(720) 248-8252 [email protected]

Red Team vs. Blue Team and Tabletop Exercises

Work with an Experienced Attorney that Knows IT
Schedule ConsultationCall (720) 248-8252
Attorney Chris Maes

"I'm an Attorney and a Certified IT Engineer."

– Chris Maes

The key to overcoming cybersecurity incidents and breaches is preparation.  Two of the most popular methods of preparing for when (not if) cybersecurity attacks occur are red team vs. blue team and tabletop exercises.  If your business is in the Greater Denver Area, the Cyber Law Office of Maes, Ltd. can provide legal guidance regarding how to best to take advantage of these important security measures.


Most businesses have prepared for cybersecurity events, incidents, and breaches by developing Cybersecurity Incident Response Plans (CSIRPs) and playbooks.  These documents are intended to give businesses clear direction regarding what incident responders need to do to detect, contain, and remediate cybersecurity threats.  However, if these documents are rarely reviewed, or are neglected with stale and irrelevant information, they will be ineffective.  Thus, adequate preparation for security threats requires regularly updated CSIRPs and playbooks, along with ongoing review, which is achieved through exercises that simulate attacks.  The two methods commonly used by businesses that simulate attacks are known as tabletop and red team vs. blue team exercises.

Tabletop exercises are the simplest and most convenient tabletop exercises to employ.  As the name implies, the exercise entails the role playing of attack scenarios with key incident responders seated around a table.  These exercises give incident responders the opportunity to review the CSIRP and playbooks, if applicable, for the attack being simulated.  By reviewing these documents with key personnel, it ensures that everyone is familiar with their roles and responsibilities in the event of an actual security incident or breach.  Due to their simplicity and convenience, tabletop exercises should be conducted regularly.

In contrast, red team vs. blue team exercises are more demanding, but are very useful.  At a high level, the premise of these exercises is to pit one set of employees (red team) against another set of employees (blue team).  Traditionally, the blue team is tasked with defending the business’ information systems, whereas the red team’s goal is to penetrate and compromise them.  These exercises give employees a great opportunity to experience a real-world attack scenario.  Moreover, the attack simulation can reveal information system vulnerabilities that need to be remediated.  Since red team vs. blue team exercises can be business impacting, they are normally scheduled once or twice a year.

In summary, conducting red team vs. blue team and tabletop exercises can be very beneficial for a business’ cybersecurity preparedness.  Both exercises ensure that when cybersecurity threats occur, from external or internal actors, the incident response team will be ready.

Retain Maes, Ltd. for Legal Guidance Concerning How to Best Conduct Red Team vs. Blue Team and Tabletop Exercises

Because aspects of CSIRPs and playbooks involve legal determinations, it is important to have a competent cyber law attorney participate in red team vs. blue team and tabletop exercises.  The reasons for this assertion are twofold.  First, legal counsel can help businesses understand when notification requirements mandated by data privacy laws are triggered.  Second, legal counsel can help businesses identify which cybersecurity vulnerabilities could result in liability in the form of litigation damages and / or regulatory fines.  Without cyber law counsel present, these legal matters could be overlooked and cause problems down the road when legitimate cybersecurity instances occur.

Conveniently, the Cyber Law Office of Maes, Ltd. can provide comprehensive legal services for businesses seeking competent cyber law representation for their red team vs. blue team and tabletop exercises.  In addition to being a data privacy and cybersecurity attorney, Chris Maes is also a certified IT engineer.  Chris’ certifications include the following:

  • Certified Information Systems Security Professional (CISSP)
  • Amazon Web Services (AWS) Certified Solutions Architect (Professional)
  • AWS Certified Security – Specialty
  • Cisco Certified Networking Associate (CCNA)

These certifications demonstrate expertise with networking, cloud computing, and cybersecurity technologies.  Furthermore, Chris has been a telecommunications and IT consultant to businesses of all sizes for over a decade.  He has experience with every other major technology utilized by businesses including data centers, phone systems (on prem and cloud based), and managed service providers.  Accordingly, Chris’ skillsets are extremely useful to businesses that value legal guidance from an attorney that knows IT – especially for red team vs. blue team and tabletop exercises.

If your business is seeking legal guidance for tabletop and red team vs. blue team exercises, contact the Cyber Law Office of Maes, Ltd.  Schedule a consultation today by calling (720) 248-8252 or by using the form below.

Schedule Your Cyber Law Consultation Today

Be advised that submitting this contact form to Maes, Ltd. does not create an attorney-client relationship. Also, please do not share confidential, private, or time-sensitive information via this contact form either. Without a written engagement letter, there is no legal duty for Maes, Ltd. to act upon the information shared, or keep it confidential. For a more detailed explanation, please review Maes, Ltd.’s Privacy Policy and Legal Disclaimer web pages, which can be accessed using the hyperlinks at the bottom of this page.

1 + 7 =