Have you ever wondered what it takes to write and publish an information security book? In this special bonus episode following season 4, John discusses with Kathryn, Ingrid, and Carson the challenges and rewards of self-publishing, and the kin

Strategy 11: Turn up the Volume by Expanding SOC Functionality

Jul 18th, 2023 1h 27m

"This final chapter of the book is no simple closer! "Turn Up the Volume by Expanding SOC Functionality" covers testing that your SOC is functioning as intended through activities such as Threat Hunting, Red and Purple Teaming, Adversary Emulat

Strategy 10: Measure Performance to Improve Performance

Jul 10th, 2023 54m 4s

"Metrics, is there any more confusing and contentious topic in cybersecurity? In this episode the authors cover their advice and approach to measuring your team so that issues can be quickly identified and performance can continuously improve!T

Strategy 9: Communicate Clearly, Collaborate Often, Share Generously

Jul 5th, 2023 1h 4m

"Research has shown that communication is one of the most important factors for success in security incident response teams. In this chapter, the authors discuss the critical types of information that must be shared within the SOC, with the con

Strategy 8: Leverage Tools and Support Analyst Workflow

Jun 26th, 2023 1h 26m

Tool choice can be a make-or-break decision for security analysts, driving whether getting work done is a struggle, or an efficient, stress-free experience. How can we select the right tools for the job? Which tools are most important? Answers

Bonus

Blueprint Live at the SANS Blue Team Summit 2023

Jun 22nd, 2023 1h 6m

In this special live recording from the SANS Blue Team Summit 2023, Kathryn Knerler, Ingrid Parker, and Carson Zimmerman joined John Hubbard they share their insights and expertise with attendees by answering their pressing questions. From disc

Strategy 7: Select and Collect the Right Data

Jun 19th, 2023 1h 4m

There's no denying that the average security team is completely overwhelmed with options for data to collect. With a deluge of endpoint, network, and cloud data sources to collect, how to do we identify and collect the most useful data sources?

Strategy 6: Illuminate Adversaries with Cyber Threat Intelligence

Jun 12th, 2023 59m 3s

Every security team has limited budget and time, how do you know where to focus? Cyber Threat Intelligence provides those answers! In this episode, Ingrid, Carson and Kathryn describe how we can use CTI to focus our defensive efforts to underst

Strategy 5: Prioritize Incident Response

Jun 5th, 2023 1h 26m

No security team is perfect, so in this episode, authors Carson, Ingrid, and Kathryn discuss what it takes to prepare for fast, effective incident response capability. Covering preparation, planning and execution, Strategy 5 will teach your tea

Strategy 4: Hire AND Grow Quality Staff

May 29th, 2023 1h 14m

In this episode we dive deep on the "People" factor of the SOC. Who should you hire, what skills should you hire for, what backgrounds are most likely to lead to success for your team? We also get into what happens after the hire - training, gr

Strategy 3: Build a SOC Structure to Match Your Organizational Needs

May 22nd, 2023 1h 13m

In this episode we discuss how to decide on the right org structure and capabilities of your SOC. This includes questions like tiered vs. tierless models, which capabilities the SOC should focus on, centralized vs. distributed SOCs, outsourcing

Strategy 2: Give the SOC the Authority to Do Its Job

May 15th, 2023 38m 9s

Though a SOC is responsible for protecting your organization's assets, it is not the owner of those systems. If the SOC is not established with a clear charter and authority to act, it may quickly become difficult to be effective. Who should th

Strategy 1: Know What You Are Protecting and Why

May 8th, 2023 1h 3m

As the saying goes, "If you don't know where you're going, any road will take you there!" - an approach that is disastrous to a SOC. In order to succeed, the SOC must have a clear understanding of where they are going, how they're going to get

11 Strategies of a World-Class Security Operations Center: Fundamentals

May 8th, 2023 56m 34s

Welcome to a brand new season of Blueprint! In this intro episode we discuss "Fundamentals" chapter of the "11 Strategies of a World Class Cybersecurity Operations Center" with the authors. We get into the motivation behind updating the book an

Trailer

Get Ready, A Very Special Season 4 Is On the Way!

May 1st, 2023 2m 42s

Hello Blueprint listeners! We’re excited to announce that the release of season 4 of Blueprint is just around the corner, and we’ve got something very special cooked up for you. We’ve teamed up with the authors of MITRE’s “11 Strategies of a Wo

Brandon Evans: Cloud Security - Threats and Opportunities

Sep 13th, 2022 50m 53s

Ever wonder how a cloud and application security expert views risks of cloud workloads? Well, wonder no more because on this episode we have Brandon Evans - SANS Certified Instructor and lead author of SEC510: Public Cloud Security. We cover th

Joe Lykowski: Building a Transparent, Data-Driven SOC

Sep 6th, 2022 56m 24s

In this episode we speak with Joe Lykowski - Cyber Defense Lead at a major manufacturing company on what it takes to build a mature, transparent, and effective SOC. Joe brings years of experience to the table in running a large organization’s s

Rob Lee: Training and Reskilling in Cyber Security

Aug 30th, 2022 52m 1s

Many of us are either looking to start a cyber security career, improve our knowledge and skills to further our career, or hire a team that has the most skilled and promising candidates. In this special episode with Rob Lee, Chief Curriculum Di

Jaron Bradley: Securing Enterprise macOS

Aug 23rd, 2022 59m 54s

In this episode of the Blueprint Podcast, we cover monitoring and securing macOS in an enterprise environment at scale with Jaron Bradley, Threat Detection lead at Jamf. We discuss the ups and downs of Apple's approach to macOS data collection

Alexia Crumpton: MITRE ATT&CK for Defenders

Aug 16th, 2022 43m 44s

One of the best frameworks that showed up within the last 5 or so years is undoubtedly the MITRE ATT&CK® framework. Many of us may know about it in passing and even reference from time to time, but very few people seem to know the true depth of

Cat Self: macOS and Linux Security

Aug 9th, 2022 57m 49s

Ever wonder why there’s so little information regarding macOS and Linux-oriented attacks? In this episode, we get the answer from the multi-talented Cat Self - an Adversary Emulation Engineer at MITRE, Cyber Threat Intelligence Team Leader on

Corissa Koopmans and Mark Morowczynski: Azure AD Threat Detection and Logging

Aug 2nd, 2022 48m 42s

Nearly every organization is using Microsoft Azure AD services in some respect, but monitoring Azure AD for threats is a significantly different skill that traditional Windows logging. In this episode we have 2 experts from Microsoft, Corissa K

Tony Turner: Securing the Cyber Supply Chain

Jul 26th, 2022 48m 21s

John and Fortress Vice President of Research and Development Tony Turner share their wisdom on trends they are seeing in the cyber industry and offer advice as to how we should be looking at the Cyber Supply Chain in 2022 and beyond.Follow Tony

Mark Orlando: Building a Stronger Blue Team

Jul 19th, 2022 50m 37s

There are many technical factors that contribute to the success of a security operations team, but you need more than just tech skills for mounting a solid defense. In this episode of Blueprint we bring back previous guest Mark Orlando to talk

Blueprint Live at SANSFIRE 2022: A panel with Heather Mahalik, Katie Nickels and Jeff McJunkin

Jul 14th, 2022 1h

Host John Hubbard, Blueprint host and SANS Cyber Defense Curriculum Lead, moderated a panel of cyber security experts including Heather Mahalik, Katie Nickels and Jeff McJunkin for this powerful discussion.John and guests share their wisdom on