Episodes

Click here to send us your ideas and feedback on Blueprint! This episode is a big one! We kick off 2026 with a critical lessons learned on how to detect and prevent the threat of fake IT workers infiltrating your organization through the story of a REAL compromise. In this episode, repeat guest Zak…

Click here to send us your ideas and feedback on Blueprint! In this episode, we sit down with Zak Stufflebeam, Director of Cybersecurity at a publicly traded insurance company. Zak shares his unique journey from the military to leading security operations, emphasizing essential leadership principle…

Click here to send us your ideas and feedback on Blueprint! This podcast episode is from the SANS Cyber Leaders Podcast. The episode features Blueprint host John Hubbard, where he talks with hosts James Lyne and Ciaran Martin on the ever-changing threat landscape and how SOC teams can stay ahead. J…

Click here to send us your ideas and feedback on Blueprint! In this episode of Blueprint, host John Hubbard sits down with James Spiteri from Elastic to explore the transformative power of AI on the SOC. They delve into how advanced AI technologies, such as agentic AI models, MCP protocol, and auto…

Click here to send us your ideas and feedback on Blueprint! In this episode, we sit down with Rich Greene, a former United States Army Special Forces Green Beret and current SANS instructor for SEC275 and SEC301. Rich shares his incredible journey spanning 20 years in the Army, including his transi…

Click here to send us your ideas and feedback on Blueprint! In this episode, we sit down with Ryan Thompson, a seasoned expert in building dashboards that actually detect real threats—not just look pretty. With experience at Elastic, Alert Logic, and top EDR vendors, Ryan shares deep insights into …

Click here to send us your ideas and feedback on Blueprint! Surprise!! It's a mini solo episode to kick off the new year and it's on one of the most important topics there is - how to achieve your goals in 2025 and beyond! In this episode I talk about a topic I've never covered anywhere before - my…

Click here to send us your ideas and feedback on Blueprint! Mark Morowczynski returns for his 4th(!) time with his Microsoft coworker and identity and authentication expert Tarek Dawoud in this incredibly insightful conversation on the what, why, and how of phishing resistant credentials that YOU c…

Click here to send us your ideas and feedback on Blueprint! In this episode, we take you behind the scenes of a complex gift card fraud investigation. Join host John Hubbard and guest Mark Jeanmougin as they explore the intricate details of uncovering and combating a clever case of cyber fraud. In …

Click here to send us your ideas and feedback on Blueprint! In this mega-discussion with Seth Misenar on GenAI and LLM usage for security operations we cover some very interesting questions such as: - The importance of natural language processing in Sec Ops - How AI is helping us detect phishing em…

Click here to send us your ideas and feedback on Blueprint! Have you ever wondered what it takes to write and publish an information security book? In this special bonus episode following season 4, John discusses with Kathryn, Ingrid, and Carson the challenges and rewards of self-publishing, and th…

Click here to send us your ideas and feedback on Blueprint! "This final chapter of the book is no simple closer! "Turn Up the Volume by Expanding SOC Functionality" covers testing that your SOC is functioning as intended through activities such as Threat Hunting, Red and Purple Teaming, Adversary E…

Click here to send us your ideas and feedback on Blueprint! "Metrics, is there any more confusing and contentious topic in cybersecurity? In this episode the authors cover their advice and approach to measuring your team so that issues can be quickly identified and performance can continuously impr…

Click here to send us your ideas and feedback on Blueprint! "Research has shown that communication is one of the most important factors for success in security incident response teams. In this chapter, the authors discuss the critical types of information that must be shared within the SOC, with th…

Click here to send us your ideas and feedback on Blueprint! Tool choice can be a make-or-break decision for security analysts, driving whether getting work done is a struggle, or an efficient, stress-free experience. How can we select the right tools for the job? Which tools are most important? Ans…

Click here to send us your ideas and feedback on Blueprint! In this special live recording from the SANS Blue Team Summit 2023, Kathryn Knerler, Ingrid Parker, and Carson Zimmerman joined John Hubbard they share their insights and expertise with attendees by answering their pressing questions. From…

Click here to send us your ideas and feedback on Blueprint! There's no denying that the average security team is completely overwhelmed with options for data to collect. With a deluge of endpoint, network, and cloud data sources to collect, how to do we identify and collect the most useful data sou…

Click here to send us your ideas and feedback on Blueprint! Every security team has limited budget and time, how do you know where to focus? Cyber Threat Intelligence provides those answers! In this episode, Ingrid, Carson and Kathryn describe how we can use CTI to focus our defensive efforts to un…

Click here to send us your ideas and feedback on Blueprint! No security team is perfect, so in this episode, authors Carson, Ingrid, and Kathryn discuss what it takes to prepare for fast, effective incident response capability. Covering preparation, planning and execution, Strategy 5 will teach you…

Click here to send us your ideas and feedback on Blueprint! In this episode we dive deep on the "People" factor of the SOC. Who should you hire, what skills should you hire for, what backgrounds are most likely to lead to success for your team? We also get into what happens after the hire - trainin…

Click here to send us your ideas and feedback on Blueprint! In this episode we discuss how to decide on the right org structure and capabilities of your SOC. This includes questions like tiered vs. tierless models, which capabilities the SOC should focus on, centralized vs. distributed SOCs, outsou…

Click here to send us your ideas and feedback on Blueprint! Though a SOC is responsible for protecting your organization's assets, it is not the owner of those systems. If the SOC is not established with a clear charter and authority to act, it may quickly become difficult to be effective. Who shou…

Click here to send us your ideas and feedback on Blueprint! As the saying goes, "If you don't know where you're going, any road will take you there!" - an approach that is disastrous to a SOC. In order to succeed, the SOC must have a clear understanding of where they are going, how they're going to…

Click here to send us your ideas and feedback on Blueprint! Welcome to a brand new season of Blueprint! In this intro episode we discuss "Fundamentals" chapter of the "11 Strategies of a World Class Cybersecurity Operations Center" with the authors. We get into the motivation behind updating the bo…