BLUEPRINT

By John Hubbard

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Technology

Open in Apple Podcasts


Open RSS feed


Open Website


Rate for this podcast

Subscribers: 17
Reviews: 0

Description

Are you a cyber defender looking to keep up on the newest tools, technology, and security concepts? Then BLUEPRINT is the podcast for you! Tune in to hear the latest in cyber defense and security operations from blue team leaders and experts. With a focus on learning, BLUEPRINT includes interviews with today’s top security practitioners defending the world’s most respected brands, and in-depth explanations on the newest technologies, protocols, and defensive tools. BLUEPRINT, is a podcast hosted by John Hubbard and brought to you by the SANS Institute. BLUEPRINT - your one-stop shop for taking your defense skills to the next level!

Episode Date
Anton Chuvakin: The Current State and Future of Security Operations
2827

In today’s episode, John is joined by Anton Chuvakin to discuss current and future security operations technology, which tools are the most important and which are becoming less important over time, the rules of automation in the SOC and how Anton would setup a modern Security Operations Center for a Cloud native organization.

Today's Guest: Anton Chuvakin
Dr. Anton Chuvakin is a recognized security expert in the field of log management, SIEM and PCI DSS compliance. He is now involved with security solution strategy at Google Cloud, where he arrived via Chronicle Security (an Alphabet company) acquisition in July 2019. 

He is an author of books "Security Warrior", "Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management" and ""PCI Compliance, Third Edition: Understand and Implement Effective PCI Data Security Standard Compliance"" (book website) and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and other books. 

Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, security management. His blog "Security Warrior" was one of the most popular in the industry. In addition, Anton teaches classes and presents at many security conferences across the world; he addressed audiences in United States, UK, Australia, Singapore, Spain, Russia and other countries. He works on emerging security standards and serves on advisory boards of several security start-ups.


Follow Anton
Twitter:  @anton_chuvakin
LinkedIn: /in/chuvakin

Check out the constantly growing list of available courses at sansurl.com/blueteamops
Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter | LinkedIn

Apr 20, 2021
Rob van Os: Maturing your Cyber Defense
2938

Are you a manager looking to build or improve your SOC? Are you trying to understand how to measure your SOCs maturity or use cases or your threat hunting efforts? If so, today’s episode with Rob van Os is for you. In this episode, we discuss the SOC CMM for SOC maturity measurement, the magma use case framework for building and tracking SOC use cases, and the Tahiti threat hunting methodology for showing ROI on threat hunting.


Our Guest is Rob van Os
Rob van Os, MSc., CISSP, ISSAP is a senior security advisor working for CZ group. Until recently, Rob was the Product Owner of the Cyber Defense Center of a Dutch bank and as such responsible for cyber security operations. Rob obtained a Bachelor's degree in Computer Science in 2009 and a Master's degree in Information Security in 2016. Rob is the author of the SOC-CMM and lead author of the MaGMa UCF and the TaHiTI methodology.

Follow Rob:
Linkedin:
/in/cyberdefensespecialist
Website: 
https://www.soc-cmm.com/  

Sponsor's Note:
Support for the Blueprint podcast comes from the SANS Institute.

If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.

This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.

Check out the constantly growing list of available courses at sansurl.com/blueteamops
Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter | LinkedIn

Apr 13, 2021
AppSec, DevOps and DevSecOps
2629

What is AppSec, DevOps and DevSecOps? In this episode we discuss why defenders should know more about these terms and what the consequences are of ignoring these new and critical fields.

Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.

Advisor: Nord VPN, Cloud Defense, NeuraLegion, ICTC PAC, WoSEC

Founder: We Hack Purple, WoSEC International (Women of Security), OWASP DevSlop, #CyberMentoringMonday



Support for the Blueprint podcast comes from the SANS Institute.


Check out the constantly growing list of available courses at sansurl.com/blueteamops
Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter | LinkedIn

Apr 06, 2021
Playbook for Security Onion
1972

Driving consistency and maintaining a high standard for alert response is a problem all SOCs must face, but how? In this episode, Josh Brower describes his efforts to combine automated detection signature deployment and use case database management into a single, easy to use app for Security Onion. Whether you use Security Onion or not, this episode dives into the design principles and workflow Josh used when designing the new open-source Playbook app and there’s something to learn from it for everyone on the Blue Team.

Our Guest - Josh Brower
Josh Brower has been crashing computers since his teens, and now feels fortunate to be doing it professionally. He has spent the last 12 years focusing on InfoSec, particularly network and endpoint detection. He also enjoys teaching around InfoSec issues, especially to non-technical learners - helping them to understand how their actions in the digital world have real-world consequences, as well as how to proactively reduce the risk.

Follow Josh
Twitter: @DefensiveDepth
LinkedIn: /in/joshbrower
Web: https://defensivedepth.com


Support for the Blueprint podcast comes from the SANS Institute
Are you looking for the best in-depth training for your cyber defense team? Look no further than SANS blue team curriculum courses!

Whether you focus on network or host data, Windows or Linux, or even specialize in open source intel, SIEM, SOC, or defensive architecture, the SANS Blue Team curriculum has the course for you. From long-time classics like SEC503 Network Intrusion Detection to the newer SEC530 Defensible Security Architecture and Engineering and SEC487 Open Source Intelligence Gathering - we've got you covered, no matter what your specialty.

With an extensive archive of free webcasts on the SANS site, and free online demos available for most courses, you can easily check out the SANS blue team catalog and see which course is the best fit for you and your team.

Check out the constantly growing list of available courses at sansurl.com/blueteamops
Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter | LinkedIn

Mar 30, 2021
The Blue Teamer's Blueprint for Malware Triage
3996

Even if you're not a malware analyst, any blue teamer should be able to do some initial basic malware sample triage. The good news is that this is quite easy to do using freely available tools once you know what is available. Join John in this conversation with Ryan Chapman as they discuss how to reverse engineer malware and why you might want to do so.

Our Guest - Ryan Chapman
Ryan Chapman works as a Principal Incident Response analyst. He also teaches SANS FOR610: Reverse Engineering Malware and is the lead organizer for CactusCon, Arizona's hcaker conference. Ryan has worked in Security Operations Center and Computer Incident Response Team roles that handled incidents from inception all the way through remediation. Reviewing log traffic; researching domains and IPs; hunting through log aggregation utilities; sifting through pack captures; analyzing malware; and performing host and network forensics are all things that Ryan loves to do. With Ryan, it's all about the blue team!

Follow Ryan

Twitter: @rj_chap
LinkedIn: /in/ryanjchapman
Web: https://incidentresponse.training

Sponsor's Note:
Support for the Blueprint podcast comes from the SANS Institute.

If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.

This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.

Check out the details at sansurl.com/450  Hope to see you in class!

Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter | LinkedIn

Mar 30, 2021
SOC Metrics: Measuring Success and Preventing Burnout
2954

Looking for a new way to approach the difficult problem of measuring and improving your SOC? Check out this episode to hear how to use methods pioneered in the manufacturing and reliability industry to help wrap your head around, and solve this complex issue. You don’t want to miss this episode with Jon Hencinski, Director of Operations at Expel who covers all of this and more.

Our guest - Jon Hencinski
Jon Hencinski is the Director of Global Operations at Expel. In this role, he’s responsible for the day-to-day operations of Expel’s security operations center (SOC) and detection and response engineering. He oversees how Expel recruits, trains, and develops security analysts. Jon has over a decade of experience in the areas of SOC operations, threat detection, and incident response. Prior to Expel, Jon worked at FireEye, BAE Systems, and was an adjunct professor at The George Washington University.

Follow Jon
Twitter: @jhencinski
LinkedIn: /in/jonathanhencinski
Web: https://hencinski.medium.com

Support for the Blueprint podcast comes from the SANS Institute.

Since the debut of SEC450, we’ve always had students interested in a matching course covering the management and leadership aspects of running a SOC. If you like the topics in this podcast and would like to learn more about Blue Team leadership and management, check out the new MGT551: Building and Leading Security Operations Centers. This new course is designed for Security Team leaders looking to build, grow and operate a security operation center with peak efficiency. It’s a hands-on technical leadership course, that takes you through everything from scoping threat groups to use case creation, threat hunting, planning, SOC maturity and detection assessment and much much more.

Check out the course syllabus, labs and a free demo at sansurl.com/551

Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter | LinkedIn

Mar 30, 2021
A Machine Learning Primer for the Blue Team
2411

Austin Taylor discusses the promise and reality of cyber security-centric data science, and how you can use machine learning for solving practical security problems.

Twitter Handles: @HuntOperator | @SecHubb | @SANSDefense

All Blueprint Podcast Episodes: sans.org/blueprint-podcast

Aug 11, 2020
Empowering Security Researchers Around the World!
2438

Roberto Rodriguez explains the awesome projects and initiatives he is working on to help blue teams perform advanced data collection, analysis, and threat hunting.

Twitter Handles: @Cyb3rWard0g | @SecHubb | @SANSDefense

All Blueprint Podcast Episodes: sans.org/blueprint-podcast

Aug 04, 2020
Locking Down and Monitoring Cloud Infrastructure
2478

Cloud expert Kyle Dickinson discusses common cloud infrastructure attacks, and how you can detect and prevent them before they happen to your organization.

Twitter Handles: @KyleHaxWhy | @SecHubb | @SANSDefense

All Blueprint Podcast Episodes: sans.org/blueprint-podcast

Jul 28, 2020
Passwordless - Can it Be Done?
2441

Mark and Libby share the new technologies in use at Microsoft to dramatically decrease the need for the use of passwords in the enterprise.

Twitter Handles: @markmorow | @TruBluDevil | @SecHubb | @SANSDefense

All Blueprint Podcast Episodes: sans.org/blueprint-podcast

Jul 21, 2020
Training Yourself in a Quarantined World
2067

Dave and Ryan speak with John about resources for training yourself, and the challenges of setting up a large-scale cyber lab to simulate an advanced attack for their Splunk Boss of the SOC competition.

Twitter Handles: @daveherrald | @meansec | @SecHubb | @SANSDefense

All Blueprint Podcast Episodes: sans.org/blueprint-podcast

Jul 14, 2020
Understanding and Applying Threat Intelligence
2377

Katie Nickels talks about what threat intelligence is, where to get it, what you should expect from it, and how the SOC should be using it.

Twitter Handles: @likethecoins | @SecHubb | @SANSDefense

All Blueprint Podcast Episodes: sans.org/blueprint-podcast

Jul 07, 2020
Privacy Laws: The Future Driver of Cyber Security
2367

Mary Chaney shares what types of laws we should be concerned about. She discusses her thoughts on privacy laws and how that will drive cyber security, and what she’s doing to get more diverse representation in the industry at all levels.

Twitter Handles: @MaryNChaney | @SecHubb | @SANSDefense

All Blueprint Podcast Episodes: sans.org/blueprint-podcast

Jun 30, 2020
Creativity and Choices: Talking About Thinking
2558

Chris Sanders and Stef Rand discuss qualitative research they conducted on how to use divergent or convergent thinking for improving the quality of your analysis.

Twitter Handles: @ChrisSanders88 | @techieStef | @SecHubb | @SANSDefense

All Blueprint Podcast Episodes: sans.org/blueprint-podcast


Jun 23, 2020
The Art of Blue Teaming
1505

Hear host John Hubbard share info on his background, his inspiration and goals for this podcast and his insights on ‘The Art of Blue Teaming”.

Twitter Handles: @SecHubb | @SANSDefense

All Blueprint Podcast Episodes: sans.org/blueprint-podcast

Jun 16, 2020
Shock to the System: Re-Evaluating Your Security Operations
1975

In our very first guest interview with Mark Orlando, John asks Mark questions to help us re-evaluate our security operations.

Twitter Handles: @MarkAOrlando | @SecHubb

All Blueprint Podcast Episodes: sans.org/blueprint-podcast

Jun 16, 2020
Introducing Blueprint
123

Blueprint brings you the latest in cyber defense and security operations from top blue team leaders. Blueprint is brought to you by the SANS Institute and is hosted by SANS Certified Instructor John Hubbard.


Twitter Handles: @SecHubb | @SANSDefense

All Blueprint Podcast Episodes: sans.org/blueprint-podcast

Jun 09, 2020