The story of my handle: SheHacksPurple.
Whenever I ask an audience “Who here is Blue Team? Raise your hand if you’re Blue Team.” I tend to have one to two cautious hands go up in the back. I raise my hand as well. I explain “If you are defender, you are blue team.” More hands.
“If you fix bugs. If you patch servers. If you configure the firewall. If you do anything that helps protects your systems or data, you are a defender. YOU are blue team.”
Lots of hands. Now back to my original topic: red team.
“Red team are the attackers. When I do a penetration test, I’m an attacker. When I feed nasty data into your app and talk maliciously to your API; I’m red team. Who here is red team?” Hands go up.
I raise my other hand. Both of my hands are now up.
“As an AppSec person I am both an attacker AND a defender. I am both red and blue team. This makes me purple team. ”
When I created my handle for twitter my original choice of “SheHacksComputers” was 1 character too long. I thought “But that’s what I do, I hack computers.” It was just at this point in my career that I had decided that I wanted to do AppSec full time, as opposed to being a pure red teamer/penetration tester. I was aware that being a red teamer would be more glamorous, and I figured it would likely pay more as well, but AppSec felt like the place I belonged. Especially once I became part of the OWASP community. I knew that I wanted to be able to not only find the problems, I wanted to be able to root out the cause and make sure it never happened again. It just made sense.
And with that, I changed “computers” to “purple”, and the rest is history.