24 episodes

Are you a cyber defender looking to keep up on the newest tools, technology, and security concepts? Then BLUEPRINT is the podcast for you! Tune in to hear the latest in cyber defense and security operations from blue team leaders and experts. With a focus on learning, BLUEPRINT includes interviews with today’s top security practitioners defending the world’s most respected brands, and in-depth explanations on the newest technologies, protocols, and defensive tools. BLUEPRINT, is a podcast hosted by John Hubbard and brought to you by the SANS Institute. BLUEPRINT - your one-stop shop for taking your defense skills to the next level!

BLUEPRINT John Hubbard

    • Technology
    • 4.9 • 106 Ratings

Are you a cyber defender looking to keep up on the newest tools, technology, and security concepts? Then BLUEPRINT is the podcast for you! Tune in to hear the latest in cyber defense and security operations from blue team leaders and experts. With a focus on learning, BLUEPRINT includes interviews with today’s top security practitioners defending the world’s most respected brands, and in-depth explanations on the newest technologies, protocols, and defensive tools. BLUEPRINT, is a podcast hosted by John Hubbard and brought to you by the SANS Institute. BLUEPRINT - your one-stop shop for taking your defense skills to the next level!

    John Hubbard: Key lessons and takeaways from Blueprint Season 2 + A Special Announcement!

    John Hubbard: Key lessons and takeaways from Blueprint Season 2 + A Special Announcement!

    In this solo episode to wrap up season 2, John discusses some of the key takeaways from the guests interviwed throughout this year, and has some very exciting news for all blue teamers on a brand new GIAC certification. ;)

    Link: (GIAC GSOC LINK HERE)

    John is a Security Operations Center (SOC) consultant and speaker, a Certified SANS instructor, and the course author of two SANS courses, SEC450: Blue Team Fundamentals - Security Operations and Analysis and MGT551: Building and Leading Security Operations Centers.

    Follow John
    Twitter: @SecHubb
    YouTube: youtube.com/user/jhub908
    LinkedIn: in/johnlhubbard

    All Blueprint Podcast Episodes: sans.org/blueprint-podcast

    • 22 min
    Mark Morowczynski & Thomas Detzner: Microsoft Incident Response Playbooks

    Mark Morowczynski & Thomas Detzner: Microsoft Incident Response Playbooks

    We all need solid, well though-out playbooks to help standardize our respons to common threat scenarios. In this episode we speak with Thomas Detzner and Mark Morowczynski about the brand new set of Microsoft incident response playbooks that were just released. This is a brand new effort to meticulously document prerequisites, investigation steps, and remediation process for common scenarios most commonly seen by the Microsoft incident response teams, and you definitely won't want to miss it.

    Our Guests: Thomas Detzner and Mark Morowczynski
    Thomas Detzner is a Project Leader  for Microsoft, creating guidance for Azure AD IR.

    Mark Morowczynski (@markmorow) is a Principal Program Manager on the customer success team in the Microsoft Identity division. He spends most of his time working with customers on their deployments of Azure Active Directory. He can be frequently found on Twitter as @markmorow arguing about baseball and making sometimes funny gifs.

    Links:
    https://aka.ms/irplaybooks - Playbooks discussed in this episode
    https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-azure-monitor-stream-logs-to-event-hub#access-data-from-your-event-hub - Azure Event Hub
    https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1909-and-windows-server/ba-p/1023093 - Security Baslines
    https://www.microsoft.com/en-us/download/details.aspx?id=52630 - Security Auditing and Monitoring Reference

    Sponsor's Note:
    Support for the Blueprint podcast comes from the SANS Institute.

    If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.

    This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.

    Check out the details at sansurl.com/450! Hope to see you in class!
    Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
    Follow John Hubbard: Twitter | LinkedIn

    • 42 min
    AJ Yawn: Cloud, Compliance and Automating Security

    AJ Yawn: Cloud, Compliance and Automating Security

    Compliance and audit checks can be painful, and that's before you introduce additional cloud services and technology. In this episode featuring AJ Yawn we discuss some incredibly useful and actionable cloud security concepts and tools that can help your team boost visibility and reduce user permissions to help prevent breaches before they happen. In addition, we discuss what a good compliance audit should be, and how to turn audits from painful to incredibly valuable.

    Resources mentioned in this episode:
    - AWS CloudTrail: https://aws.amazon.com/cloudtrail/
    - AWS Well-Architected Framework:https://aws.amazon.com/architecture/well-architected/
    - AWS Config: https://aws.amazon.com/config
    - AWS Organizations:https://aws.amazon.com/organizations/
    - AWS Service Control Policies (SCP): https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html

    Our Guest - AJ Yawn
    AJ Yawn is the Co-Founder and CEO of ByteChek. He is a seasoned cloud security professional that possesses over a decade of senior information security experience with extensive experience managing a wide range of cybersecurity compliance assessments (SOC 2, ISO 27001, HIPAA, etc.) for a variety of SaaS, IaaS, and PaaS providers.
    AJ advises startups on cloud security and serves on the Board of Directors of the ISC2 Miami chapter as the Education Chair, he is also a Founding Board member of the National Association of Black Compliance and Risk Management professions, regularly speaks on information security podcasts, events, and he contributes blogs and articles to the information security community including publications such as CISOMag, InfosecMag, HackerNoon, and ISC2.
    Sponsor's Note:
    Support for the Blueprint podcast comes from the SANS Institute.

    Are you looking for the best in-depth training for your cyber defense team? Look no further than SANS blue team curriculum courses!

    Whether you focus on network or host data, Windows or Linux, or even specialize in open source intel, SIEM, SOC, or defensive architecture, the SANS Blue Team curriculum has the course for you. From long-time classics like SEC503 Network Intrusion Detection to the newer SEC530 Defensible Security Architecture and Engineering and SEC487 Open Source Intelligence Gathering - we've got you covered, no matter what your specialty.

    With an extensive archive of free webcasts on the SANS site, and free online demos available for most courses, you can easily check out the SANS blue team catalog and see which course is the best fit for you and your team.

    Check out the constantly growing list of available courses at sansurl.com/blueteamops
    Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
    Follow John Hubbard: Twitter | LinkedIn

    • 55 min
    Jamie Williams: Adversary Emulation

    Jamie Williams: Adversary Emulation

    There are numerous ways to test your SOC's detection and prevention capabilities, but not all are created equal. Each has their own strengths and weaknesses, and can be done on a different time scale.This week, we focus on arguably one of the most important - adversary emulation. In this episode we speak with Jamie Williams from the MITRE ATT&CK team about why adversary emulation is important, how it works, how you can get started regardless of the size of your team, and how to track and run an adversary emulation test.

    Our guest: Jamie Williams
    Jamie Williams is a Principal Adversary Emulation Engineer for the MITRE Corporation where he works on various exciting efforts involving security operations and research, specializing in adversary emulation and behavior-based detections. He also leads teams that help shape and deliver the “adversary-touch” within ATT&CK® and ATT&CK Evaluations.
    Follow Jamie Williams on Twitter (@jamieantisocial) and LinkedIn (/in/jamie-williams-108369190).

    Sponsor's Note
    Support for the Blueprint podcast comes from the SANS Institute.

    Since the debut of SEC450, we’ve always had students interested in a matching course covering the management and leadership aspects of running a SOC. If you like the topics in this podcast and would like to learn more about Blue Team leadership and management, check out the new MGT551: Building and Leading Security Operations Centers. This new course is designed for Security Team leaders looking to build, grow and operate a security operation center with peak efficiency. It’s a hands-on technical leadership course, that takes you through everything from scoping threat groups to use case creation, threat hunting, planning, SOC maturity and detection assessment and much much more.

    Check out the course syllabus, labs and a free demo at sansurl.com/551
    Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
    Follow John Hubbard: Twitter | LinkedIn

    • 49 min
    Josh Johnson: PowerShell and Defensive Automation for the Blue Team

    Josh Johnson: PowerShell and Defensive Automation for the Blue Team

    PowerShell may seem intimidating, but it can be one of the most amazing and useful tools at your disposal...if you know how to use it. In this episode, we have Josh Johnson, author of the new SANS course "SEC586: Blue Team Operations - Defensive Powershell" giving you a masterful crash course in:

    - The importance of PowerShell
    - How PowerShell works, and how to set yourself up to use it
    - Blue team use cases for log analysis, incident response and more
    - How to stopping attackers from leveraging PowerShell
    - Some of the amazing automation and playbook opportunities you may be missing out on.

    Lots of actionable content for defenders here, don't miss in this episode!


    Our Guest: Josh Johnson
    Josh Johnson is a SANS Certified Instructor and course author of SEC586: Blue Team Operations: Defensive PowerShell. He has been working in the Information Security industry for over 10 years in varying roles with responsibilities ranging from penetration testing to incident response. Josh was Purple Teaming since before it had a name and used his offensive security skill set to find and pursue his true passion - Blue Team. Since then, he has been helping organizations of all sizes, and in varying industries from healthcare to retail to finance, improve their cyber defense capabilities.
    More About Josh

    Follow Josh:  Twitter | LinkedIn

    Sponsor's Note:
    Support for the Blueprint podcast comes from the SANS Institute.

    If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.

    This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.

    Check out the details at sansurl.com/450! Hope to see you in class!

    Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
    Follow John Hubbard: Twitter | LinkedIn

    • 48 min
    Chris Baker: Get A Handle On Your Vulnerabilities

    Chris Baker: Get A Handle On Your Vulnerabilities

    This episode is all about vulnerability management - both the technical and human aspects. Looking to start up a new vulnerability management team? Drowning in vulnerabilities to fix and don't know where to start? Struggling to get system owners to take action? Trying to find ways to communicate the importance and status of your patching efforts?

    Check out this episode with vulnerability management expert Chris Baker for answer these to questions and much more!

    Our Guest: Chris Baker
    Chris Baker is an Information Security Leader with a deep background in information security including strategy development and operational excellence that has created highly efficient teams and delivered large impacts to the business value chain. He is a skilled risk management and information security professional with the versatility to lead large and diverse matrix teams and deep-dive into complex technical problems. A proven track record of collaborating effectively at all business levels while directing changes on a global, enterprise-wide scale.

    Follow Chris Baker
    @bakerc | LinkedIn

    Sponsor Note
    Support for the Blueprint podcast comes from the SANS Institute.

    Are you looking for the best in-depth training for your cyber defense team? Look no further than SANS blue team curriculum courses!

    Whether you focus on network or host data, Windows or Linux, or even specialize in open source intel, SIEM, SOC, or defensive architecture, the SANS Blue Team curriculum has the course for you. From long-time classics like SEC503 Network Intrusion Detection to the newer SEC530 Defensible Security Architecture and Engineering and SEC487 Open Source Intelligence Gathering - we've got you covered, no matter what your specialty.

    With an extensive archive of free webcasts on the SANS site, and free online demos available for most courses, you can easily check out the SANS blue team catalog and see which course is the best fit for you and your team.

    Check out the constantly growing list of available courses at sansurl.com/blueteamops
    Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
    Follow John Hubbard: Twitter | LinkedIn

    • 39 min

Customer Reviews

4.9 out of 5
106 Ratings

106 Ratings

Chris Mc.38 ,

A must-listen for Blue Teamers

Great podcast; super useful information!

Ed15un ,

Great Resource for Blue Team

Really great content for Blue Team. Great speakers, topics and interviews. Thank you, keep it coming.

SecEnthused ,

Excellent content

They get right to the point, no unnecessary fluff. Long enough to get into details, but under an hour which I like. Great guest speakers.

Top Podcasts In Technology

Lex Fridman
Jason Calacanis
Jack Rhysider
NPR
Tristan Harris and Aza Raskin, The Center for Humane Technology
Jason Calacanis

You Might Also Like

Johannes B. Ullrich
CyberWire, Inc.
Cybereason
CISO Series
CyberWire Inc.
Jack Rhysider