| 🏠 Back to Exam Syllabus | 📺 RooCloud on YouTube | 🌐 RooCloud Practice Exams |
CISSP 15.4 - Training & Exercises
This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series explores how live exercises sharpen a security team, a topic from Domain 6. It looks at why organizations stage a mock battle, who plays which role, what happens when the teams compare notes afterward, and where these exercises can safely take place without putting real operations at risk.
What this episode covers
- Why stage a mock battle — friendly competition surfaces real weaknesses like a penetration test and builds hands-on skill.
- Red team — the attackers whose job is to break into the systems.
- Blue team — the defenders who harden and watch the environment, often with a head start to prepare.
- White team — the neutral referees who judge, settle disputes, capture lessons, and protect production.
- Purple teaming — the debrief where red and blue sit down together and share tactics and observations.
- Capture the flag — a scored, game-like format giving the red team concrete objectives to achieve.
- Safe settings — running drills in a dedicated environment or as a tabletop scenario with no live systems.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
Why stage a security exercise at all?
A friendly competition teaches what lectures cannot. Pitting attackers against defenders surfaces real weaknesses in your systems, much like a penetration test does, and gives staff hands-on practice at both breaking in and holding the line. That dual experience sharpens skills and raises awareness across the whole technical team, building muscle memory that no slide deck ever will.
Who plays which role in a security exercise?
Exercises usually split into three colored teams. The red team are the attackers working to break into the systems. The blue team are the defenders hardening and watching the environment, often given a head start to prepare. The white team are the neutral referees who judge the contest, settle disputes, capture lessons learned, and make sure the exercise never harms real production.
What is purple teaming?
Purple teaming is what happens when the two sides compare notes. Once the exercise ends, the red and blue teams sit down together and walk each other through what they did. The attackers reveal their tactics and the defenders explain what they saw, so everyone learns from the exchange. Combining red and blue gives purple, which is where the name comes from.
What is a capture the flag exercise?
Capture the flag is a playful format where the red team gets concrete objectives, like disrupting a website or stealing a specific file from a protected system. The exercise is scored on how many objectives the attackers achieve versus how many the defenders block. That scoreboard makes the drill competitive and genuinely engaging, turning hard security practice into a game people want to win.
Where do security exercises safely take place?
Rarely on live production. Many organizations build a dedicated environment just for the exercise, a safe playground where an attack cannot damage real operations. Some drills skip real systems entirely: in a tabletop exercise, participants gather in a room and talk through their response to a made-up scenario, with no packets and no risk, just people reasoning aloud.
📚 Master the ISC2 CISSP Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in CISSP 15.4 - Training & Exercises.