Rotation programmes¶

Structured assignments where team members work in opposite role for weeks or months. Deep immersion builds empathy, reveals process gaps, and transfers knowledge.

Programme structure¶

Duration options¶

Short rotation (2-4 weeks): Shadowing and observation. Learn daily work, ask questions, identify quick wins.

Standard rotation (6-8 weeks): Partial ownership. Take on real responsibilities with mentor oversight. Contribute to projects.

Extended rotation (3-6 months): Full role swap. Complete accountability for deliverables. Deep operational experience.

Selection criteria¶

Willing participants: Voluntary or at least enthusiastic. Forced rotations breed resentment.

Baseline competency: Technical foundation in own role. Can’t cross-train before mastering primary role.

Career development alignment: Rotation supports person’s growth goals and career trajectory.

Timing: Business operations permit temporary reassignment. Avoid critical project phases or short-staffed periods.

Management support: Both sending and receiving managers committed to rotation success.

Objectives and expectations¶

Red team → Blue team rotation¶

Objectives: Understand detection capabilities, learn response procedures, recognise operational constraints, identify blind spots.

Activities: Monitor alerts, investigate suspicious activity, participate in incident response, use SIEM and EDR tools, contribute to detection rule tuning.

Expected outcomes: Better red team operations that test realistic gaps, detection-focused debriefs, improved collaboration with blue team.

Blue team → Red team rotation¶

Objectives: Learn offensive techniques, understand attacker mindset, recognise red team operational challenges, build attack simulation skills.

Activities: Conduct reconnaissance, simulate attacks, document operations, provide findings, learn offensive tools.

Expected outcomes: Better detection rules based on offensive understanding, realistic threat modelling, improved response to sophisticated attacks.

Success measures¶

Knowledge transfer: Participant can explain opposite team’s work, challenges, and priorities to colleagues.

Process improvements: Participant identifies 3-5 actionable improvements based on rotation experience.

Relationship building: Ongoing communication between teams increases after rotation.

Skill development: Participant gains capabilities that enhance primary role performance.

Cultural shift: Decreased “us vs. them” thinking, increased collaboration.

Common challenges¶

Coverage gaps: Primary role left short-staffed during rotation. Mitigation: Plan rotations during lower-intensity periods, stagger rotations, ensure backup coverage.

Imposter syndrome: Feeling incompetent in unfamiliar role. Mitigation: Set realistic expectations, pair with mentor, focus on learning not productivity.

Resistance to return: Enjoying new role more than primary role. Mitigation: Frame rotation as development opportunity, not permanent change. Some role changes may be appropriate if mutually beneficial.

Lost productivity: Training period reduces output. Mitigation: Accept productivity dip as investment. Long-term benefits outweigh short-term costs.