersecurity","tag-voice-of-the-community"],"yoast_head":"\nThe dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 2 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 2 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-01-21T17:00:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1707\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 2\",\"datePublished\":\"2021-01-21T17:00:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/\"},\"wordCount\":1705,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2.jpg\",\"keywords\":[\"Cybersecurity\",\"Voice of the Community\"],\"articleSection\":[\"Microsoft Secure\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/\",\"name\":\"The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 2 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2.jpg\",\"datePublished\":\"2021-01-21T17:00:39+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/#primaryimage\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2.jpg\",\"width\":2560,\"height\":1707},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\/\/www.threatshub.org\/blog\/tag\/cybersecurity\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 2\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 2 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/","og_locale":"en_US","og_type":"article","og_title":"The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 2 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-01-21T17:00:39+00:00","og_image":[{"width":2560,"height":1707,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 2","datePublished":"2021-01-21T17:00:39+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/"},"wordCount":1705,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2.jpg","keywords":["Cybersecurity","Voice of the Community"],"articleSection":["Microsoft Secure"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/","url":"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/","name":"The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 2 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2.jpg","datePublished":"2021-01-21T17:00:39+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2.jpg","width":2560,"height":1707},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/www.threatshub.org\/blog\/tag\/cybersecurity\/"},{"@type":"ListItem","position":3,"name":"The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 2"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39244","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=39244"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39244\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/39245"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=39244"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=39244"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=39244"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}