Episodes

Click here to send us your ideas and feedback on Blueprint! Hello Blueprint listeners! We’re excited to announce that the release of season 4 of Blueprint is just around the corner, and we’ve got something very special cooked up for you. We’ve teamed up with the authors of MITRE’s “11 Strategies of…

Click here to send us your ideas and feedback on Blueprint! Ever wonder how a cloud and application security expert views risks of cloud workloads? Well, wonder no more because on this episode we have Brandon Evans - SANS Certified Instructor and lead author of SEC510: Public Cloud Security. We cov…

Click here to send us your ideas and feedback on Blueprint! In this episode we speak with Joe Lykowski - Cyber Defense Lead at a major manufacturing company on what it takes to build a mature, transparent, and effective SOC. Joe brings years of experience to the table in running a large organizatio…

Click here to send us your ideas and feedback on Blueprint! Many of us are either looking to start a cyber security career, improve our knowledge and skills to further our career, or hire a team that has the most skilled and promising candidates. In this special episode with Rob Lee, Chief Curricul…

Click here to send us your ideas and feedback on Blueprint! In this episode of the Blueprint Podcast, we cover monitoring and securing macOS in an enterprise environment at scale with Jaron Bradley, Threat Detection lead at Jamf. We discuss the ups and downs of Apple's approach to macOS data collec…

Click here to send us your ideas and feedback on Blueprint! One of the best frameworks that showed up within the last 5 or so years is undoubtedly the MITRE ATT&CK® framework. Many of us may know about it in passing and even reference from time to time, but very few people seem to know the true…

Click here to send us your ideas and feedback on Blueprint! Ever wonder why there’s so little information regarding macOS and Linux-oriented attacks? In this episode, we get the answer from the multi-talented Cat Self - an Adversary Emulation Engineer at MITRE, Cyber Threat Intelligence Team Leader…

Click here to send us your ideas and feedback on Blueprint! Nearly every organization is using Microsoft Azure AD services in some respect, but monitoring Azure AD for threats is a significantly different skill that traditional Windows logging. In this episode we have 2 experts from Microsoft, Cori…

Click here to send us your ideas and feedback on Blueprint! John and Fortress Vice President of Research and Development Tony Turner share their wisdom on trends they are seeing in the cyber industry and offer advice as to how we should be looking at the Cyber Supply Chain in 2022 and beyond. Follo…

Click here to send us your ideas and feedback on Blueprint! There are many technical factors that contribute to the success of a security operations team, but you need more than just tech skills for mounting a solid defense. In this episode of Blueprint we bring back previous guest Mark Orlando to …

Click here to send us your ideas and feedback on Blueprint! Host John Hubbard, Blueprint host and SANS Cyber Defense Curriculum Lead, moderated a panel of cyber security experts including Heather Mahalik, Katie Nickels and Jeff McJunkin for this powerful discussion. John and guests share their wisd…

Click here to send us your ideas and feedback on Blueprint! Many of us with the typical IT and security backgrounds might not have the slightest idea what to expect when we hear the terms “this product uses advanced machine learning…”, but that claim certainly conjures up a lot of skepticism due to…

Click here to send us your ideas and feedback on Blueprint! While malicious insiders are a threat that most of us would like to imagine we might never have to deal with, it’s still one of the cyber threats you must realistically consider and plan for. But how do you identify malicious intent and po…

Click here to send us your ideas and feedback on Blueprint! With ransomware and other highly disruptive attacks on the rise, there are few systems more important to defend than our critical infrastructure and ICS equipment. How should we think about defending these systems vs our typical IT network…

Click here to send us your ideas and feedback on Blueprint! It's a special mailbag episode from John Hubbard! After two seasons, John asked the listeners what questions they had for him. He touched on the current XDR trend, ...

Click here to send us your ideas and feedback on Blueprint! In this solo episode to wrap up season 2, John discusses some of the key takeaways from the guests interviwed throughout this year, and has some very exciting news for all blue teamers on a brand new GIAC certification. ;) Link: (GIAC GSOC…

Click here to send us your ideas and feedback on Blueprint! We all need solid, well though-out playbooks to help standardize our respons to common threat scenarios. In this episode we speak with Thomas Detzner and Mark Morowczynski about the brand new set of Microsoft incident response playbooks th…

Click here to send us your ideas and feedback on Blueprint! Compliance and audit checks can be painful, and that's before you introduce additional cloud services and technology. In this episode featuring AJ Yawn we discuss some incredibly useful and actionable cloud security concepts and tools that…

Click here to send us your ideas and feedback on Blueprint! There are numerous ways to test your SOC's detection and prevention capabilities, but not all are created equal. Each has their own strengths and weaknesses, and can be done on a different time scale.This week, we focus on arguably one of …

Click here to send us your ideas and feedback on Blueprint! PowerShell may seem intimidating, but it can be one of the most amazing and useful tools at your disposal...if you know how to use it. In this episode, we have Josh Johnson, author of the new SANS course "SEC586: Blue Team Operations - Def…

Click here to send us your ideas and feedback on Blueprint! This episode is all about vulnerability management - both the technical and human aspects. Looking to start up a new vulnerability management team? Drowning in vulnerabilities to fix and don't know where to start? Struggling to get system …

Click here to send us your ideas and feedback on Blueprint! A common question from many defenders is "Which logs are the most important?” In this episode, Mick Douglas and Flynn Weeks join us to describe their What2Log project, which aims to simplify this problem for all of us! Our Guests: Mick Dou…

Click here to send us your ideas and feedback on Blueprint! In today’s episode, John is joined by Anton Chuvakin to discuss current and future security operations technology, which tools are the most important and which are becoming less important over time, the rules of automation in the SOC and h…

Click here to send us your ideas and feedback on Blueprint! Are you a manager looking to build or improve your SOC? Are you trying to understand how to measure your SOCs maturity or use cases or your threat hunting efforts? If so, today’s episode with Rob van Os is for you. In this episode, we disc…