Blueprint: Build the Best in Cyber Defense
Are you a cyber defender looking to keep up on the newest tools, technology, and security concepts? Then BLUEPRINT is the podcast for you! Tune in to hear the latest in cyber defense and security operations from blue team leaders and experts. With a focus on learning, BLUEPRINT includes interviews with today’s top security practitioners defending the world’s most respected brands, and in-depth explanations on the newest technologies, protocols, and defensive tools. BLUEPRINT, is a podcast hosted by John Hubbard and brought to you by the SANS Institute. BLUEPRINT - your one-stop shop for taking your defense skills to the next level!
Episodes
55 episodes
How GenAI is Changing Your SOC for the Better with Seth Misenar
In this mega-discussion with Seth Misenar on GenAI and LLM usage for security operations we cover some very interesting questions such as: - The importance of natural language processing in Sec Ops- How AI is helping us detect p...
•
Season 5
•
Episode 2
•
1:36:22
From Clues to Containment - Unraveling A Gift Card Fraud Scheme with Mark Jeanmougin
In this episode, we take you behind the scenes of a complex gift card fraud investigation. Join host John Hubbard and guest Mark Jeanmougin as they explore the intricate details of uncovering and combating a clever case of cyber fraud. In this ...
•
Season 5
•
Episode 1
•
37:31
Bonus Episode: What does it take to author a cybersecurity book?
Have you ever wondered what it takes to write and publish an information security book? In this special bonus episode following season 4, John discusses with Kathryn, Ingrid, and Carson the challenges and rewards of self-publishing, and the kin...
•
Season 4
•
Episode 12
•
1:32:24
Strategy 11: Turn up the Volume by Expanding SOC Functionality
"This final chapter of the book is no simple closer! "Turn Up the Volume by Expanding SOC Functionality" covers testing that your SOC is functioning as intended through activities such as Threat Hunting, Red and Purple Teaming, Adversary Emulat...
•
Season 4
•
Episode 11
•
1:27:56
Strategy 10: Measure Performance to Improve Performance
"Metrics, is there any more confusing and contentious topic in cybersecurity? In this episode the authors cover their advice and approach to measuring your team so that issues can be quickly identified and performance can continuously improve!<...
•
Season 4
•
Episode 10
•
54:04
Strategy 9: Communicate Clearly, Collaborate Often, Share Generously
"Research has shown that communication is one of the most important factors for success in security incident response teams. In this chapter, the authors discuss the critical types of information that must be shared within the SOC, with the con...
•
Season 4
•
Episode 9
•
1:04:54
Strategy 8: Leverage Tools and Support Analyst Workflow
Tool choice can be a make-or-break decision for security analysts, driving whether getting work done is a struggle, or an efficient, stress-free experience. How can we select the right tools for the job? Which tools are most important? Answers ...
•
Season 4
•
Episode 8
•
1:26:56
Blueprint Live at the SANS Blue Team Summit 2023
In this special live recording from the SANS Blue Team Summit 2023, Kathryn Knerler, Ingrid Parker, and Carson Zimmerman joined John Hubbard they share their insights and expertise with attendees by answering their pressing questions. From disc...
•
Season 4
•
1:06:01
Strategy 7: Select and Collect the Right Data
There's no denying that the average security team is completely overwhelmed with options for data to collect. With a deluge of endpoint, network, and cloud data sources to collect, how to do we identify and collect the most useful data sources?...
•
Season 4
•
Episode 7
•
1:04:34
Strategy 6: Illuminate Adversaries with Cyber Threat Intelligence
Every security team has limited budget and time, how do you know where to focus? Cyber Threat Intelligence provides those answers! In this episode, Ingrid, Carson and Kathryn describe how we can use CTI to focus our defensive efforts to underst...
•
Season 4
•
Episode 6
•
59:03
Strategy 5: Prioritize Incident Response
No security team is perfect, so in this episode, authors Carson, Ingrid, and Kathryn discuss what it takes to prepare for fast, effective incident response capability. Covering preparation, planning and execution, Strategy 5 will teach your tea...
•
Season 4
•
Episode 5
•
1:26:39
Strategy 4: Hire AND Grow Quality Staff
In this episode we dive deep on the "People" factor of the SOC. Who should you hire, what skills should you hire for, what backgrounds are most likely to lead to success for your team? We also get into what happens after the hire - training, gr...
•
Season 4
•
Episode 4
•
1:14:49
Strategy 3: Build a SOC Structure to Match Your Organizational Needs
In this episode we discuss how to decide on the right org structure and capabilities of your SOC. This includes questions like tiered vs. tierless models, which capabilities the SOC should focus on, centralized vs. distributed SOCs, outsourcing...
•
Season 4
•
Episode 3
•
1:13:18
Strategy 2: Give the SOC the Authority to Do Its Job
Though a SOC is responsible for protecting your organization's assets, it is not the owner of those systems. If the SOC is not established with a clear charter and authority to act, it may quickly become difficult to be effective. Who should th...
•
Season 4
•
Episode 2
•
38:09
Strategy 1: Know What You Are Protecting and Why
As the saying goes, "If you don't know where you're going, any road will take you there!" - an approach that is disastrous to a SOC. In order to succeed, the SOC must have a clear understanding of where they are going, how they're going to get ...
•
Season 4
•
Episode 1
•
1:03:28
11 Strategies of a World-Class Security Operations Center: Fundamentals
Welcome to a brand new season of Blueprint! In this intro episode we discuss "Fundamentals" chapter of the "11 Strategies of a World Class Cybersecurity Operations Center" with the authors. We get into the motivation behind updating the book an...
•
Season 4
•
Episode 0
•
56:34
Get Ready, A Very Special Season 4 Is On the Way!
Hello Blueprint listeners! We’re excited to announce that the release of season 4 of Blueprint is just around the corner, and we’ve got something very special cooked up for you. We’ve teamed up with the authors of MITRE’s “11 Strategies of a Wo...
•
Season 4
•
2:42
Brandon Evans: Cloud Security - Threats and Opportunities
Ever wonder how a cloud and application security expert views risks of cloud workloads? Well, wonder no more because on this episode we have Brandon Evans - SANS Certified Instructor and lead author of SEC510: Public Cloud Security. We cover th...
•
Season 3
•
Episode 37
•
50:53
Joe Lykowski: Building a Transparent, Data-Driven SOC
In this episode we speak with Joe Lykowski - Cyber Defense Lead at a major manufacturing company on what it takes to build a mature, transparent, and effective SOC. Joe brings years of experience to the table in running a large organization’s s...
•
Season 3
•
Episode 36
•
56:24
Rob Lee: Training and Reskilling in Cyber Security
Many of us are either looking to start a cyber security career, improve our knowledge and skills to further our career, or hire a team that has the most skilled and promising candidates. In this special episode with Rob Lee, Chief Curriculum Di...
•
Season 3
•
Episode 35
•
52:01
Jaron Bradley: Securing Enterprise macOS
In this episode of the Blueprint Podcast, we cover monitoring and securing macOS in an enterprise environment at scale with Jaron Bradley, Threat Detection lead at Jamf. We discuss the ups and downs of Apple's approach to macOS data collection ...
•
Season 3
•
Episode 34
•
59:54
Alexia Crumpton: MITRE ATT&CK for Defenders
One of the best frameworks that showed up within the last 5 or so years is undoubtedly the MITRE ATT&CK® framework. Many of us may know about it in passing and even reference from time to time, but very few people seem to know the true dept...
•
Season 3
•
Episode 33
•
43:44
Cat Self: macOS and Linux Security
Ever wonder why there’s so little information regarding macOS and Linux-oriented attacks? In this episode, we get the answer from the multi-talented Cat Self - an Adversary Emulation Engineer at MITRE, Cyber Threat Intelligence Team Leade...
•
Season 3
•
Episode 32
•
57:49
Corissa Koopmans and Mark Morowczynski: Azure AD Threat Detection and Logging
Nearly every organization is using Microsoft Azure AD services in some respect, but monitoring Azure AD for threats is a significantly different skill that traditional Windows logging. In this episode we have 2 experts from Microsoft, Corissa K...
•
Season 3
•
Episode 31
•
48:42
Tony Turner: Securing the Cyber Supply Chain
John and Fortress Vice President of Research and Development Tony Turner share their wisdom on trends they are seeing in the cyber industry and offer advice as to how we should be looking at the Cyber Supply Chain in 2022 and beyond....
•
Season 3
•
Episode 30
•
48:21
