Baseball and Information Security: Red Team vs. Blue Team

By day I'm an information security professional; By night I'm a baseball blogger.

I've been thinking a lot over the past few months about some of the similarities between the two very different areas of study. This is meant to be thought exercise to try and get down some of these thoughts as well as further fleshing out the idea.

Red team vs. Blue team

St. Louis Cardinals vs. Chicago Cubs; Boston Red Sox vs. Torongto Blue Jays; Texas Rangers vs. Los Angeles Angels of Anaheim;  Washington Nationals vs. Atlanta Braves; Philadelphia Phillies vs. New York Mets; Arizona Diamondbacks vs. Los Angeles Dodgers.

All the matchups above are teams with red vs. teams with blues. The most prolific matchup is probably the first one: Cardinals vs. Cubs. There's a long history of those two fan bases disliking each other. A lot.

It's a little more complicated than that, though. Within each team is offensive players vs. defensive players, so maybe the analogy goes better in a single game, rather than a series. So within a game you have your hitters, red team, and your fielders, blue team. But what does that make pitchers? Would pitching be the business objectives or goals. Depending on the agency it could be sensitive information or the asset that makes the business profitable. So pitchers are the business goals and the ball is the sensitive information that makes the organization operate.

A good defense/blue team is going to help minimize the impact a ball hit into play makes. There are very few no-hitters and even fewer perfect games. The same idea applies to security measures, there is no perfect defense. Someone will, at some point, get a hit or breach the network. The impact of that breach will be based on how good your defense is, but we shouldn't just focus on defense. To win the game you need to score some runs yourself and having a good red team or at least understand red teams tactics is important to win the game.

Baseball players play both sides of the game. Some are good at offense; some are good at defense. They play both sides of the game and that's something that I think also needs to be done in security.

This post first appeared on Exploring Information Security.