In today’s episode, John is joined by Anton Chuvakin to discuss current and future security operations technology, which tools are the most important and which are becoming less important over time, the rules of automation in the SOC and how Anton would setup a modern Security Operations Center for a Cloud native organization.

Today's Guest: Anton Chuvakin
Dr. Anton Chuvakin is a recognized security expert in the field of log management, SIEM and PCI DSS compliance. He is now involved with security solution strategy at Google Cloud, where he arrived via Chronicle Security (an Alphabet company) acquisition in July 2019. 

He is an author of books "Security Warrior", "Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management" and ""PCI Compliance, Third Edition: Understand and Implement Effective PCI Data Security Standard Compliance"" (book website) and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and other books. 

Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, security management. His blog "Security Warrior" was one of the most popular in the industry. In addition, Anton teaches classes and presents at many security conferences across the world; he addressed audiences in United States, UK, Australia, Singapore, Spain, Russia and other countries. He works on emerging security standards and serves on advisory boards of several security start-ups.

Follow Anton
Twitter:  @anton_chuvakin
LinkedIn: /in/chuvakin

Check out the constantly growing list of available courses at sansurl.com/blueteamops
Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter | LinkedIn

Are you a manager looking to build or improve your SOC? Are you trying to understand how to measure your SOCs maturity or use cases or your threat hunting efforts? If so, today’s episode with Rob van Os is for you. In this episode, we discuss the SOC CMM for SOC maturity measurement, the magma use case framework for building and tracking SOC use cases, and the Tahiti threat hunting methodology for showing ROI on threat hunting.


Our Guest is Rob van Os
Rob van Os, MSc., CISSP, ISSAP is a senior security advisor working for CZ group. Until recently, Rob was the Product Owner of the Cyber Defense Center of a Dutch bank and as such responsible for cyber security operations. Rob obtained a Bachelor's degree in Computer Science in 2009 and a Master's degree in Information Security in 2016. Rob is the author of the SOC-CMM and lead author of the MaGMa UCF and the TaHiTI methodology.

Follow Rob:
Linkedin: /in/cyberdefensespecialist
Website:  https://www.soc-cmm.com/  

Sponsor's Note:
Support for the Blueprint podcast comes from the SANS Institute.

If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.

This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.

Check out the constantly growing list of available courses at sansurl.com/blueteamops
Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter | LinkedIn

What is AppSec, DevOps and DevSecOps? In this episode we discuss why defenders should know more about these terms and what the consequences are of ignoring these new and critical fields.

Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.

Advisor: Nord VPN, Cloud Defense, NeuraLegion, ICTC PAC, WoSEC

Founder: We Hack Purple, WoSEC International (Women of Security), OWASP DevSlop, #CyberMentoringMonday

Support for the Blueprint podcast comes from the SANS Institute.


Check out the constantly growing list of available courses at sansurl.com/blueteamops
Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter | LinkedIn

Driving consistency and maintaining a high standard for alert response is a problem all SOCs must face, but how? In this episode, Josh Brower describes his efforts to combine automated detection signature deployment and use case database management into a single, easy to use app for Security Onion. Whether you use Security Onion or not, this episode dives into the design principles and workflow Josh used when designing the new open-source Playbook app and there’s something to learn from it for everyone on the Blue Team.

Our Guest - Josh Brower
Josh Brower has been crashing computers since his teens, and now feels fortunate to be doing it professionally. He has spent the last 12 years focusing on InfoSec, particularly network and endpoint detection. He also enjoys teaching around InfoSec issues, especially to non-technical learners - helping them to understand how their actions in the digital world have real-world consequences, as well as how to proactively reduce the risk.

Follow Josh
Twitter: @DefensiveDepth
LinkedIn: /in/joshbrower
Web: https://defensivedepth.com


Support for the Blueprint podcast comes from the SANS Institute
Are you looking for the best in-depth training for your cyber defense team? Look no further than SANS blue team curriculum courses!

Whether you focus on network or host data, Windows or Linux, or even specialize in open source intel, SIEM, SOC, or defensive architecture, the SANS Blue Team curriculum has the course for you. From long-time classics like SEC503 Network Intrusion Detection to the newer SEC530 Defensible Security Architecture and Engineering and SEC487 Open Source Intelligence Gathering - we've got you covered, no matter what your specialty.

With an extensive archive of free webcasts on the SANS site, and free online demos available for most courses, you can easily check out the SANS blue team catalog and see which course is the best fit for you and your team.

Check out the constantly growing list of available courses at sansurl.com/blueteamops
Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter | LinkedIn

Even if you're not a malware analyst, any blue teamer should be able to do some initial basic malware sample triage. The good news is that this is quite easy to do using freely available tools once you know what is available. Join John in this conversation with Ryan Chapman as they discuss how to reverse engineer malware and why you might want to do so.

Our Guest - Ryan Chapman
Ryan Chapman works as a Principal Incident Response analyst. He also teaches SANS FOR610: Reverse Engineering Malware and is the lead organizer for CactusCon, Arizona's hcaker conference. Ryan has worked in Security Operations Center and Computer Incident Response Team roles that handled incidents from inception all the way through remediation. Reviewing log traffic; researching domains and IPs; hunting through log aggregation utilities; sifting through pack captures; analyzing malware; and performing host and network forensics are all things that Ryan loves to do. With Ryan, it's all about the blue team!

Follow Ryan
Twitter: @rj_chap
LinkedIn: /in/ryanjchapman
Web: https://incidentresponse.training

Sponsor's Note:
Support for the Blueprint podcast comes from the SANS Institute.

If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.

This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.

Check out the details at sansurl.com/450  Hope to see you in class!

Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter | LinkedIn

Looking for a new way to approach the difficult problem of measuring and improving your SOC? Check out this episode to hear how to use methods pioneered in the manufacturing and reliability industry to help wrap your head around, and solve this complex issue. You don’t want to miss this episode with Jon Hencinski, Director of Operations at Expel who covers all of this and more.

Our guest - Jon Hencinski
Jon Hencinski is the Director of Global Operations at Expel. In this role, he’s responsible for the day-to-day operations of Expel’s security operations center (SOC) and detection and response engineering. He oversees how Expel recruits, trains, and develops security analysts. Jon has over a decade of experience in the areas of SOC operations, threat detection, and incident response. Prior to Expel, Jon worked at FireEye, BAE Systems, and was an adjunct professor at The George Washington University.

Follow Jon
Twitter: @jhencinski
LinkedIn: /in/jonathanhencinski
Web: https://hencinski.medium.com

Support for the Blueprint podcast comes from the SANS Institute.

Since the debut of SEC450, we’ve always had students interested in a matching course covering the management and leadership aspects of running a SOC. If you like the topics in this podcast and would like to learn more about Blue Team leadership and management, check out the new MGT551: Building and Leading Security Operations Centers. This new course is designed for Security Team leaders looking to build, grow and operate a security operation center with peak efficiency. It’s a hands-on technical leadership course, that takes you through everything from scoping threat groups to use case creation, threat hunting, planning, SOC maturity and detection assessment and much much more.

Check out the course syllabus, labs and a free demo at sansurl.com/551

Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter | LinkedIn

Austin Taylor discusses the promise and reality of cyber security-centric data science, and how you can use machine learning for solving practical security problems.

Twitter Handles: @HuntOperator | @SecHubb | @SANSDefense

All Blueprint Podcast Episodes: sans.org/blueprint-podcast

Roberto Rodriguez explains the awesome projects and initiatives he is working on to help blue teams perform advanced data collection, analysis, and threat hunting.

Twitter Handles: @Cyb3rWard0g | @SecHubb | @SANSDefense

All Blueprint Podcast Episodes: sans.org/blueprint-podcast

Cloud expert Kyle Dickinson discusses common cloud infrastructure attacks, and how you can detect and prevent them before they happen to your organization.

Twitter Handles: @KyleHaxWhy | @SecHubb | @SANSDefense

All Blueprint Podcast Episodes: sans.org/blueprint-podcast

Mark and Libby share the new technologies in use at Microsoft to dramatically decrease the need for the use of passwords in the enterprise.

Twitter Handles: @markmorow | @TruBluDevil | @SecHubb | @SANSDefense

All Blueprint Podcast Episodes: sans.org/blueprint-podcast

Dave and Ryan speak with John about resources for training yourself, and the challenges of setting up a large-scale cyber lab to simulate an advanced attack for their Splunk Boss of the SOC competition.

Twitter Handles: @daveherrald | @meansec | @SecHubb | @SANSDefense

All Blueprint Podcast Episodes: sans.org/blueprint-podcast

Katie Nickels talks about what threat intelligence is, where to get it, what you should expect from it, and how the SOC should be using it.

Twitter Handles: @likethecoins | @SecHubb | @SANSDefense

All Blueprint Podcast Episodes: sans.org/blueprint-podcast

Mary Chaney shares what types of laws we should be concerned about. She discusses her thoughts on privacy laws and how that will drive cyber security, and what she’s doing to get more diverse representation in the industry at all levels.

Twitter Handles: @MaryNChaney | @SecHubb | @SANSDefense

All Blueprint Podcast Episodes: sans.org/blueprint-podcast

Chris Sanders and Stef Rand discuss qualitative research they conducted on how to use divergent or convergent thinking for improving the quality of your analysis.

Twitter Handles: @ChrisSanders88 | @techieStef | @SecHubb | @SANSDefense

All Blueprint Podcast Episodes: sans.org/blueprint-podcast

Hear host John Hubbard share info on his background, his inspiration and goals for this podcast and his insights on ‘The Art of Blue Teaming”.

Twitter Handles: @SecHubb | @SANSDefense

All Blueprint Podcast Episodes: sans.org/blueprint-podcast

In our very first guest interview with Mark Orlando, John asks Mark questions to help us re-evaluate our security operations.

Twitter Handles: @MarkAOrlando | @SecHubb

All Blueprint Podcast Episodes: sans.org/blueprint-podcast

Blueprint brings you the latest in cyber defense and security operations from top blue team leaders. Blueprint is brought to you by the SANS Institute and is hosted by SANS Certified Instructor John Hubbard.


Twitter Handles: @SecHubb | @SANSDefense

All Blueprint Podcast Episodes: sans.org/blueprint-podcast