Avoiding a culture war - a cyber security battle we can’t afford to lose
There exists in cyber security a traditional rivalry between ‘Red’ and ‘Blue’ teams; it is no longer appropriate or sustainable, in a context where rapid tech advancements and the rise of AI-driven threats pose more important challenges.
Many security teams remain siloed, divided by offensive and defensive; red and blue. This divide can lead to unintended ‘culture wars,’ where collaboration takes a back seat to competition.
QA’s Portfolio Director for Cyber Security, Richard Beck, warns that this is a dangerous mistake. “The bad guys are coordinating, the dual nature of cybercrime is blurred by organised crime and nation-state sharing tactics, resources, and constantly innovating. So why aren’t we doing the same?”
“I believe, for cyber security teams to be truly successful today, we must rethink the way our teams operate. We need a culture of collaboration that transcends these colour-coded roles, it’s crucial to staying ahead of the increasingly sophisticated threats. As a former CISO, I’ve led both offensive and defensive teams, and made plenty of mistakes in my time, here are my observations and recommendations for this new age.”
Red vs. Blue should not be a competition, it’s a partnership
The core issue with "Red vs Blue" culture is that it turns two critical functions into competing forces. While red teams are more likely to be focused on exposing vulnerabilities, blue teams are busy defending them. But, this rivalry can create friction, where collaboration is seen as secondary to individual success.
“In my experience,” Richard attests “both teams have the same goal: protecting the organisation. This requires them to work together, not in opposition. Red teams are essential in identifying weaknesses, but without blue teams understanding and integrating those insights into their defences, it can be costly. Blue teams can also benefit from red team expertise, an adversarial mindset to harden defences proactively.”
So, what can you do about it?
Richards’s recommendation: Build a culture of shared responsibility.
Organisations can achieve this by creating opportunities for red and blue teams to engage in joint post-incident reviews, and regular knowledge sharing sessions.
Rather than framing these around failure or blame, focus on continuous improvement and mutual learning. According to Richard, you must “stop gate-keeping offensive training and skills just for the red team, open these skills and insights to blue team members also.”
The speed of technology change means collaboration is no longer an option
You don’t need us to explain the speed of technology change, the pace at which AI has evolved in this past year alone. Remember though, the tools, techniques and tactics of cybercriminals evolve in step with it.
AI and machine learning are enabling both attackers and defenders to automate tasks, scale operations, and find new vulnerabilities. However, as fast as technology changes, Richard assures us, “one thing remains constant, cyber security is a team effort.”
Cybercriminals have a reputation for being highly organised and collaborative, as reported by the National Crime Agency. Threat actors often operate in proxy group eco-systems, sharing tools, techniques, and even resources.
“On our side,” adds Richard, “if red and blue teams continue to operate in silos, we’re already a step behind. We need to match the coordination in response, if not exceed it.
“My recommendation is to move towards a ‘Purple Team’ approach. Whilst far from being a new concept, this idea is still mostly ignored, where offensive and defensive roles collaborate continuously.”
This doesn’t mean eliminating red and blue team dynamics, but creating a more fluid and integrated workflow, where both teams can engage in proactive strategies, share insights, and develop solutions together.
Break down silos with cross-functional teams
Silos plague cybersecurity beyond just the ‘red vs blue’ thinking we have covered.
Key functions like software engineering, and operations, are often disconnected from security initiatives. This not only limits visibility but also slows down response times and undermines overall resilience.
Cross-functional teams that blend red, blue, and other security roles are essential for breaking down these barriers. These teams allow for real-time communication, quicker decision-making, and a more holistic view of security issues. When everyone is aligned on the same objectives, teams don’t just react to threats, but can start to anticipate them.
The insight from the expert? “Implement cross-functional incident response teams that bring together individuals from offensive, defensive, and operational roles. This ensures that when a cyber event occurs, all perspectives are heard, and represented, so solutions are comprehensive rather than an isolated perspective.”
Collaboration and communication as core security skills
In cyber security, technical expertise often takes priority, Richard explains, “We focus on hiring the best talent by skill, but in today’s environment, technical skills alone aren’t enough. Collaboration and the ability to communicate are now essential skills that need to be developed and valued, in the same way as critical thinking and problem-solving.”
Effective communication and collaboration is not just about talking; it’s about integrating different perspectives to create stronger defences. This becomes even more important as teams are increasingly distributed across geographies and time zones, making digital collaboration tools and practices a necessity.
“Invest in collaborative training exercises that put both red and blue team members in each other’s shoes,” Is Richard’s advice. “Scenario-based learning where team members switch roles between attack and defence builds empathy and understanding, so both sides are aligned in their objectives. These exercises can also help with better communication channels, enabling genuine cooperation during actual incidents.”
Your takeaway
Building and sustaining a robust cyber security team is crucial for any organisation, and the ongoing team effort required for success should not be underestimated.
Achieving this requires thoughtful design, strategic talent acquisition beyond tech skills-based recruitment alone, and continuous professional development.
“No one wants to hire a ‘square peg’ for the cyber ‘round hole’,” Richard adds; “allow your team members to fit and move between red and blue teams without salary sacrifice, as they develop, learn and grow. Each of these components plays a vital role in ensuring the team can effectively anticipate, respond to, and mitigate evolving cyber threats together.”
As technology continues to evolve and threats become more complex, organisations can no longer afford to let red vs blue perceptions hold them back. Instead, we need a unified approach that fosters collaboration, breaks down silos, and leverages diverse skill sets, and encourages continuous learning.
QA can help you to break down skill silos, connect, and collaborate. Find out more about our Cyber Security skilling solutions below.