When you think of cybersecurity, what’s the first image that comes to mind? For most people, it’s a hacker in a dark hoodie, sitting in a dim room, typing lines of code. This Hollywood portrayal has led many to believe cybersecurity is all about “hacking” – breaking into systems or building defences to keep attackers out.
While this is part of the story, it is not the whole picture. Cybersecurity relies on different teams, much like the primary colours in a colour wheel. This idea was introduced by April Wright during her 2017 presentation “Orange is the New Purple” at BlackHat USA. In her model, cybersecurity teams are split into:
- Red Teams (attackers): Ethical hackers who find vulnerabilities.
- Blue Teams (defenders): The protectors who monitor and respond to attacks.
- Yellow Teams (builders): Programmers who write secure code and design systems.
- Purple Teams (The Collaborators): Bridging the gap between the Red and Blue Teams, combining offensive (Red) and defensive (Blue) strategies to create a more comprehensive defence. Roles include:
- Cybersecurity engineers
- Security analysts
- Cyber operations planners
- Vulnerability assessment specialists
- Threat hunters and incident responders.
- The “Missing” Colours – Orange and Green (no defined roles). Could orange represent innovation? Could green symbolise sustainability in cybersecurity practices? While undefined now, they could inspire future roles in this fast-changing field.
At the centre of this wheel sits a lesser-known group: The White Team, or Ed Adams from his book titled “See Yourself in Cyber. Security Careers Beyond Hacking” called them, the “Bakers.”
I also loved the cybersecurity colour wheel because it resonated with my background as a research and development chemist specialising in printing ink formulations. My passion for colour deepened during the research for my PhD in looking at pigments contributing to red wine colour. Just like pigments blended create perfect hues, in cybersecurity, the Red, Blue, Yellow, and Purple teams blend their strengths to create a comprehensive defence within a security framework.
Ed Adams Cyber Color Wheel (Figure 2.1: See Yourself in Cyber. Security Careers Beyond Hacking)
What is a White Team?
Imagine a professional baker. They don’t just make the bread; they plan recipes, measure ingredients meticulously, and oversee the kitchen to ensure everything is working smoothly. Similarly, White Teams oversee the processes, rules, and strategies that keep cybersecurity running.
White Team members:
- Write policies that outline how security should be done.
- Identify and manage risks.
- Train employees to recognise threats like phishing emails.
- Audit systems to find gaps before an attack happens.
Their job isn’t flashy like the Red Team hackers, but without them, the whole kitchen (or in this case, organisation) would fall apart.
Why I Identify as a “Baker”
Before diving into cybersecurity, I spent over 15 years in quality assurance (QA), where I built systems to ensure products met the highest standards. My role was all about creating detailed policies, identifying risks, and helping teams work together to improve processes – skills that are directly transferable to cybersecurity.
For example, during my time in biotechnology, I worked under the strict guidelines of the OECD Principles for Good Laboratory Practices (GLP) and Compliance Monitoring (aligning with laboratory experience) and ISO 9001:2015 (Quality Management Systems) (bringing together my extensive industry experience). These standards ensure that laboratories and industries meet global quality benchmarks, much like how cybersecurity frameworks like the ISO/IEC 27001:2022 (Information security, cybersecurity and privacy protection — Information security management systems — Requirements) and the NIST Cybersecurity Framework to ensure data and systems are protected.
Why “Bakers” are Critical in Cybersecurity
- The Rising Cost of Cyberattacks
According to IBM, the average cost of a data breach globally was $4.88 million in 2024. One simple mistake – like a weak password or clicking a malicious link – can open the door to hackers. This is where Bakers come in: they design security policies that ensure employees know how to protect company data. As an example, policies like “Use multifactor authentication” or “Encrypt sensitive data” prevent breaches before they happen.
- The Need for Risk Management
Cyber risks, like malware or ransomware, are constantly evolving. A Baker ensures organisations assess and address these risks regularly. For example, a QA specialist might prevent production defects, while a White Team Chief Information Security Officer* (CISO) ensures all systems have the latest security patches applied – something that could have stopped the WannaCry ransomware attack in 2017, which exploited outdated software to affect over 200,000 computers globally.
* I have identified a CISO as an example, but there are many other job titles that a baker can hold. I will address this in a later blog.
- Building a Security Culture
Most successful cyberattacks exploit human error – the weakest link in any organisation’s defence. Bakers don’t just rely on technology; they train employees to identify threats and take responsibility for security. For example, phishing simulations teach staff how to spot fake emails. A campaign called “Think Before You Click” is designed to get you to do exactly that – slow down, consider what or who you’re interacting with online and think about what you’re about to do before you do it have reduced phishing incidents in organisations
- Governance and Communication
Bakers work with company leaders to align security strategies with business goals. They don’t use technical jargon; they translate risks into language CEOs, boards and other non-technical stakeholders can understand.
My Journey to Cybersecurity
So how does someone with a background in chemistry and quality assurance become a Baker? Here’s the thing: cybersecurity is not just for programmers or hackers. The cybersecurity field needs strategic thinkers who can see the big picture, analyse processes, and improve systems – skills I developed within QA.
When I worked as a quality auditor, I analysed systems, identified weaknesses, and ensured compliance with strict standards. I can bring this same mindset to cybersecurity:
- Policies: I can write guidelines that protect an organisation’s data, from physical protections (like secure server rooms) to encryption protocols.
- Risk Management: My experience assessing QA risks translates to identifying cyber risks and mitigating them before they escalate.
- Continuous Improvement: Just as QA systems evolve with changing standards, cybersecurity frameworks must adapt to emerging threats.
Cybersecurity Needs More Bakers
Cybersecurity isn’t just about technical skills; it’s about building solid processes and fostering a culture of security. Bakers – like CISOs and governance specialists – are the foundation of this effort.
If you’re considering a career in cybersecurity but feel intimidated by the technical side, know this: there’s a place for you. Whether you’re a writer, a problem-solver, or a process-driven thinker like me, your skills are needed to build stronger defences in today’s digital world.
To quote Devon Bryan, co-founder of Cyversity (quoted by Ed Adams in “See Yourself in Cyber. Security Careers Beyond Hacking”):
“If organizations hiring execs within the cyber field… would think outside the box in terms of upskilling and re-skilling existing practitioners, we might not have this huge gap that we do in unfilled jobs within cyber.”
Takeaway
Cybersecurity isn’t all about hacking. It’s about people who plan, organise, and protect organisations – people like Bakers. With my quality assurance experience, I’m proof that strategic skills and transferable knowledge are just as critical to cybersecurity as coding.
Whether you’re starting your career or considering a pivot, remember there’s a colour for everyone in cybersecurity, and Bakers are needed more than ever.