Blue Team Village at DEF CON 26: Red Team, Put Up Your Dukes?


By Sean Martin & Selena Templeton

This podcast episode is part of our Las Vegas cybersecurity event coverage called “Chats on the Road to Las Vegas”, which, of course, is centered around the extremely popular cybersecurity research and hacker events, Black Hat and DEF CON.


With a focus on the villages at DEF CON this year, Sean Martin and his co-host Selena Templeton spoke with Russell Mosley and Nolan Berry of the Blue Team Village to better understand the history of the village, what the village is all about, and what people can expect at this year’s DEF CON.

This is one of the first Blue Team Villages at a traditionally red team conference, and Russell and Nolan discuss why this is happening now, what’s changed. People have been looking for more blue team talks, and with more cyber awareness in general lately plus the growing impact on businesses, blue teams are just naturally coming more to the forefront. People are also eager to network with fellow blue teamers.

As they say on the Blue Team Village site: “For many, DEF CON epitomizes hacking which traditionally involves an offensive mentality. However, in recent years, attacks have become trivially easy to exploit in any environment meaning that effective defense has been difficult. Defenders have to deal with legacy, politics, and resource constraints and typically have less public information on how to best protect their environment when compared to the red side. This leaves defenders at DEF CON feeling a bit left out with most, if not all, of the content favoring red.”

There are a lot of things that Blue Teamers do that are not exactly sexy, but they need to get done.
— Nolan Berry

The Blue Team Village will have 5 separate tables, one for each NIST (National Institute of Standards and Technology) cybersecurity principle or framework for Blue Teams: recover, identify, protect, detect and respond. There will be a separate vendor at each table that attendees can talk to.

When it comes to defense and technology, there’s a lot of talk of AI/ML, which means some degree of automation. Considering that the first session on Friday is called “Automating DFIR: The Counter Future”, Nolan and Russell talk about the role of automation in the defender’s world and whether or not it can help. Patch management (or the lack thereof) is another big topic (think Equifax) and they discuss how they approach patch management as part of defense.

At the Blue Team Village, there will be valuable information on defensive security from the very basic 101-level concepts through the latest, most advanced techniques. They’ll also have contests, so you can prove your skills in securing systems, hands-on exhibits, workshops and sessions.

See the full schedule of Blue Team Village talks here.

You’ll find the Blue Team Village at the Savoy - Flamingo:

Friday: 10:00-18:00, Saturday: 10:00-14:00, Sunday: 10:00-14:00


About Nolan Berry


Nolan Berry, also known by the handle devnull, has been working in IT for almost 13 years. He currently is working on helping to design the first ever blue team village at DEF CON 26. He has been working and focusing on security for years. While he started out with a red team centric mentality he became interested in the world of blue teaming and is working to try and improve the community surrounding it.


Find Nolan on Twitter: @d3vnull42



About Russell Mosley


Russell is an IT Infrastructure & Security Director for a Washington, DC software and technology services company and an organizer with Security BSides Charm (Baltimore). Russell has eighteen years' experience in IT operations and enterprise defense and is responsible for SOC and FISMA compliance for his employer. He holds degrees from UMBC, UMUC, and Towson University as well as CISSP and several vendor certifications.


Find Russell on Twitter: @sm0kem