Episodes

This episode is sponsored by Fig. This episode features a conversation with Nir Loya Dahan, Co-Founder and CPO at Fig, recorded at RSAC 2026. Our discussion covers telemetry health and SOC infrastructure resilience: what breaks in a log pipeline, why silent failures are so hard to catch, and how detection teams can build more confidence in their data foundation. Resources: Nir's Email: nir@fig.security Fig Website: https://www.fig.security Contact, Courses, and More: For feedback, reviews, gu...

What happens after you discover ransomware? You have to talk to the attackers. And that conversation can make or break your entire response. In this episode, Wade Gettle, a professional ransomware negotiator, pulls back the curtain on the high-stakes world of threat actor negotiations. Wade is the person who gets the call at 2 AM when organizations are facing their worst moment, and he's handled negotiations across every scenario imaginable. You'll learn: What actually happens in the first 72 ho...

Click here to send us your ideas and feedback on Blueprint! This episode is a big one! We kick off 2026 with a critical lessons learned on how to detect and prevent the threat of fake IT workers infiltrating your organization through the story of a REAL compromise. In this episode, repeat guest Zak Stufflebeam shares a detailed case study involving a major investigation of multiple counterfeit IT employees within a company. The episode provides valuable insights and actionable detection tacti...

Click here to send us your ideas and feedback on Blueprint! In this episode, we sit down with Zak Stufflebeam, Director of Cybersecurity at a publicly traded insurance company. Zak shares his unique journey from the military to leading security operations, emphasizing essential leadership principles learned along the way. From his early days in basic training to leading complex cybersecurity teams, Zak’s story is one of perseverance, adaptability, and unwavering commitment. He delves into vit...

Click here to send us your ideas and feedback on Blueprint! This podcast episode is from the SANS Cyber Leaders Podcast. The episode features Blueprint host John Hubbard, where he talks with hosts James Lyne and Ciaran Martin on the ever-changing threat landscape and how SOC teams can stay ahead. John shares his expertise on spotting threats early, how to test your defences before the real attackers show up, and why he’s on a mission to simplify cybersecurity operations for the next generatio...

Click here to send us your ideas and feedback on Blueprint! In this episode of Blueprint, host John Hubbard sits down with James Spiteri from Elastic to explore the transformative power of AI on the SOC. They delve into how advanced AI technologies, such as agentic AI models, MCP protocol, and automation, are reshaping the SOC landscape. Discover how AI enhances SOC efficiency, reduces mundane tasks, and integrates context-aware capabilities. Learn about the real-world applications, from auto...

Click here to send us your ideas and feedback on Blueprint! In this episode, we sit down with Rich Greene, a former United States Army Special Forces Green Beret and current SANS instructor for SEC275 and SEC301. Rich shares his incredible journey spanning 20 years in the Army, including his transition from military communication roles into the realm of cybersecurity. He talks about the importance of fundamentals in cybersecurity, the power of effective communication and persuasion, and dispe...

Click here to send us your ideas and feedback on Blueprint! In this episode, we sit down with Ryan Thompson, a seasoned expert in building dashboards that actually detect real threats—not just look pretty. With experience at Elastic, Alert Logic, and top EDR vendors, Ryan shares deep insights into the science behind effective dashboards and how security teams can cut through the noise to find the threats on your network. We cover: Why most SOC dashboards fail to deliver real insights—and how ...

Click here to send us your ideas and feedback on Blueprint! Surprise!! It's a mini solo episode to kick off the new year and it's on one of the most important topics there is - how to achieve your goals in 2025 and beyond! In this episode I talk about a topic I've never covered anywhere before - my personal system for productivity and how it helps me, and can likely you help you stay on track for those 2025 goals and stay aligned with what is most important in your life. Check this ep...

Click here to send us your ideas and feedback on Blueprint! Mark Morowczynski returns for his 4th(!) time with his Microsoft coworker and identity and authentication expert Tarek Dawoud in this incredibly insightful conversation on the what, why, and how of phishing resistant credentials that YOU can implement right now! This conversation covers: What makes MFA phishable?What phishing resistant credentials are and how they workThe history and modern methods for phishing resistant...

Click here to send us your ideas and feedback on Blueprint! In this episode, we take you behind the scenes of a complex gift card fraud investigation. Join host John Hubbard and guest Mark Jeanmougin as they explore the intricate details of uncovering and combating a clever case of cyber fraud. In this episode Mark discusses how the incident was identified, investigated, contained, and what lessons were learned along the way. Episode Links: - Mark's LinkedIn Profile: https://www.linkedin.com/...

Click here to send us your ideas and feedback on Blueprint! In this mega-discussion with Seth Misenar on GenAI and LLM usage for security operations we cover some very interesting questions such as: - The importance of natural language processing in Sec Ops - How AI is helping us detect phishing email - Where and how AI is lowering the bar for entry-level security SOC roles - Should we worry about AI hallucinations or AI taking our jobs? - What is a reasoning model and how is it differe...