This guide assumes you know:

• how to use the menus for configuration purposes
  
• how to use the interface within the game (ex. to queue actions)
  
• what are the basic rules and win conditions of this game

If not, what are you doing here? Go play CS:GO.
Seriously speaking, just look around and get accustomed, they're rather user-friendly and obvious.
Feel free to also use the in-game wiki if you have any questions (the question mark button in the main menu).
After doing so, please revert the match settings to the defaults (this is called "classic" sometimes because I said so) before continuing this guide as it best covers games on the classic settings.

Let's begin with the red team.
Pick the pipeline company map, as it is what this guide was originally made for.
Their goal is to either damage the ICS process or to compromise as many devices as possible until the time runs out (this will increase the score of the red team, allowing them to win by high score in limited turn matches).
Your first goal as the red team would be to increase your resources. I'd suggest to start with recruiting hackers, this will take away 2 resources for 3 turns, but the payoff of having those resources later is rather significant, however I do not recommend upgrading the rig, as it will only give you 1 additional resource per turn in exchange for 20 total resources taken (5 resources times 4 turns).
After that one can begin by getting initial research. Pick OSINT, as it is core to most network discovery, attacks and social engineering. Default credentials is a good choice, as many network devices will begin with those vulnerabilities, sometimes including firewalls and they will always succeed. Weak passwords are quite weak within the current meta, as they almost always get patched as soon as possible by the blue team, so you won't get to use them as much as default credentials. I would recommend also getting human SE or electronic SE to prepare for the next point.
Next up would be getting a good initial pivot point within the network. Surely, you could start from the firewall/remote users by scanning for hosts, port scanning the found hosts, enumerating said hosts, finding vulnerabilties and attacking. This will take 5 to 10 turns for little gain and therefore I wouldn't recommend it.
You have a couple of possible routes from here:

• if you have acquired human SE, try researching physical recon, possibly also make malicious USBs and access the facility; try insider recon, searching for HMIs, dropping USBs, planting trojans using the discovered devices, etc.
  
• if you have acquired electronic SE, try using the spear phishing action or running a social engineering campaign to gain access to a host
  
• if you have researched neither, despite me telling you (how could you?), don't worry, try going to the perimeter, scanning for wifi and hopefully cracking it (this won't work past the early-game though)

If you have physically accessed the facility, don't worry if you get kicked, try again. If you get arrested, research something while doing your time and try again.
Now that you have access to a decent host within the network (anything that isn't the outbound firewall or a remote user), pursue the kill chain.
Depending on how deep you are in right now:

• if you are within either of the ICS communication zones (have compromised the SCADA firewall, either the 5th or the 6th switch, either of the industrial radios, the HMI that doesn't look like a Windows computer or the PLCs), try host scanning the device and compromising the HMI or the PLCs
  
• if you are within the PCN zone (have compromised the PCN firewall, the 4th switch, the engineering workstation, the historian, the Windows HMI or the SCADA server) and don't have access to the PLC compromising hosts (because you are on the PCN firewall, the switch or the historian), try compromising the engineering workstation, the Windows HMI or the SCADA server
  
• if you are within the DMZ zone (have compromised the DMZ firewall, the 3rd switch, the wifi router, the historian mirror or the terminal server), try compromising the terminal server (it directly compromises the engineering workstation, which directly compromises the PLCs) (if you're already on the terminal server, lucky you, continue to the next task)
  
• if you are within the corporate zone (have compromised the gateway firewall, the corporate router, either the 1st or the 2nd switch, either of the user workstations, either of the 3 servers (AD, CMS or mail) the SIEM or the remote users (which should most likely be in the corporate zone right now)), try compromising the DMZ firewall and following the advice from the above point

Your final task is to damage the ICS process. You should have compromised the PLCs by now, so just stop whatever you were in the middle of doing and run the damage ICS process action over and over until you're done. In case the blue team managed to clean the PLCs, try compromising the PLCs again.
If you see the big boom, you did it! I'm so proud of you.

Let's reflect on our conclusions from the red team strategy section and try to create a working blue team strategy as a result.
Start by implementing policies and procedures and asset inventory. Do not hire another staff member just yet, as it will seriously hinder your budget until turn 13. You'll be spending a lot of it in the upcoming turns.
Next, focus on implementing the SIEM, gateway firewall and video surveillance. Installing CCTV will significantly reduce the risk of physical entry penetration methods succeeding.
Whenever the SIEM and the gateway firewall gets implemented, implement SDLC and 2FA. This will minimize the risk of most electronic attacks succeeding.
In the meanwhile, deploy USB security on the most important devices (those are the ones that directly result in a PLC compromise, that is the terminal server, the engineering workstation, the Windows HMI and the SCADA server). This will remove the odds of the USB drop action targeting these devices and an easy compromise for the red team of the most valuable assets.
When all of your actions are finished segment the network and install a VPN. It will result in the installation of many helpful firewalls and locking remote users away from the PCN zone.
You should be running low on money right now, feel free to request budget about every 10th turn, but not more often as your request is more likely to be rejected that way. Even if you don't really need the money, request it as it can be used for hiring more staff and giving you more resources to work with.
You might've already detected a compromise about now, but don't panic, make sure to finish all of your tasks and at the end of the turn, activate IR. In the next turn, replace the offending device and deactivate IR. Replacing devices is more costly, but always effective; you'll likely have to stick to it for now, as you don't have IR procedures implemented.
From there, it's your choice (there's a few options you could pursue in any order):

• implement IR procedures and create backups (this will make the success chance of cleaning devices higher and make cleaning devices more reliable)
  
• implement strong wifi and encrypt network traffic (this will significantly reduce the chance of a successful wifi crack and remove the red team's ability to sniff traffic, preventing them from getting an easier chance at exploiting weak passwords)
  
• implement security awareness and security skills training (this will reduce the probability of a weak password vulnerability being used to compromise a device as well as increase the chance of kicking/arresting the red team if they are on your property)
  
• implement ICS security monitoring and add all of the network sensors (this will enable you to see what is the target when an attack is being performed within your network)
  
• install electronic locks and physical 2FA (this will result in physical access methods being less effective)
  
• create restore points of machines as needed to defend against potential ransomware attacks without having to pay the ransom/breaking the ransomware key as needed (best to make sure they're clean first)

Whenever you're done with the above list, I'd suggest implementing endpoint security on all of the firewalls, the VPN, remote users, and the most important devices listed earlier. It enables you to see whenever the red team compromises any of these devices, unless they use a covert attack.
Next task that needs to be done is assessing vulnerabilities. Implement ICS safe testing methods and run a vulnerability assessment.
Devices for which vulnerabilties have been found will be marked with a warning sign. Use all of the vulnerability resolution actions (to the right of the testing actions) to try to resolve vulnerabilities, starting with enforcing strong passwords (this one will be on the policies and procedures tree) and changing default passwords. Before you patch systems or update firmware however, it is important to get an ICS vendor certification, as you may damage your devices and allow the red team to instantly win.
From here, the turn limit might've ran out and you have most likely won. I'm proud. The rest of the tips from this section therefore would be for people willing to have a longer game as it is almost certain you won't be able to achieve the all clear win condition on classic turn limit of 75.
Next, run a penetration test and proceed much like in the case of the vulnerability assessment.
After the first time you've finished both of these tasks, try to deploy USB security and endpoint security on every device availible. It will help limit vulnerabilities further and help with the last cleanup in preparation for the all clear later.
From here, run however many vulnerability assessments and penetration tests is needed and patch vulnerabilities until each fails at least 3 times in a row.
Your most likely last task for this game is to hunt for threats on every device availible at least 3 times. This will most likely reveal the last compromised devices buried within the network.
Clean them up and you should have yourself an all clear! If not, try assessing vulnerabilities and pentesting 3 times, threat hunting every device every 3 times and so on until the game's done. You might just have really bad luck.

Congratulations on the all clear! I'd say I'm even prouder.

Let me introduce you to the word you might've not heard before this guide: metagaming. Metagaming is essentially act of playing against another player while thinking of what that player could do against you. This is a common thing in real life cybersecurity and as art imitates life, this game does so too. The strategies presented in the above sections aren't fully definitive as a result and you should try to accomodate for the player you're playing against. I'm using the Bear Grylls motto of "Improvise, Adapt, Overcome" because it closely fits this situation if you're playing multiple games against another player.

Firstly, improvise: start with a general all-rounder strategy like the ones above. No matter whether you have won or lost, look at the other player's weak points within their strategy by using the other team view and opening their action log. Analyze it for a good while, as it might give you insight on what actions to next use. As an example I'll use, you're playing against another red team player that likes using most of his actions on creating malicious USBs and dropping them.
Next, adapt: change your strategy accordingly if you think the player's likely to use that same one again. In the example, you could deploy USB security early to stop all of his attempts at dropping USBs from succeeding.
Finally, overcome: use that advantage you've just now created to gain a foothold over the other player. Within the earlier example, the red team player might have been left in the dust if you've used 5 turns to deploy USB security on most devices, but they've only noticed after 10 or 20 turns that you have done so (as most actions never always succeed and therefore create a bit of uncertainty).

In another strategy guide, I'll include the more overpowered strategies for both teams as well as some general tips and tricks for this game.

Thanks for reading!

The guide has been written by me in its entirety.
I've prepared the thumbnail using the O RLY "O'Reilley" parody book generator[dev.to] by @thepracticaldev.
The logo from the thumbnail is the official ThreatGEN: Red vs. Blue logo created by Clint Bodungen.