Copyright © Blue Team Handbook. All rights reserved.

164 pages. 6x9.

No Fluff. Just Facts. Period.

A special acknowledgement:  Rowland Harrison, for my ISSO combat training in the Wild, Wild, West of ODU’s academic environment.

About the Review Team:This book is hardly the work of one person. I would like to take the opportunity to thank a few people involved.

  • Ed Skoudis from CounterHack for blazing the IR trail and getting me started, ideas, concepts, source material, SANS 504/560.
  • Dean Bushmiller for guidance on business issues, VMLT, and adding the book to ExpandingSecurity.Com’s NICCS/CISSP programs.
  • Larry Pesce for technical review, validation, thoughts.
  • Peter Szczepankiewicz for Red and Blue team operations while he served as a US Naval Officer. Thank you for your service, both to me and to the US Navy.
  • Nancy Carothers as my grammar, spelling, and style editor, I definitely got my money’s worth!  Nancy also wrote the copy for the back cover.
  • John Steele
Purchase Options: 
> Amazon: $15.99 - Updated to Ver 2.2 on 10/5/2016.
> VMLT: $1 for app, $7 for book right now, will go up Oct 1, 2014.
> CreateSpace: For large volume purchase, try the book's eStore. Site password is "blueteam". 15% off discount code -

About the Book:
The Blue Team Handbook is a zero fluff reference guide for cyber security incident responders – those who staff the Blue Team. The BTHb includes essential information for any incident responder, such as key information for the incident response process, how attackers work and common tools, a methodology for network analysis, Windows and Linux analysis processes, tcpdump usage examples, and numerous other topics. The book is peppered with practical real life techniques from the authors 12 year career working in academia and a corporate setting.  Whether you are writing up your cases notes, analyzing potentially suspicious traffic, or called in to look over a misbehaving server – this book should help you handle the case and teach you some new techniques along the way.

About the Digital Edition:  There is none. If you want to have some incident response experience, click through and sign up for any one of the hundreds of sites professing to have a copy. YMMV!

About the Author: Don M, GSE, MSISE, MBA, CISSP + 15 is a seasoned IT Security professional. Some career highlights:

  • Holder of a SANS Forensicatorcoin and SEC 617 coin.

  • Earned ISSAP (2013). Don is the ISSAP Track Owner for ExpandingSecurity.COM.
  • TOGAF Certification (2012)
  • SABSA Foundation and Certification (2011)
  • Fortune 500 Health Care - Security Engineer, Security Architect, and Enterprise Architect (2006 to present)
  • Old Dominion University - Information Systems Security Officer (2004-2006)
  • Established the Disaster Recovery Practice at Compass (2001)
  • Earned CISSP Certification (2001)

In the social media...
How to connect.

Facebook page - Blue Team Handbook.