Blueprint: Build the Best in Cyber Defense

About

Are you a cyber defender looking to keep up on the newest tools, technology, and security concepts? Then BLUEPRINT is the podcast for you! Tune in to hear the latest in cyber defense and security operations from blue team leaders and experts. With a focus on learning, BLUEPRINT includes interviews with today’s top security practitioners defending the world’s most respected brands, and in-depth explanations on the newest technologies, protocols, and defensive tools. BLUEPRINT, is a podcast hosted by John Hubbard and brought to you by the SANS Institute. BLUEPRINT - your one-stop shop for taking your defense skills to t...

Episodes

• The 2 AM Call: A Ransomware Negotiator's Playbook with Wade Gettle 2026-02-09

  In this episode of Blueprint: Build the Best in Cyber Defense, professional ransomware negotiator Wade Gettle discusses the complexities of communicating with threat actors during cyber incidents, offering insights into negotiation tactics…

• Infiltration Alert! How to Catch Fake IT Employees in Your Network with Zak Stufflebeam 2026-01-05

  In this episode of Blueprint: Build the Best in Cyber Defense, guest Zak Stufflebeam discusses a case study involving fake IT employees infiltrating an organization. The discussion covers detection tactics for unauthorized access, suspicio…

• Leading by Example: Confidence and Responsibility in Cybersecurity with Zak Stufflebeam 2025-08-19

  Zak Stufflebeam shares his experience transitioning from the military to leading cybersecurity at an insurance company, highlighting key leadership lessons on confidence and maintaining focus under pressure.

• From the SANS Cyber Leaders Podcast: Fighting Back with John Hubbard 2025-06-27

  In this episode from the SANS Cyber Leaders Podcast, John Hubbard joins hosts James Lyne and Ciaran Martin to discuss the evolving threat landscape and strategies for SOC teams. Hubbard shares insights on early threat detection, defense te…

• Redefining Security Operations: Lessons in AI Integration with James Spiteri 2025-06-12

  This episode of Blueprint features James Spiteri discussing AI's impact on Security Operations Centers with host John Hubbard. They cover AI technologies like agentic models and automation, their role in enhancing SOC efficiency, and the f…

• From Special Forces to Cybersecurity: Rich Greene on Communication and Persuasion in Infosec 2025-04-09

  This episode features Rich Greene, a former Green Beret and SANS instructor, discussing his transition from military to cybersecurity. He emphasizes the importance of communication, persuasion, and foundational knowledge in infosec.

• SOC Dashboards Done Right with Ryan Thompson 2025-02-18

  Ryan Thompson shares insights on creating effective SOC dashboards that focus on threat detection rather than aesthetics. The episode covers why many dashboards fail, how to structure them for SIEM and EDR, and the importance of visualizin…

• Success Simplified - The 3 Step Process for Hitting Your Career Goals in 2025 with John Hubbard 2025-01-01

  This mini-episode of Blueprint features John Hubbard discussing a personal system for productivity to help listeners achieve their 2025 career goals. The episode includes productivity tips, inspiration, and book recommendations such as Sim…

• How Phishing Resistant Credentials Work with Mark Morowczynski and Tarek Dawoud 2024-12-02

  Mark Morowczynski and Tarek Dawoud explain phishing resistant credentials, covering their functionality, implementation, and the future of identity security. The discussion includes passwordless login, detecting identity attacks, and utili…

• From Clues to Containment - Unraveling A Gift Card Fraud Scheme with Mark Jeanmougin 2024-10-09

  Host John Hubbard and guest Mark Jeanmougin delve into a sophisticated gift card fraud scheme, covering how the incident was identified, investigated, contained, and the lessons learned from the experience.

• How GenAI is Changing Your SOC for the Better with Seth Misenar 2024-10-09

  This episode features Seth Misenar discussing Generative AI and LLM usage in Security Operations Centers (SOCs). Topics include natural language processing for security, AI in phishing detection, its effect on entry-level SOC roles, and po…

• Bonus Episode: What does it take to author a cybersecurity book? 2023-08-03

  This bonus episode of the Blueprint podcast features John, Kathryn, Ingrid, and Carson discussing the process and effort involved in writing and self-publishing a cybersecurity book, "11 Strategies of a World-Class Cybersecurity Operations…

• Strategy 11: Turn up the Volume by Expanding SOC Functionality 2023-07-18

  This episode covers testing SOC functionality through Threat Hunting, Red/Purple Teaming, Adversary Emulation, Breach and Attack Simulation, and tabletop exercises. It also discusses cyber deception types and tactics to frustrate attackers.

• Strategy 10: Measure Performance to Improve Performance 2023-07-10

  This episode of the Blueprint Podcast discusses measuring team performance in cybersecurity to identify issues and improve continuously. It is part of a season diving into MITRE’s 11 Strategies of a World-Class Cyber Security Operations Ce…

• Strategy 9: Communicate Clearly, Collaborate Often, Share Generously 2023-07-05

  This episode of Blueprint podcast, featuring authors Kathryn Knerler, Ingrid Parker, and Carson Zimmerman, discusses MITRE's Strategy 9: Communicate Clearly, Collaborate Often, Share Generously. It emphasizes the importance of communicatio…

• Strategy 8: Leverage Tools and Support Analyst Workflow 2023-06-26

  This episode of Blueprint focuses on the critical role of tool selection in supporting security analysts

• Blueprint Live at the SANS Blue Team Summit 2023 2023-06-22

  This episode features a live recording from the SANS Blue Team Summit 2023 with host John Hubbard and guests Kathryn Knerler, Ingrid Parker, and Carson Zimmerman. They share insights on building a successful SOC and navigating emerging cyb…

• Strategy 7: Select and Collect the Right Data 2023-06-19

  The podcast episode "Strategy 7: Select and Collect the Right Data" addresses the challenge security teams face in choosing and collecting the most valuable data from various sources like endpoints, networks, and the cloud. Hosts Kathryn,…

• Strategy 6: Illuminate Adversaries with Cyber Threat Intelligence 2023-06-12

  This episode of the Blueprint Podcast features Ingrid Parker, Carson Zimmerman, and Kathryn Knerler discussing how Cyber Threat Intelligence (CTI) can guide security teams in prioritizing defensive efforts by identifying the most probable…

• Strategy 5: Prioritize Incident Response 2023-06-05

  Carson, Ingrid, and Kathryn discuss preparing for and executing effective incident response. The episode covers preparation, planning, and execution, aiming to teach teams how to act quickly when problems arise.

• Strategy 4: Hire AND Grow Quality Staff 2023-05-29

  This episode of the Blueprint Podcast focuses on the 'People' aspect of a SOC, discussing recruitment strategies, essential skills, and backgrounds for successful hires. It also covers post-hire development, including training, growth, and…

• Strategy 3: Build a SOC Structure to Match Your Organizational Needs 2023-05-22

  This episode of Blueprint discusses how to structure a Security Operations Center (SOC) to meet organizational needs. It covers topics like tiered versus tierless models, core capabilities, centralized versus distributed structures, outsou…

• Strategy 2: Give the SOC the Authority to Do Its Job 2023-05-15

  This episode of Blueprint discusses the importance of giving a Security Operations Center (SOC) the necessary authority to function effectively. It covers who the SOC should report to and what should be included in its charter, based on ch…

• Strategy 1: Know What You Are Protecting and Why 2023-05-08

  This episode of Blueprint discusses chapter 1, 'Know What You're Protecting and Why,' from MITRE’s 11 Strategies of a World-Class Cyber Security Operations Center. It emphasizes the importance for a SOC to understand the organization's mis…

• 11 Strategies of a World-Class Security Operations Center: Fundamentals 2023-05-08

  This Blueprint podcast episode discusses the 'Fundamentals' chapter of MITRE's 11 Strategies of a World-Class Cybersecurity Operations Center with the book's authors. Topics include SOC functions, workflow basics, cyber threat intelligence…

• Get Ready, A Very Special Season 4 Is On the Way! 2023-05-01

  Blueprint podcast is launching Season 4 on May 8th, focusing on MITRE’s “11 Strategies of a World-Class Cybersecurity Operations Center.” Host John Hubbard and authors Kat Knerler, Ingrid Parker, and Carson Zimmerman will discuss each stra…

• Brandon Evans: Cloud Security - Threats and Opportunities 2022-09-13

  Brandon Evans, SANS instructor and lead author of SEC510, joins the Blueprint podcast to discuss cloud security. Topics include the risks of cloud workloads, migrating applications, and adopting a cloud-native approach for improved securit…

• Joe Lykowski: Building a Transparent, Data-Driven SOC 2022-09-06

  This episode features Joe Lykowski discussing the establishment of a mature, transparent, and effective SOC. Lykowski shares insights on metrics, team development, and strategic priorities for SOCs of all sizes.

• Rob Lee: Training and Reskilling in Cyber Security 2022-08-30

  Rob Lee, Chief Curriculum Director at the SANS Institute, discusses strategies for developing and testing cyber security skills. The episode covers improving knowledge, hiring skilled candidates, and staying current in the fast-paced cyber…

• Jaron Bradley: Securing Enterprise macOS 2022-08-23

  Jaron Bradley, macOS Detections Lead at Jamf, joins the Blueprint Podcast to discuss securing enterprise macOS. The episode covers data sources, third-party agents for security monitoring, and methods for detecting persistence mechanisms a…

• Alexia Crumpton: MITRE ATT&CK for Defenders 2022-08-16

  This episode features Alexia Crumpton, Defensive Lead of ATT&CK from MITRE, discussing the MITRE ATT&CK framework. Alexia highlights key aspects relevant to blue team members, including analytics, threat groups, and detection opportunities.

• Cat Self: macOS and Linux Security 2022-08-09

  Cat Self, an expert from MITRE, discusses macOS and Linux security on the Blueprint podcast, covering defense tools, attacker tactics, and future trends for these operating systems.

• Corissa Koopmans and Mark Morowczynski: Azure AD Threat Detection and Logging 2022-08-02

  This episode features Microsoft experts Corissa Koopmans and Mark Morowczynski discussing Azure AD threat detection and logging. They cover essential log sources, the new Microsoft security operations guide, and standardized dashboards to…

• Tony Turner: Securing the Cyber Supply Chain 2022-07-26

  John and Fortress VP of R&D Tony Turner discuss current cyber industry trends and strategies for securing the cyber supply chain.

• Mark Orlando: Building a Stronger Blue Team 2022-07-19

  Mark Orlando rejoins the Blueprint podcast to discuss his Black Hat 2022 presentation with Dr. Daniel Shore. The episode explores team dynamics and how mapping multi-team systems can enhance incident response activities.

• Blueprint Live at SANSFIRE 2022: A panel with Heather Mahalik, Katie Nickels and Jeff McJunkin 2022-07-14

  John Hubbard hosted a panel with cybersecurity experts Heather Mahalik, Katie Nickels, and Jeff McJunkin at SANSFIRE 2022. They discussed current cyber industry trends and provided insights on future cyber defense strategies.

• David Hoelzer: Threat Detection with Machine Learning and AI 2022-07-12

  Guest Dave Hoelzer joins the Blueprint podcast to discuss the practical applications and limitations of AI and machine learning in threat detection. Hoelzer, an expert with 25 years in IT and security, clarifies what these technologies are…

• James Rowley: Creating and Running an Insider Threat Program 2022-07-12

  James Rowley, a detection engineer, explains how to identify malicious intent and plan for insider threats within a network on the Blueprint podcast. He merges blue team and insider threat concepts to advance detection strategies.

• Dean Parsons: Cyber Security for OT and ICS 2022-07-12

  This episode features Dean Parsons discussing the critical need to defend industrial control systems (ICS) and critical infrastructure against increasing cyber threats like ransomware. Parsons, with over 20 years of experience in IT and IC…

• John Hubbard: Your Top Cyber Defense Questions Answered from Seasons 1 + 2 2022-07-01

  In this mailbag episode of Blueprint, John Hubbard addresses listener questions covering the current XDR trend, how other teams can support SOC activities, and the definition of a security mindset.

• John Hubbard: Key lessons and takeaways from Blueprint Season 2 + A Special Announcement! 2021-06-08

  In this season finale, John Hubbard reviews key highlights from the second season of the Blueprint podcast and shares news regarding a new GIAC certification for blue teamers.

• Mark Morowczynski & Thomas Detzner: Microsoft Incident Response Playbooks 2021-06-01

  Thomas Detzner and Mark Morowczynski discuss Microsoft's newly released incident response playbooks, which standardize responses to common threat scenarios by detailing prerequisites, investigation steps, and remediation processes.

• AJ Yawn: Cloud, Compliance and Automating Security 2021-05-25

  This episode features AJ Yawn discussing actionable cloud security concepts and tools to enhance team visibility and prevent breaches. The conversation also covers improving compliance audits, turning them from a chore into a valuable proc…

• Jamie Williams: Adversary Emulation 2021-05-18

  Jamie Williams explains the significance and methodology of adversary emulation for testing SOC capabilities. The discussion covers how to implement these tests, even for small teams, and methods for tracking and executing them.

• Josh Johnson: PowerShell and Defensive Automation for the Blue Team 2021-05-11

  This episode features Josh Johnson, author of the SANS course "SEC586: Blue Team Operations - Defensive Powershell." He discusses the importance and uses of PowerShell for blue teams, including log analysis, incident response, and automati…

• Chris Baker: Get A Handle On Your Vulnerabilities 2021-05-04

  This episode of Blueprint features vulnerability management expert Chris Baker, discussing both the technical and human elements of the practice. It addresses common challenges such as starting a new team, prioritizing fixes, gaining stake…

• Mick Douglas & Flynn Weeks: Simplifying your Logging Strategy with the What2Log Project 2021-04-27

  Mick Douglas and Flynn Weeks explain their What2Log project, which simplifies the process of identifying the most important cybersecurity logs for defenders. They share their expertise on logging strategy and its importance in cyber defens…

• Anton Chuvakin: The Current State and Future of Security Operations 2021-04-20

  John hosts security expert Anton Chuvakin to discuss current and future security operations technology, automation in the SOC, and how to set up a modern Security Operations Center for a cloud-native organization.

• Rob van Os: Maturing your Cyber Defense 2021-04-13

  This episode features Rob van Os discussing the SOC CMM for measuring SOC maturity, the MaGMa Use Case Framework for SOC use cases, and the Tahiti threat hunting methodology for demonstrating ROI on threat hunting efforts. Rob van Os is a…

• AppSec, DevOps and DevSecOps 2021-04-06

  This episode of Blueprint discusses AppSec, DevOps, and DevSecOps, emphasizing their importance for cyber defense. Tanya Janca, founder of We Hack Purple and author of 'Alice and Bob Learn Application Security', shares her extensive experi…