INFOSEC Colours
Looking for information about Red, Blue and Purple teams, I found out an interesting article written by Daniel Miessler titled The Difference Between Red, Blue, and Purple Teams.
There, the author extraordinarily condensed into a single image all the INFOSEC color meanings.
Originally posted at https://danielmiessler.com/images/BAD-pyramid-miessler.png
As you can see, the author referenced April Wright work at the image footer. Thanks to that, I searched and downloaded her BlackHat 17 USA presentation Orange is the new purple. There, April introduced the Yellow colour to represent the builders which led to new derived colours: Orange and Green. Just like Daniel, I consider, Orange and Green a mindset rather than a fully dedicated team.
Personally, I am a builder who in 2016 received a Penetration Testing report pointing some security issues affecting my applications. Luckily for me, I could talk to the pentesters openly to interchange ideas and opinions about information security. Those conversations helped me not only to understand the issues and correct them effective and efficiently but also to include the information security from the very beginning in the development cycle.
What I did was to start to think as an attacker trying to get access to my applications as well as a defender building defense mechanisms to deter, detect and monitor the more possibles attacks. In few words, I was a member of the Yellow team whose mindset sometimes has to turn Orange or Green to build more secure and resilient applications.
Back in 2018, I began to pursue an MSc in Digital Investigation & Forensic Computing at University College Dublin. Now, I am sure I could join a Red, Blue or Purple team.