Blueprint: Build the Best in Cyber Defense

SANS Institute
  • 4.9 (131)
  • TECHNOLOGY
  • UPDATED WEEKLY

Are you a cyber defender looking to keep up on the newest tools, technology, and security concepts? Then BLUEPRINT is the podcast for you! Tune in to hear the latest in cyber defense and security operations from blue team leaders and experts. With a focus on learning, BLUEPRINT includes interviews with today’s top security practitioners defending the world’s most respected brands, and in-depth explanations on the newest technologies, protocols, and defensive tools. BLUEPRINT, is a podcast hosted by John Hubbard and brought to you by the SANS Institute. BLUEPRINT - your one-stop shop for taking your defense skills to the next level!

  1. 3D AGO

    The 2 AM Call: A Ransomware Negotiator's Playbook with Wade Gettle

    What happens after you discover ransomware? You have to talk to the attackers. And that conversation can make or break your entire response. In this episode, Wade Gettle, a professional ransomware negotiator, pulls back the curtain on the high-stakes world of threat actor negotiations. Wade is the person who gets the call at 2 AM when organizations are facing their worst moment, and he's handled negotiations across every scenario imaginable. You'll learn: What actually happens in the first 72 hours of a ransomware incidentThe psychological tactics threat actors use to manufacture urgency and pressureWhy those 24-hour deadlines aren't real—and how to buy yourself timeHow threat actors research your financials, insurance policies, and supply chain before making contactWhen data validation saves companies from paying ransoms for data that isn't even theirsThe real cost of ransomware (spoiler: it's 10x the ransom amount)Why paying doesn't guarantee your data back—or that you won't get hit againThird-party breaches: the biggest risk vector right nowKey takeaway: Ransomware negotiations are psychological warfare disguised as business transactions. The best defense is being more prepared than the attackers expect you to be. Resources mentioned in this episode: ransomware.live (ransomware group tracking, info, conversations and more)ransomlook.io (ransomware group tracking and statistics)ChatGPT Ransomware Negotiation Simulator: https://chatgpt.com/g/g-679a6253574c8191a998145044b9c651-ransomsim-ransomware-negotiation-trainerWade Gettle on LinkedIn: https://www.linkedin.com/in/wade-gettle-7733704a/About the guest: Wade Gettle is a Senior Advisor at Flashpoint and serves as a Cyber Mission Planner for the New York Army National Guard. With a background in intelligence analysis, incident response, and threat intelligence, Wade brings calm to the storm when organizations face their most critical security incidents. Contact, Courses, and More: For feedback, reviews, guest pitches, or to get in contact with me for any other reason, head to blueprintpodcast.live! Check out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

    49 min

  2. JAN 5

    Infiltration Alert! How to Catch Fake IT Employees in Your Network with Zak Stufflebeam

    This episode is a big one! We kick off 2026 with a critical lessons learned on how to detect and prevent the threat of fake IT workers infiltrating your organization through the story of a REAL compromise. In this episode, repeat guest Zak Stufflebeam shares a detailed case study involving a major investigation of multiple counterfeit IT employees within a company. The episode provides valuable insights and actionable detection tactics, covering everything from unusual VPN activity and AI-generated resumes to suspicious interview responses and unauthorized access requests.  With the rise of remote work, this episode is essential listening for cyber defenders aiming to ensure their networks are clean and defensible in the new year. Contact, Courses, and More: For feedback, reviews, guest pitches, or to get in contact with me for any other reason, head to blueprintpodcast.live! Check out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

    1h 37m

  3. 08/19/2025

    Leading by Example: Confidence and Responsibility in Cybersecurity with Zak Stufflebeam

    In this episode, we sit down with Zak Stufflebeam, Director of Cybersecurity at a publicly traded insurance company. Zak shares his unique journey from the military to leading security operations, emphasizing essential leadership principles learned along the way. From his early days in basic training to leading complex cybersecurity teams, Zak’s story is one of perseverance, adaptability, and unwavering commitment. He delves into vital leadership lessons, the importance of confidence, and strategies to maintain focus and calm under pressure. This episode is packed with insights for aspiring SOC analysts and leaders looking to make an impact in their field. Contact, Courses, and More: For feedback, reviews, guest pitches, or to get in contact with me for any other reason, head to blueprintpodcast.live! Check out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

    1h 6m
  4. From the SANS Cyber Leaders Podcast: Fighting Back with John Hubbard

    06/27/2025 · BONUS

    From the SANS Cyber Leaders Podcast: Fighting Back with John Hubbard

    This podcast episode is from the SANS Cyber Leaders Podcast. The episode features Blueprint host John Hubbard, where he talks with hosts James Lyne and Ciaran Martin on the ever-changing threat landscape and how SOC teams can stay ahead. John shares his expertise on spotting threats early, how to test your defences before the real attackers show up, and why he’s on a mission to simplify cybersecurity operations for the next generation of defenders. Contact, Courses, and More: For feedback, reviews, guest pitches, or to get in contact with me for any other reason, head to blueprintpodcast.live! Check out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

    52 min

  5. 06/12/2025

    Redefining Security Operations: Lessons in AI Integration with James Spiteri

    In this episode of Blueprint, host John Hubbard sits down with James Spiteri from Elastic to explore the transformative power of AI on the SOC. They delve into how advanced AI technologies, such as agentic AI models, MCP protocol, and automation, are reshaping the SOC landscape. Discover how AI enhances SOC efficiency, reduces mundane tasks, and integrates context-aware capabilities. Learn about the real-world applications, from automation in cybersecurity operations to the challenges and promises of large language models. This discussion covers the ethical considerations, potential risks, and the promising future of SOCs powered by AI. Tune in to get inspired and see how AI might revolutionize your cyber defense strategies. Contact, Courses, and More: For feedback, reviews, guest pitches, or to get in contact with me for any other reason, head to blueprintpodcast.live! Check out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

    1h 7m

  6. 04/09/2025

    From Special Forces to Cybersecurity: Rich Greene on Communication and Persuasion in Infosec

    In this episode, we sit down with Rich Greene, a former United States Army Special Forces Green Beret and current SANS instructor for SEC275 and SEC301. Rich shares his incredible journey spanning 20 years in the Army, including his transition from military communication roles into the realm of cybersecurity. He talks about the importance of fundamentals in cybersecurity, the power of effective communication and persuasion, and dispels common misconceptions about entering the cyber field. Rich also highlights his passion for teaching and how his military background has shaped his approach to instruction and information security. Tune in for invaluable advice that applies to anyone no matter your role!.  Contact, Courses, and More: For feedback, reviews, guest pitches, or to get in contact with me for any other reason, head to blueprintpodcast.live! Check out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

    47 min

  7. 02/18/2025

    SOC Dashboards Done Right with Ryan Thompson

    In this episode, we sit down with Ryan Thompson, a seasoned expert in building dashboards that actually detect real threats—not just look pretty. With experience at Elastic, Alert Logic, and top EDR vendors, Ryan shares deep insights into the science behind effective dashboards and how security teams can cut through the noise to find the threats on your network. We cover: Why most SOC dashboards fail to deliver real insights—and how to fix them.The right way to structure dashboards for SIEM, EDR, and threat hunting.How to visualize security data effectively to make detection faster.The balance between automation, alerts, and analyst intuition.If you’re a SOC analyst, detection engineer, or security leader looking to elevate your dashboard game and sharpen your cyber threat detection skills, this is an episode you won’t want to miss! Contact, Courses, and More: For feedback, reviews, guest pitches, or to get in contact with me for any other reason, head to blueprintpodcast.live! Check out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

    1h 3m
  8. Success Simplified - The 3 Step Process for Hitting Your Career Goals in 2025 with John Hubbard

    01/01/2025

    Success Simplified - The 3 Step Process for Hitting Your Career Goals in 2025 with John Hubbard

    Surprise!! It's a mini solo episode to kick off the new year and it's on one of the most important topics there is - how to achieve your goals in 2025 and beyond! In this episode I talk about a topic I've never covered anywhere before - my personal system for productivity and how it helps me, and can likely you help you stay on track for those 2025 goals and stay aligned with what is most important in your life.  Check this episode out for some useful productivity tips, inspiration, recommendations for some of my favorite books, and fuel to get fired up for 2025!  HAPPY NEW YEAR!  Note: The episode thumbnail is the actual picture that I took of the quote that I mention seeing in the coffee shop that day in 2018.  Episode Notes Simon Sinek - Start With WhyThe 5-Fold Why TechniqueBook - The 12 Week YearBook - The ONE ThingObsidianThe Eisenhower MatrixBook - Steal Like An ArtistBook - 4000 Weeks: Time Management for MortalsContact, Courses, and More: For feedback, reviews, guest pitches, or to get in contact with me for any other reason, head to blueprintpodcast.live! Check out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

    30 min
See All (64)

Trailers

4.9
out of 5
131 Ratings

About

Are you a cyber defender looking to keep up on the newest tools, technology, and security concepts? Then BLUEPRINT is the podcast for you! Tune in to hear the latest in cyber defense and security operations from blue team leaders and experts. With a focus on learning, BLUEPRINT includes interviews with today’s top security practitioners defending the world’s most respected brands, and in-depth explanations on the newest technologies, protocols, and defensive tools. BLUEPRINT, is a podcast hosted by John Hubbard and brought to you by the SANS Institute. BLUEPRINT - your one-stop shop for taking your defense skills to the next level!

Information

You Might Also Like