Season 2

Click here to send us your ideas and feedback on Blueprint! In this solo episode to wrap up season 2, John discusses some of the key takeaways from the guests interviwed throughout this year, and has some very exciting news for all blue teamers on a brand new GIAC certification. ;) Link: (GIAC GSOC…

Click here to send us your ideas and feedback on Blueprint! We all need solid, well though-out playbooks to help standardize our respons to common threat scenarios. In this episode we speak with Thomas Detzner and Mark Morowczynski about the brand new set of Microsoft incident response playbooks th…

Click here to send us your ideas and feedback on Blueprint! Compliance and audit checks can be painful, and that's before you introduce additional cloud services and technology. In this episode featuring AJ Yawn we discuss some incredibly useful and actionable cloud security concepts and tools that…

Click here to send us your ideas and feedback on Blueprint! There are numerous ways to test your SOC's detection and prevention capabilities, but not all are created equal. Each has their own strengths and weaknesses, and can be done on a different time scale.This week, we focus on arguably one of …

Click here to send us your ideas and feedback on Blueprint! PowerShell may seem intimidating, but it can be one of the most amazing and useful tools at your disposal...if you know how to use it. In this episode, we have Josh Johnson, author of the new SANS course "SEC586: Blue Team Operations - Def…

Click here to send us your ideas and feedback on Blueprint! This episode is all about vulnerability management - both the technical and human aspects. Looking to start up a new vulnerability management team? Drowning in vulnerabilities to fix and don't know where to start? Struggling to get system …

Click here to send us your ideas and feedback on Blueprint! A common question from many defenders is "Which logs are the most important?” In this episode, Mick Douglas and Flynn Weeks join us to describe their What2Log project, which aims to simplify this problem for all of us! Our Guests: Mick Dou…

Click here to send us your ideas and feedback on Blueprint! In today’s episode, John is joined by Anton Chuvakin to discuss current and future security operations technology, which tools are the most important and which are becoming less important over time, the rules of automation in the SOC and h…

Click here to send us your ideas and feedback on Blueprint! Are you a manager looking to build or improve your SOC? Are you trying to understand how to measure your SOCs maturity or use cases or your threat hunting efforts? If so, today’s episode with Rob van Os is for you. In this episode, we disc…

Click here to send us your ideas and feedback on Blueprint! What is AppSec, DevOps and DevSecOps? In this episode we discuss why defenders should know more about these terms and what the consequences are of ignoring these new and critical fields. Tanya Janca, also known as SheHacksPurple, is the be…

Click here to send us your ideas and feedback on Blueprint! Driving consistency and maintaining a high standard for alert response is a problem all SOCs must face, but how? In this episode, Josh Brower describes his efforts to combine automated detection signature deployment and use case database m…

Click here to send us your ideas and feedback on Blueprint! Even if you're not a malware analyst, any blue teamer should be able to do some initial basic malware sample triage. The good news is that this is quite easy to do using freely available tools once you know what is available. Join John in …

Click here to send us your ideas and feedback on Blueprint! Looking for a new way to approach the difficult problem of measuring and improving your SOC? Check out this episode to hear how to use methods pioneered in the manufacturing and reliability industry to help wrap your head around, and solve…