Blueprint: Build the Best in Cyber Defense

‌

Episodes

‌

Are you a cyber defender looking to keep up on the newest tools, technology, and security concepts? Then BLUEPRINT is the podcast for you! Tune in to hear the latest in cyber defense and security operations from blue team leaders and experts. With a focus on learning, BLUEPRINT includes interviews with today’s top security practitioners defending the world’s most respected brands, and in-depth explanations on the newest technologies, protocols, and defensive tools. BLUEPRINT, is a podcast hosted by John Hubbard and brought to you by the SANS Institute. BLUEPRINT - your one-stop shop for taking your defense skills to the next level!

Episodes

SOC Dashboards Done Right with Ryan Thompson

Click here to send us your ideas and feedback on Blueprint! In this episode, we sit down with Ryan Thompson , a seasoned expert in building dashboards that actually detect real threats —not just look pretty. With experience at Elastic, Alert Logic, and top EDR vendors, Ryan shares deep insights into the science behind effective dashboards and how security teams can cut through the noise to find the threats on your network . We cover: Why most SOC dashboards fail to deliver real insights —and how...

Feb 18, 2025•1 hr 3 min•Ep 5•Transcript available on Metacast

Success Simplified - The 3 Step Process for Hitting Your Career Goals in 2025 with John Hubbard

Click here to send us your ideas and feedback on Blueprint! Surprise!! It's a mini solo episode to kick off the new year and it's on one of the most important topics there is - how to achieve your goals in 2025 and beyond! In this episode I talk about a topic I've never covered anywhere before - my personal system for productivity and how it helps me, and can likely you help you stay on track for those 2025 goals and stay aligned with what is most important in your life. Check thi...

Jan 01, 2025•30 min•Ep 4•Transcript available on Metacast

How Phishing Resistant Credentials Work with Mark Morowczynski and Tarek Dawoud

Click here to send us your ideas and feedback on Blueprint! Mark Morowczynski returns for his 4th(!) time with his Microsoft coworker and identity and authentication expert Tarek Dawoud in this incredibly insightful conversation on the what, why, and how of phishing resistant credentials that YOU can implement right now! This conversation covers: What makes MFA phishable? What phishing resistant credentials are and how they work The history and modern methods for phishing resistant credentials W...

Dec 02, 2024•55 min•Ep 3•Transcript available on Metacast

How GenAI is Changing Your SOC for the Better with Seth Misenar

Click here to send us your ideas and feedback on Blueprint! In this mega-discussion with Seth Misenar on GenAI and LLM usage for security operations we cover some very interesting questions such as: - The importance of natural language processing in Sec Ops - How AI is helping us detect phishing email - Where and how AI is lowering the bar for entry-level security SOC roles - Should we worry about AI hallucinations or AI taking our jobs? - What is a reasoning model and how is it different than w...

Oct 09, 2024•2 hr 36 min•Ep 2•Transcript available on Metacast

From Clues to Containment - Unraveling A Gift Card Fraud Scheme with Mark Jeanmougin

Click here to send us your ideas and feedback on Blueprint! In this episode, we take you behind the scenes of a complex gift card fraud investigation. Join host John Hubbard and guest Mark Jeanmougin as they explore the intricate details of uncovering and combating a clever case of cyber fraud. In this episode Mark discusses how the incident was identified, investigated, contained, and what lessons were learned along the way. Episode Links: - Mark's LinkedIn Profile: https://www.linkedin.co...

Oct 09, 2024•37 min•Ep 1•Transcript available on Metacast

Bonus Episode: What does it take to author a cybersecurity book?

Click here to send us your ideas and feedback on Blueprint! Have you ever wondered what it takes to write and publish an information security book? In this special bonus episode following season 4, John discusses with Kathryn, Ingrid, and Carson the challenges and rewards of self-publishing, and the kind of effort that goes into producing a book like "11 Strategies of a World-Class Cybersecurity Operations Center". This special season of the Blueprint Podcast is taking a deep dive into...

Aug 03, 2023•2 hr 32 min•Ep 12•Transcript available on Metacast

Strategy 11: Turn up the Volume by Expanding SOC Functionality

Click here to send us your ideas and feedback on Blueprint! "This final chapter of the book is no simple closer! "Turn Up the Volume by Expanding SOC Functionality" covers testing that your SOC is functioning as intended through activities such as Threat Hunting, Red and Purple Teaming, Adversary Emulation, Breach and Attack Simulation, tabletop exercises and more. There's even a discussion of cyber deception types and tactics, and how it can be used to further frustrate atta...

Jul 18, 2023•1 hr 28 min•Ep 11•Transcript available on Metacast

Strategy 10: Measure Performance to Improve Performance

Click here to send us your ideas and feedback on Blueprint! "Metrics, is there any more confusing and contentious topic in cybersecurity? In this episode the authors cover their advice and approach to measuring your team so that issues can be quickly identified and performance can continuously improve! This special season of the Blueprint Podcast is taking a deep dive into MITRE’s 11 Strategies of a World-Class Cyber Security Operations Center. Each episode John will break down a chapter of...

Jul 10, 2023•54 min•Ep 10•Transcript available on Metacast

Strategy 9: Communicate Clearly, Collaborate Often, Share Generously

Click here to send us your ideas and feedback on Blueprint! "Research has shown that communication is one of the most important factors for success in security incident response teams. In this chapter, the authors discuss the critical types of information that must be shared within the SOC, with the constituency, and with the greater cybersecurity community. SANS Cyber Defense Discord Invite - sansurl.com/cyber-defense-discord This special season of the Blueprint Podcast is taking a deep di...

Jul 05, 2023•1 hr 5 min•Ep 9•Transcript available on Metacast

Strategy 8: Leverage Tools and Support Analyst Workflow

Click here to send us your ideas and feedback on Blueprint! Tool choice can be a make-or-break decision for security analysts, driving whether getting work done is a struggle, or an efficient, stress-free experience. How can we select the right tools for the job? Which tools are most important? Answers to these questions and more are in this week's episode of Blueprint! This special season of the Blueprint Podcast is taking a deep dive into MITRE’s 11 Strategies of a World-Class Cyber Secur...

Jun 26, 2023•1 hr 27 min•Ep 8•Transcript available on Metacast

Blueprint Live at the SANS Blue Team Summit 2023

Click here to send us your ideas and feedback on Blueprint! In this special live recording from the SANS Blue Team Summit 2023, Kathryn Knerler, Ingrid Parker, and Carson Zimmerman joined John Hubbard they share their insights and expertise with attendees by answering their pressing questions. From discussing the most effective strategies for building a successful SOC to sharing tips on how to stay ahead of emerging cyber threats, our guests provide invaluable advice for those who work in a secu...

Jun 22, 2023•1 hr 6 min•Transcript available on Metacast

Strategy 7: Select and Collect the Right Data

Click here to send us your ideas and feedback on Blueprint! There's no denying that the average security team is completely overwhelmed with options for data to collect. With a deluge of endpoint, network, and cloud data sources to collect, how to do we identify and collect the most useful data sources? That's the topic of this episode. Join Kathryn, Ingrid, Carson, and John in this episode for a discussion on tactical data collection that will ensure your team doesn't miss the si...

Jun 19, 2023•1 hr 4 min•Ep 7•Transcript available on Metacast

Strategy 6: Illuminate Adversaries with Cyber Threat Intelligence

Click here to send us your ideas and feedback on Blueprint! Every security team has limited budget and time, how do you know where to focus? Cyber Threat Intelligence provides those answers! In this episode, Ingrid, Carson and Kathryn describe how we can use CTI to focus our defensive efforts to understand our most likely attacks and attackers and move towards prioritizing what truly matters. This special season of the Blueprint Podcast is taking a deep dive into MITRE’s 11 Strategies of a World...

Jun 12, 2023•59 min•Ep 6•Transcript available on Metacast

Strategy 5: Prioritize Incident Response

Click here to send us your ideas and feedback on Blueprint! No security team is perfect, so in this episode, authors Carson, Ingrid, and Kathryn discuss what it takes to prepare for fast, effective incident response capability. Covering preparation, planning and execution, Strategy 5 will teach your team how to jump into action at the earliest sign of problems. This special season of the Blueprint Podcast is taking a deep dive into MITRE’s 11 Strategies of a World-Class Cyber Security Operations...

Jun 05, 2023•1 hr 27 min•Ep 5•Transcript available on Metacast

Strategy 4: Hire AND Grow Quality Staff

Click here to send us your ideas and feedback on Blueprint! In this episode we dive deep on the "People" factor of the SOC. Who should you hire, what skills should you hire for, what backgrounds are most likely to lead to success for your team? We also get into what happens after the hire - training, growth, and supporting your team in their skill and career development. This one is a must-listen for all the managers out there. We're all trying to build the highest skilled, most s...

May 29, 2023•1 hr 15 min•Ep 4•Transcript available on Metacast

Strategy 3: Build a SOC Structure to Match Your Organizational Needs

Click here to send us your ideas and feedback on Blueprint! In this episode we discuss how to decide on the right org structure and capabilities of your SOC. This includes questions like tiered vs. tierless models, which capabilities the SOC should focus on, centralized vs. distributed SOCs, outsourcing of duties and staff augmentation considerations, and also where the SOC might sit in the larger chart of your organization. Every SOC needs to be tailored to best meet the mission, and chapter 3 ...

May 22, 2023•1 hr 13 min•Ep 3•Transcript available on Metacast

Strategy 2: Give the SOC the Authority to Do Its Job

Click here to send us your ideas and feedback on Blueprint! Though a SOC is responsible for protecting your organization's assets, it is not the owner of those systems. If the SOC is not established with a clear charter and authority to act, it may quickly become difficult to be effective. Who should the SOC report to, what should be in a SOC charter, and how can we make these tough decisions? Those are the questions covered in this episode of our special "11 Strategies" season. T...

May 15, 2023•38 min•Ep 2•Transcript available on Metacast

Strategy 1: Know What You Are Protecting and Why

Click here to send us your ideas and feedback on Blueprint! As the saying goes, "If you don't know where you're going, any road will take you there!" - an approach that is disastrous to a SOC. In order to succeed, the SOC must have a clear understanding of where they are going, how they're going to get there, and why. In this episode of our "11 Strategies" season we discuss chapter 1 of the book - "Know What You're Protecting and Why". Understand...

May 08, 2023•1 hr 3 min•Ep 1•Transcript available on Metacast

11 Strategies of a World-Class Security Operations Center: Fundamentals

Click here to send us your ideas and feedback on Blueprint! Welcome to a brand new season of Blueprint! In this intro episode we discuss "Fundamentals" chapter of the "11 Strategies of a World Class Cybersecurity Operations Center" with the authors. We get into the motivation behind updating the book and why its lessons are more important than ever in 2023. This chapter includes discussion of the functions of a SOC, basics of workflow, CTI and contextual data sources, and why...

May 08, 2023•56 min•Transcript available on Metacast

Get Ready, A Very Special Season 4 Is On the Way!

Click here to send us your ideas and feedback on Blueprint! Hello Blueprint listeners! We’re excited to announce that the release of season 4 of Blueprint is just around the corner, and we’ve got something very special cooked up for you. We’ve teamed up with the authors of MITRE’s “11 Strategies of a World-Class Cybersecurity Operations Center” and over the next few months, we’ll be releasing episodes walking through each chapter with all 3 authors! We’ll be deep diving into what makes a SOC suc...

May 01, 2023•4 min•Transcript available on Metacast

Brandon Evans: Cloud Security - Threats and Opportunities

Click here to send us your ideas and feedback on Blueprint! Ever wonder how a cloud and application security expert views risks of cloud workloads? Well, wonder no more because on this episode we have Brandon Evans - SANS Certified Instructor and lead author of SEC510: Public Cloud Security. We cover the why and how of moving their applications to the cloud, the key considerations for a successful cloud security posture, and how building your infrastructure with a cloud-native mindset can and sh...

Sep 13, 2022•51 min•Ep 37•Transcript available on Metacast

Joe Lykowski: Building a Transparent, Data-Driven SOC

Click here to send us your ideas and feedback on Blueprint! In this episode we speak with Joe Lykowski - Cyber Defense Lead at a major manufacturing company on what it takes to build a mature, transparent, and effective SOC. Joe brings years of experience to the table in running a large organization’s security team and in this interview he draws out some of his favorite tips, strategies and more on metrics, building the right team, and what to prioritize as you build up a SOC for an org of any s...

Sep 06, 2022•56 min•Ep 36•Transcript available on Metacast

Rob Lee: Training and Reskilling in Cyber Security

Click here to send us your ideas and feedback on Blueprint! Many of us are either looking to start a cyber security career, improve our knowledge and skills to further our career, or hire a team that has the most skilled and promising candidates. In this special episode with Rob Lee, Chief Curriculum Director of the SANS Institute, we discuss strategies for building, improving, and testing your cyber security group’s skill levels, and working to keep our knowledge as current as possible - a crit...

Aug 30, 2022•52 min•Ep 35•Transcript available on Metacast

Jaron Bradley: Securing Enterprise macOS

Click here to send us your ideas and feedback on Blueprint! In this episode of the Blueprint Podcast, we cover monitoring and securing macOS in an enterprise environment at scale with Jaron Bradley, Threat Detection lead at Jamf. We discuss the ups and downs of Apple's approach to macOS data collection over the years, the data sources and types that are accessible to defenders, what 3rd party agents bring to the table for security monitoring, and much more. Plus, Jaron gives us some great b...

Aug 23, 2022•1 hr•Ep 34•Transcript available on Metacast

Alexia Crumpton: MITRE ATT&CK for Defenders

Click here to send us your ideas and feedback on Blueprint! One of the best frameworks that showed up within the last 5 or so years is undoubtedly the MITRE ATT&CK® framework. Many of us may know about it in passing and even reference from time to time, but very few people seem to know the true depth of knowledge contained - everything from analytics to threat groups, specific mitigation and detection opportunities, and with the newest versions, even specific data sources. In this episode we...

Aug 16, 2022•44 min•Ep 33•Transcript available on Metacast

Cat Self: macOS and Linux Security

Click here to send us your ideas and feedback on Blueprint! Ever wonder why there’s so little information regarding macOS and Linux-oriented attacks? In this episode, we get the answer from the multi-talented Cat Self - an Adversary Emulation Engineer at MITRE, Cyber Threat Intelligence Team Leader on ATT&CK Evaluations and macOS/ Lead on MITRE ATT&CK Enterprise. We discuss defense tools, attacker TTPs, and what to consider when approaching defense for a macOS and Linux environment, and ...

Aug 09, 2022•58 min•Ep 32•Transcript available on Metacast

Corissa Koopmans and Mark Morowczynski: Azure AD Threat Detection and Logging

Click here to send us your ideas and feedback on Blueprint! Nearly every organization is using Microsoft Azure AD services in some respect, but monitoring Azure AD for threats is a significantly different skill that traditional Windows logging. In this episode we have 2 experts from Microsoft, Corissa Koopmans, and 3rd time returning guest Mark Morowczynski, to tell us about the important work that’s been done to help organizations understand their data and detect Azure AD attacks. We cover log ...

Aug 02, 2022•49 min•Ep 31•Transcript available on Metacast

Tony Turner: Securing the Cyber Supply Chain

Click here to send us your ideas and feedback on Blueprint! John and Fortress Vice President of Research and Development Tony Turner share their wisdom on trends they are seeing in the cyber industry and offer advice as to how we should be looking at the Cyber Supply Chain in 2022 and beyond. Follow Tony Turner LinkedIn: https://www.linkedin.com/in/tonyturnercissp/ Web: https://www.fortressinfosec.com/team/tony-turner Sponsor's Note: Support for the Blueprint podcast comes from the SANS Ins...

Jul 26, 2022•48 min•Ep 30•Transcript available on Metacast

Mark Orlando: Building a Stronger Blue Team

Click here to send us your ideas and feedback on Blueprint! There are many technical factors that contribute to the success of a security operations team, but you need more than just tech skills for mounting a solid defense. In this episode of Blueprint we bring back previous guest Mark Orlando to talk about his BlackHat 2022 presentation with Dr. Daniel Shore (PhD in workplace psychology) . We discuss team dynamics, how the mapping of multi-team systems can improve the flow of your incident res...

Jul 19, 2022•50 min•Ep 29•Transcript available on Metacast

Blueprint Live at SANSFIRE 2022: A panel with Heather Mahalik, Katie Nickels and Jeff McJunkin

Click here to send us your ideas and feedback on Blueprint! Host John Hubbard, Blueprint host and SANS Cyber Defense Curriculum Lead, moderated a panel of cyber security experts including Heather Mahalik, Katie Nickels and Jeff McJunkin for this powerful discussion. John and guests share their wisdom on trends they are seeing in the cyber industry and offer advice as to how we should be looking at cyber defense in 2022 and beyond. Guests: Heather Mahalik Katie Nickels Jeff McJunkin Filmed live a...

Jul 14, 2022•1 hr•Ep 28•Transcript available on Metacast