Tell me how many of these you’ve heard of: Blue Team, Red Team, Purple Team, Green Team, Sprinkles Team
…okay that last one I just made up. Also, why doesn’t DFIR ever have its own “team?”
I’m not going to explain them all to you, but yes, these are in-fact terms of explanation of the many facets of IT Security in some way. In the mil days, they were a way of distinguishing who would be Good and who would be “Evil” when I was first hearing them. Now they have been indoctrinated into corporate life.
They are all integral to a company, but for some reason so much emphasis has been put on Red Teaming. Why? Ya, we all like to break things…but is it really that much better than doing DFIR work? In my opinion, it isn’t any better. But there is a big difference between those folks and us in DFIR.