Episodes

Click here to send us your ideas and feedback on Blueprint! As the saying goes, "If you don't know where you're going, any road will take you there!" - an approach that is disastrous to a SOC. In order to succeed, the SOC must have a clear understanding of where they are going, how they're going to get there, and why. In this episode of our "11 Strategies" season we discuss chapter 1 of the book - "Know What You're Protecting and Why". Understanding your organization and the environment the S...

Click here to send us your ideas and feedback on Blueprint! Welcome to a brand new season of Blueprint! In this intro episode we discuss "Fundamentals" chapter of the "11 Strategies of a World Class Cybersecurity Operations Center" with the authors. We get into the motivation behind updating the book and why its lessons are more important than ever in 2023. This chapter includes discussion of the functions of a SOC, basics of workflow, CTI and contextual data sources, and why ops tempo and sp...

Click here to send us your ideas and feedback on Blueprint! Hello Blueprint listeners! We’re excited to announce that the release of season 4 of Blueprint is just around the corner, and we’ve got something very special cooked up for you. We’ve teamed up with the authors of MITRE’s “11 Strategies of a World-Class Cybersecurity Operations Center” and over the next few months, we’ll be releasing episodes walking through each chapter with all 3 authors! We’ll be deep diving into what makes a SOC ...

Click here to send us your ideas and feedback on Blueprint! Ever wonder how a cloud and application security expert views risks of cloud workloads? Well, wonder no more because on this episode we have Brandon Evans - SANS Certified Instructor and lead author of SEC510: Public Cloud Security. We cover the why and how of moving their applications to the cloud, the key considerations for a successful cloud security posture, and how building your infrastructure with a cloud-native mindset can and...

Click here to send us your ideas and feedback on Blueprint! In this episode we speak with Joe Lykowski - Cyber Defense Lead at a major manufacturing company on what it takes to build a mature, transparent, and effective SOC. Joe brings years of experience to the table in running a large organization’s security team and in this interview he draws out some of his favorite tips, strategies and more on metrics, building the right team, and what to prioritize as you build up a SOC for an org of an...

Click here to send us your ideas and feedback on Blueprint! Many of us are either looking to start a cyber security career, improve our knowledge and skills to further our career, or hire a team that has the most skilled and promising candidates. In this special episode with Rob Lee, Chief Curriculum Director of the SANS Institute, we discuss strategies for building, improving, and testing your cyber security group’s skill levels, and working to keep our knowledge as current as possible - a c...

Click here to send us your ideas and feedback on Blueprint! In this episode of the Blueprint Podcast, we cover monitoring and securing macOS in an enterprise environment at scale with Jaron Bradley, Threat Detection lead at Jamf. We discuss the ups and downs of Apple's approach to macOS data collection over the years, the data sources and types that are accessible to defenders, what 3rd party agents bring to the table for security monitoring, and much more. Plus, Jaron gives us some great bon...

Click here to send us your ideas and feedback on Blueprint! One of the best frameworks that showed up within the last 5 or so years is undoubtedly the MITRE ATT&CK® framework. Many of us may know about it in passing and even reference from time to time, but very few people seem to know the true depth of knowledge contained - everything from analytics to threat groups, specific mitigation and detection opportunities, and with the newest versions, even specific data sources. In this episode...

Click here to send us your ideas and feedback on Blueprint! Ever wonder why there’s so little information regarding macOS and Linux-oriented attacks? In this episode, we get the answer from the multi-talented Cat Self - an Adversary Emulation Engineer at MITRE, Cyber Threat Intelligence Team Leader on ATT&CK Evaluations and macOS/ Lead on MITRE ATT&CK Enterprise. We discuss defense tools, attacker TTPs, and what to consider when approaching defense for a macOS and Linux en...

Click here to send us your ideas and feedback on Blueprint! Nearly every organization is using Microsoft Azure AD services in some respect, but monitoring Azure AD for threats is a significantly different skill that traditional Windows logging. In this episode we have 2 experts from Microsoft, Corissa Koopmans, and 3rd time returning guest Mark Morowczynski, to tell us about the important work that’s been done to help organizations understand their data and detect Azure AD attacks. We cover l...

Click here to send us your ideas and feedback on Blueprint! John and Fortress Vice President of Research and Development Tony Turner share their wisdom on trends they are seeing in the cyber industry and offer advice as to how we should be looking at the Cyber Supply Chain in 2022 and beyond. Follow Tony Turner LinkedIn: https://www.linkedin.com/in/tonyturnercissp/ Web: https://www.fortressinfosec.com/team/tony-turner Sponsor's Note: Support for the Blueprint podcast comes from the SANS In...

Click here to send us your ideas and feedback on Blueprint! There are many technical factors that contribute to the success of a security operations team, but you need more than just tech skills for mounting a solid defense. In this episode of Blueprint we bring back previous guest Mark Orlando to talk about his BlackHat 2022 presentation with Dr. Daniel Shore (PhD in workplace psychology) . We discuss team dynamics, how the mapping of multi-team systems can improve the flow of your incident ...

Click here to send us your ideas and feedback on Blueprint! Host John Hubbard, Blueprint host and SANS Cyber Defense Curriculum Lead, moderated a panel of cyber security experts including Heather Mahalik, Katie Nickels and Jeff McJunkin for this powerful discussion. John and guests share their wisdom on trends they are seeing in the cyber industry and offer advice as to how we should be looking at cyber defense in 2022 and beyond. Guests: Heather Mahalik Katie Nickels Jeff McJunkin Filmed...

Click here to send us your ideas and feedback on Blueprint! Many of us with the typical IT and security backgrounds might not have the slightest idea what to expect when we hear the terms “this product uses advanced machine learning…”, but that claim certainly conjures up a lot of skepticism due to the opaque nature of the algorithms in many of these products. In this episode we discuss what AI and ML are best used for, and what they can, can’t, and shouldn’t be used for with guest Dave Hoelz...

Click here to send us your ideas and feedback on Blueprint! While malicious insiders are a threat that most of us would like to imagine we might never have to deal with, it’s still one of the cyber threats you must realistically consider and plan for. But how do you identify malicious intent and potential attacks from those already inside our network that have legitimate access to our data? Check out this episode where James Rowley lays out what you need to consider when it comes to insider t...

Click here to send us your ideas and feedback on Blueprint! With ransomware and other highly disruptive attacks on the rise, there are few systems more important to defend than our critical infrastructure and ICS equipment. How should we think about defending these systems vs our typical IT network though? In this episode, Dean Parsons is here to give us that answer. Our Guest - Dean Parsons Dean brings over 20 years of technical and management experience to the classroom. He has worked...

Click here to send us your ideas and feedback on Blueprint! It's a special mailbag episode from John Hubbard! After two seasons, John asked the listeners what questions they had for him. He touched on the current XDR trend, how other teams can support SOC activities, defining security mindset, and more. Check out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Cen...

Click here to send us your ideas and feedback on Blueprint! In this solo episode to wrap up season 2, John discusses some of the key takeaways from the guests interviwed throughout this year, and has some very exciting news for all blue teamers on a brand new GIAC certification. ;) Link: (GIAC GSOC LINK HERE) John is a Security Operations Center (SOC) consultant and speaker, a Certified SANS instructor, and the course author of two SANS courses, SEC450: Blue Team Fundamentals - Security Ope...

Click here to send us your ideas and feedback on Blueprint! We all need solid, well though-out playbooks to help standardize our respons to common threat scenarios. In this episode we speak with Thomas Detzner and Mark Morowczynski about the brand new set of Microsoft incident response playbooks that were just released. This is a brand new effort to meticulously document prerequisites, investigation steps, and remediation process for common scenarios most commonly seen by the Microsoft incide...

Click here to send us your ideas and feedback on Blueprint! Compliance and audit checks can be painful, and that's before you introduce additional cloud services and technology. In this episode featuring AJ Yawn we discuss some incredibly useful and actionable cloud security concepts and tools that can help your team boost visibility and reduce user permissions to help prevent breaches before they happen. In addition, we discuss what a good compliance audit should be, and how to turn audits f...

Click here to send us your ideas and feedback on Blueprint! There are numerous ways to test your SOC's detection and prevention capabilities, but not all are created equal. Each has their own strengths and weaknesses, and can be done on a different time scale.This week, we focus on arguably one of the most important - adversary emulation. In this episode we speak with Jamie Williams from the MITRE ATT&CK team about why adversary emulation is important, how it works, how you can get starte...

Click here to send us your ideas and feedback on Blueprint! PowerShell may seem intimidating, but it can be one of the most amazing and useful tools at your disposal...if you know how to use it. In this episode, we have Josh Johnson, author of the new SANS course "SEC586: Blue Team Operations - Defensive Powershell" giving you a masterful crash course in: - The importance of PowerShell - How PowerShell works, and how to set yourself up to use it - Blue team use cases for log analysis, incid...

Click here to send us your ideas and feedback on Blueprint! This episode is all about vulnerability management - both the technical and human aspects. Looking to start up a new vulnerability management team? Drowning in vulnerabilities to fix and don't know where to start? Struggling to get system owners to take action? Trying to find ways to communicate the importance and status of your patching efforts? Check out this episode with vulnerability management expert Chris Baker for answer the...

Click here to send us your ideas and feedback on Blueprint! A common question from many defenders is "Which logs are the most important?” In this episode, Mick Douglas and Flynn Weeks join us to describe their What2Log project, which aims to simplify this problem for all of us! Our Guests: Mick Douglas & Flynn Weeks Mick Douglas is the Managing Partner of InfoSec Innovations. He is a SANS certified instructor and is a member of the IANS faculty. In his spare time, he tries in vain to imp...