Demystifying cyber defence: An exploration into the teams behind securing online systems

Black iPhone showing a padlock icon on a purple background


It seems that not a day goes by without news of cyber-attacks, data leaks and compromised systems.

Society is becoming increasingly familiar with the concept of online attacks and the forms they can take, from phishing to denial-of-service.

And yet, the roles in cyber security which protect us against these attacks and defend compromised systems remain somewhat ambiguous. Although not all heroes wear capes, the superheroes in cyber are too often depicted as underground forces carrying out intensely complex work with an air of upmost mystery.

Helen Clarke, Marketing and Communications Lead, UK Cyber Security Council

Embarking on a career in cyber doesn’t need to feel akin to becoming a secret agent and in this article, Helen Clarke, Marketing and Communications Lead, UK Cyber Security Council, aims to shine a light on some of the roles available in cyber and celebrate the assembly of these elements to create robust cyber defence.

Helen’s background ranges from private and public sector work within tech, education, prison reform, self-employment and employment contracts across the UK. She has worked in web development, digital marketing and traditional marketing, and continues to work encouraging a culture of security awareness at every level. Having previously published policy for The Fabians, she is currently the policy officer for their Tech, Defence & Cyber Network, alongside studying her Masters in Computer Science & Artificial Intelligence.


The various areas of expertise in cyber security are differentiated into coloured teams to form the cyber security colour scheme. Made up of primary colours, secondary colours and white, there are seven colours in total, each representing a differing function and career path in cyber.

This piece will explore the three primary-coloured teams, namely red, blue and yellow, outlining their roles in cyber defence and the creation of secure systems.


The red team is the realm of ethical hacking. Red teams use security testing or penetration testing to simulate genuine hacking attempts. It is the process of testing a network, system, or product against specific security requirements to root out vulnerabilities and strengthen the system against attacks from unethical hackers.

Security testers that manage to gain access to a system through normally unauthorised means will then report their methods to the organisation, which will then attempt to close off those routes and strengthen the overall system.

Earlier this year, the Council launched its security testing programme, creating the first opportunity for cyber professionals to become chartered practitioners in this area.

So, while ethical hacking may not always look like a heist movie, it can be an entry into the cyber security sector with excellent career progression opportunities, whether within the security testing specialism or branching out into others.


Cyber’s blue team is the home of Network Monitoring and Intrusion Detection, the tracking and observation of system activity to identify both unauthorised actions from within and potential intrusion by an external attacker. The role involves monitoring security alert queues, investigating and triaging events based on criticality and taking actions to mitigate these threats.

When not faced with an attack or unauthorised activity, the day to day in the blue team includes managing and troubleshooting network defence tools, auditing systems, identifying problematic areas and implementing strategic solutions. Basically, ensuring your system’s defence is ready to spring into action at any given time.

Always poised to defend, blues need to be able to keep a cool head for logical decision making when the threats are real, the system is under attack and it’s your job to take down the opposition.


Known as the yellow team in cyber professional circles, these are the people with a security first mindset who focus on building a system that is as secure as possible from the outset. It’s vital that the yellow team members work to create the strongest possible systems, as this can determine whether an organisation’s data remains secure when under attack.

As a result, secure system architects are some of the most technical roles in cyber security, suiting candidates that enjoy complex problem solving. However, being a part of the yellow team isn’t all about building systems with security in mind, it’s also about catching those with malign intentions.

This is often done through a ‘honeypot’, or a trap laid to catch hackers. These are sacrificial computer systems intended to attract attackers, which can provide useful information about their methods when designing stronger systems.

Working closely with the red and blue teams, as well as educating the wider organisation on cyber security best practices, the yellow team is well suited to team players and good communicators passionate about establishing secure system foundations rather than relying on retroactive fixes.


It is the role of the UK Cyber Security Council to be the voice of the cyber industry, to celebrate the work of our incredible cyber professionals and encourage more people into this vital field.

Cyber skills are in higher demand than ever and the cyber skills gap means professionals are increasingly sought across businesses globally. Whichever route within cyber security you choose, the Council is on hand to ensure all paths into cyber are as simple and accessible as possible.

Whether you’re just beginning your career, reskilling or upskilling, the UK Cyber Security Council has a wealth of information and support available to help navigate a career in cyber.

Head to the UK Cyber Security Council’s website and discover more about the specialisms available  and how you can become part of a team helping to make the UK the safest place to live and work online.



From the importance of seeking guidance and community support to debunking the myth of needing technical expertise, some of the Most Inspiring Women in Cyber...
Addressing the cybersecurity skills shortage is crucial as the threat landscape evolves. Rhodo Odysseos from Nokia offers insights into navigating the skills drought, emphasising the...
Cheryl Chiodi from Akamai will delve into the critical intersection of cybersecurity and the financial services industry, highlighting the growing need for greater gender diversity...
Natasha Stitch, Senior Director - EMEA Enterprise and Partner Services at Tanium, emphasises the critical role cybersecurity plays in modern businesses, highlighting the challenges and...

This website stores cookies on your computer. These cookies are used to improve your website and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.