Training
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
Can't find what you are looking for?

Let us help.

Contact us
Resources
Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations
Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk with an expert

Blueprint Podcast

Arm yourself with the most valuable and actionable content for advancing cyber defense skills. Hear from some truly interesting people changing the game in the blue teaming field, and ultimately learn actionable ways to take your cyber defense skills to the next level.

Mark Morowczynski & Thomas Detzner: Microsoft Incident Response Playbooks | 22

We all need solid, well though-out playbooks to help standardize our respons to common threat scenarios. In this episode we speak with Thomas Detzner and Mark Morowczynski about the brand new set of Microsoft incident response playbooks that were just released. This is a brand new effort to meticulously document prerequisites, investigation steps, and remediation process for common scenarios most commonly seen by the Microsoft incident response teams, and you definitely won't want to miss it. Resources mentioned in this episode: Playbooks discussed in this episode - https://aka.ms/irplaybooks Azure Event Hub - https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-azure-monitor-stream-logs-to-event-hub#access-data-from-your-event-hub Security Baselines - https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1909-and-windows-server/ba-p/1023093 Security Auditing and Monitoring Reference - https://www.microsoft.com/en-us/download/details.aspx?id=52630

Podcastblueprint
  • 2021-06-01
  • John Hubbard
Listen now

Strategy 6: Illuminate Adversaries with Cyber Threat Intelligence | 44

Every security team has limited budget and time, how do you know where to focus? Cyber Threat Intelligence provides those answers! In this episode, Ingrid, Carson and Kathryn describe how we can use CTI to focus our defensive efforts to understand our most likely attacks and attackers and move towards prioritizing what truly matters. This special season of the Blueprint Podcast is taking a deep dive into MITRE’s 11 Strategies of a World-Class Cyber Security Operations Center. Each episode John will break down a chapter of the book with the book’s authors Kathryn Knerler, Ingrid Parker, and Carson Zimmerman.

Podcastblueprint
  • 2023-06-13
  • John Hubbard
Listen now

Blueprint Live at SANSFIRE 2022: A panel with Heather Mahalik, Katie Nickels and Jeff McJunkin | 28

Host John Hubbard, Blueprint host and SANS Cyber Defense Curriculum Lead, moderated a panel of cyber security experts including Heather Mahalik, Katie Nickels and Jeff McJunkin for this powerful discussion.

Podcastblueprint
  • 2022-07-13
  • John Hubbard
Listen now

How Phishing Resistant Credentials Work with Mark Morowczynski and Tarek Dawoud | 55

Mark Morowczynski returns for his 4th(!) time with his Microsoft coworker and identity and authentication expert Tarek Dawoud in this incredibly insightful conversation on the what, why, and how of phishing resistant credentials that YOU can implement right now.

Podcastblueprint
  • 2024-12-05
  • John Hubbard
Listen now

Strategy 4: Hire AND Grow Quality Staff | 42

In this episode we dive deep on the "People" factor of the SOC. Who should you hire, what skills should you hire for, what backgrounds are most likely to lead to success for your team? We also get into what happens after the hire - training, growth, and supporting your team in their skill and career development. This one is a must-listen for all the managers out there. We're all trying to build the highest skilled, most supportive team with low turnover, and the tips our authors bring to this episode on chapter 4 - "Hire AND Grow Quality Staff" will be crucial in that mission.This special season of the Blueprint Podcast is taking a deep dive into MITRE’s 11 Strategies of a World-Class Cyber Security Operations Center. Each episode John will break down a chapter of the book with the book’s authors Kathryn Knerler, Ingrid Parker, and Carson Zimmerman.

Podcastblueprint
  • 2023-05-29
  • John Hubbard
Listen now

Strategy 11: Turn up the Volume by Expanding SOC Functionality | 50

This final chapter of the book is no simple closer! "Turn Up the Volume by Expanding SOC Functionality" covers testing that your SOC is functioning as intended through activities such as Threat Hunting, Red and Purple Teaming, Adversary Emulation, Breach and Attack Simulation, tabletop exercises and more. There's even a discussion of cyber deception types and tactics, and how it can be used to further frustrate attackers. Join John, Kathryn, Ingrid, and Carson in this final chapter episode for some not to be missed tips!

Podcastblueprint
  • 2023-07-18
  • John Hubbard
Listen now

Strategy 8: Leverage Tools and Support Analyst Workflow | 47

Tool choice can be a make-or-break decision for security analysts, driving whether getting work done is a struggle, or an efficient, stress-free experience. How can we select the right tools for the job? Which tools are most important? Answers to these questions and more are in this week's episode of Blueprint!

Podcastblueprint
  • 2023-06-26
  • John Hubbard
Listen now

Chris Baker: Get A Handle On Your Vulnerabilities | 18

This episode is all about vulnerability management - both the technical and human aspects. Looking to start up a new vulnerability management team? Drowning in vulnerabilities to fix and don't know where to start? Struggling to get system owners to take action? Trying to find ways to communicate the importance and status of your patching efforts? Check out this episode with vulnerability management expert Chris Baker for answer these to questions and much more!

Podcastblueprint
  • 2021-05-04
  • John Hubbard
Listen now