top of page
Search

Sailing the Spectrum: A Cyber Color Wheel Made for the Rest of Us

Picture this. You’re brand new to cybersecurity. You’re at your first meetup, maybe at a CyberjutsuCon or a BSides or just a happy hour where everyone in the room seems to already know each other. Someone you’ve been chatting with for ten minutes finally asks, “So… are you red or blue?”


And you, looking like a deer in headlights (a phrase I have used to describe myself more times than I would like to admit), think, am I supposed to pick a side here?

Welcome to one of the most confusing entry points into this field. We have colors. Like, a lot of them. Red, Blue, Yellow, Purple, Green, Orange, White. It sounds like I’m describing a Crayola box, but I promise this is real industry vocabulary. The whole thing is called the Cybersecurity Color Wheel, and once you understand it, suddenly every job posting, every conference track, and every awkward “what do you actually do?” question starts to click.


Let me break it down. And then let me tell you why I built my own version.


Where this even came from

The color wheel didn’t fall out of the sky. It was introduced by April C. Wright at Black Hat USA in 2017, in a talk called Orange Is the New Purple. Cute name. Big idea. Before that talk, the industry mostly only talked about two teams: Red and Blue, borrowed from military war-gaming culture going back to the 60s and 70s. Attackers and defenders. That was the whole script.

Then Louis Cremen picked up the baton in 2020 with a Hacker Noon article that gave the model the visual layout most of us see floating around LinkedIn today. And that’s the wheel as we know it.

So when someone tells you “red team” and “blue team” like that’s the entire industry, they’re showing you a fragment of a much, much bigger picture.


Here’s the whole picture:

The primary colors: Red, Blue, Yellow

These three are the foundation. You cannot have a real security program without them.

🔴 Red Team — The Breakers. These are your offensive folks. Penetration testers. Social engineers. The people who get paid to think like adversaries and try to break in before someone with bad intentions does. I’ll be honest, the Latina in me that loves to find things? This was always where my heart leaned. There’s a saying in our industry that goes, “Yellow builds it. Red breaks it. Blue defends it. Yellow fixes it.” That cycle, right there, is the whole game in one sentence.

🔵 Blue Team — The Defenders. SOC analysts. Incident responders. Threat hunters. The people who live in the logs, configure the firewalls, and stay up at 2 AM watching alerts when the rest of us are sleeping. If you have ever been hit by ransomware and the lights eventually came back on, thank a Blue Teamer. This is also where I have spent the bulk of my career, and I have so much love for this team that it is genuinely not even funny.

🟡 Yellow Team — The Builders. The developers, the system admins, the architects who build the things in the first place. Yellow is the team most people forget exists, and that is wild to me, because if Yellow does not bake security in from the beginning, Red and Blue are going to be cleaning up that mess forever. DevSecOps, secure architecture, secure SDLC, all of that lives here.


The secondary colors: Purple, Green, Orange

This is where the wheel gets fun. Mix the primaries, get something new.

🟣 Purple Team — Red + Blue. Purple is the team that says, “Hey, instead of Red running off and finding 47 vulnerabilities and dropping a PDF in Blue’s lap, what if we actually worked together?“ Purple Team engagements are collaborative. They turn one-shot pen tests into a continuous loop where Blue gets better at detecting what Red knows how to do, and Red learns what Blue is actually able to see. This, in my opinion, is what the future of security looks like.

🟢 Green Team — Yellow + Blue. Green sits in the gap between the builders and the defenders. They make sure code gets deployed securely, that logging is in place from day one, that defenders are not getting handed a black box and told “good luck out there.” If your org has a real DevSecOps function with actual authority, that is Green Team energy.

🟠 Orange Team — Yellow + Red. And this one, this one is near and dear to me. Orange is education. Awareness. Training. The Orange Team teaches developers how attackers think, and teaches employees not to click the link. Phishing simulations, security awareness programs, the whole human-firewall mission, that is all Orange. As someone who has spent way too much time obsessing over the psychology of social engineering, I have such a soft spot for this team. Humans are not the weakest link, no matter how many times that sentence gets recycled on LinkedIn. Humans are the most teachable link. Orange is the team that takes that seriously.


And then there is White

⚪ White Team — Governance. Compliance. Policy. The CISO, the GRC analysts, the auditors, the policy writers. White Team sits above the others, making sure everybody is playing fair and within scope, that the rules of engagement are clear, and that the organization is not going to end up on the front page of the Wall Street Journal. White does not break things. White does not build things. White makes sure that the whole spectrum is actually running as a system instead of seven disconnected silos screaming at each other across Slack.


Why I worked on an interactive version

Here is the thing about the standard color wheel.


It tells you the roles. It does not tell you where the jobs actually are.


When I started looking at this framework as a tool for women trying to break into cybersecurity, I realized the color wheel was missing a layer. Where are the companies hiring for each color? What does a Red Team role in New York City actually pay? Which Blue Team certifications matter in the financial sector versus healthcare? You can read 17 Medium articles about the color wheel and still walk away with absolutely zero practical answers to any of that.


So I built the Cyber Color Wheel as an interactive, embeddable web asset with the help from Claude. Two versions: an NYC edition for folks in my home market, and a US national edition for everyone else. You click a color, and instead of getting another paragraph about what a Red Team “does,” you get hiring signals, learning paths, and real entry points into that lane. The wheel stops being a poster on a wall and starts being a map.


Because that is what we actually needed. We did not need another diagram. We needed a way in.


A few takeaways before I let you go

In case any of this didn’t land the first time around:

  • The Cybersecurity Color Wheel is bigger than Red versus Blue. There are seven teams, and every single one of them has a job opening with your name on it.

  • You don’t have to pick a color forever. I have worn at least four of them in my career so far. Some of you reading this will wear all seven before you’re done.

  • The wheel was built collaboratively. Shout-out to April C. Wright and Louis Cremen for laying the foundation. Frameworks are not sacred. You are allowed to add to them.

  • And finally: wherever you are on the wheel right now, the team next to you is not your competition. They are your other half. Cybersecurity is a relay race, not a solo sprint.


The siren’s call, as always, is for you to find your color and own it.

Then come find me. I have a wheel I want to show you.


Siren of the Cyber Sea | Founder, HER SOC

 
 
 

Recent Posts

See All
The Spaces We Will Fill

I had a conversation with a friend and mentee of mine regarding being in male dominated fields and reflecting on it. Yes, I am sure a lot of people are tired of hearing male dominated field this, male

 
 
 

Comments

bottom of page