Blueprint Podcast

John Hubbard: Key lessons and takeaways from Blueprint Season 2 + A Special Announcement! | 23

In this solo episode to wrap up season 2, John discusses some of the key takeaways from the guests interviewed throughout this year, and has some very exciting news for all blue teamers on a brand new GIAC certification.

GIAC GSOC

Mark Morowczynski & Thomas Detzner: Microsoft Incident Response Playbooks | 22

We all need solid, well though-out playbooks to help standardize our respons to common threat scenarios. In this episode we speak with Thomas Detzner and Mark Morowczynski about the brand new set of Microsoft incident response playbooks that were just released. This is a brand new effort to meticulously document prerequisites, investigation steps, and remediation process for common scenarios most commonly seen by the Microsoft incident response teams, and you definitely won't want to miss it.

Resources mentioned in this episode:

• Playbooks discussed in this episode - https://aka.ms/irplaybooks
• Azure Event Hub - https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-azure-monitor-stream-logs-to-event-hub#access-data-from-your-event-hub 
• Security Baselines - https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1909-and-windows-server/ba-p/1023093
  
• Security Auditing and Monitoring Reference - https://www.microsoft.com/en-us/download/details.aspx?id=52630

AJ Yawn: Cloud, Compliance and Automating Security | 21

Compliance and audit checks can be painful, and that's before you introduce additional cloud services and technology. In this episode featuring AJ Yawn we discuss some incredibly useful and actionable cloud security concepts and tools that can help your team boost visibility and reduce user permissions to help prevent breaches before they happen. In addition, we discuss what a good compliance audit should be, and how to turn audits from painful to incredibly valuable.

Resources mentioned in this episode:

• AWS CloudTrail: https://aws.amazon.com/cloudtrail
• AWS Well-Architected Framework: https://aws.amazon.com/architecture/well-architected
• AWS Config: https://aws.amazon.com/config
• AWS Organizations: https://aws.amazon.com/organizations
• AWS Service Control Policies (SCP): https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html

Jamie Williams: Adversary Emulation | 20

There are numerous ways to test your SOC's detection and prevention capabilities, but not all are created equal. Each has their own strengths and weaknesses, and can be done on a different time scale.This week, we focus on arguably one of the most important - adversary emulation. In this episode we speak with Jamie Williams from the MITRE ATT&CK team about why adversary emulation is important, how it works, how you can get started regardless of the size of your team, and how to track and run an adversary emulation test.

Josh Johnson: PowerShell for the Blue Team | 19

PowerShell may seem intimidating, but it can be one of the most amazing and useful tools at your disposal...if you know how to use it. In this episode, we have Josh Johnson, author of the new SANS course "SEC586: Blue Team Operations Defensive Powershell" giving you a masterful crash course in:

• The importance of PowerShell
• How PowerShell works, and how to set yourself up to use it
• Blue team use cases for log analysis, incident response and more
• How to stopping attackers from leveraging PowerShell
• Some of the amazing automation and playbook opportunities you may be missing out on.

Lots of actionable content for defenders here, don't miss in this episode!

Chris Baker: Get A Handle On Your Vulnerabilities | 18

This episode is all about vulnerability management - both the technical and human aspects. Looking to start up a new vulnerability management team? Drowning in vulnerabilities to fix and don't know where to start? Struggling to get system owners to take action? Trying to find ways to communicate the importance and status of your patching efforts? Check out this episode with vulnerability management expert Chris Baker for answer these to questions and much more!

Mick Douglas & Flynn Weeks: Simplifying your Logging Strategy with the What2Log Project | 17

A common question from many defenders is "Which logs are the most important?" In this episode, Mick Douglas and Flynn Weeks join us to describe their What2Log project, which aims to simplify this problem for all of us!

Anton Chuvakin: The Current State and Future of Security Operations | 16

In today's episode, John is joined by Anton Chuvakin to discuss current and future security operations technology, which tools are the most important and which are becoming less important over time, the rules of automation in the SOC and how Anton would setup a modern Security Operations Center for a Cloud native organization.

Rob van Os - Maturing your Cyber Defense | 15

Are you a manager looking to build or improve your SOC? Are you trying to understand how to measure your SOCs maturity or use cases or your threat hunting efforts? If so, today's episode with Rob van Os is for you. In this episode, we discuss the SOC CMM for SOC maturity measurement, the magma use case framework for building and tracking SOC use cases, and the Tahiti threat hunting methodology for showing ROI on threat hunting.

Tanya Janca - AppSec, DevOps and DevSecOps | 14

What is AppSec, DevOps and DevSecOps? In this episode we discuss why defenders should know more about these terms and what the consequences are of ignoring these new and critical fields.

Josh Brower - Playbook for Security Onion | 13

Driving consistency and maintaining a high standard for alert response is a problem all SOCs must face, but how? In this episode, Josh Brower describes his efforts to combine automated detection signature deployment and use case database management into a single, easy to use app for Security Onion. Whether you use Security Onion or not, this episode dives into the design principles and workflow Josh used when designing the new open-source Playbook app and there’s something to learn from it for everyone on the Blue Team.

Ryan Chapman - The Blue Teamer's Blueprint for Malware Triage | 12

Even if you're not a malware analyst, any blue teamer should be able to do some initial basic malware sample triage. The good news is that this is quite easy to do using freely available tools once you know what is available. Join John in this conversation with Ryan Chapman as they discuss how to reverse engineer malware and why you might want to do so.

Jon Hencinski - SOC Metrics: Measuring Success and Preventing Burnout | 11

Looking for a new way to approach the difficult problem of measuring and improving your SOC? Check out this episode to hear how to use methods pioneered in the manufacturing and reliability industry to help wrap your head around, and solve this complex issue. You don't want to miss this episode with Jon Hencinski, Director of Operations at Expel who covers all of this and more.

A Machine Learning Primer for the Blue Team | 10

Austin Taylor discusses the promise and reality of cyber security-centric data science, and how you can use machine learning for solving practical security problems.

Empowering Security Researchers Around the World! | 09

Roberto Rodriguez explains the awesome projects and initiatives he is working on to help blue teams perform advanced data collection, analysis, and threat hunting.

Locking Down and Monitoring Cloud Infrastructure | 08

Cloud expert Kyle Dickinson discusses common cloud infrastructure attacks, and how you can detect and prevent them before they happen to your organization.

Passwordless - Can it be done? | 07

Mark and Libby share the new technologies in use at Microsoft to dramatically decrease the need for the use of passwords in the enterprise.

Training Yourself in a Quarantined World | 06

Dave and Ryan speak with John about resources for training yourself, and the challenges of setting up a large-scale cyber lab to simulate an advanced attack for their Splunk Boss of the SOC competition.

Understanding and Applying Threat Intelligence | 05

Katie Nickels talks about what threat intelligence is, where to get it, what you should expect from it, and how the SOC should be using it.

Privacy Laws: The Future Driver of Cyber Security | 04

Mary Chaney shares what types of cyber laws we should be concerned about. She discusses her thoughts on privacy laws and how that will drive cyber security, and what she's doing to get more diverse representation in the industry at all levels.

Creativity and Choices: Talking about Thinking | 03

Chris Sanders and Stef Rand discuss qualitative research they conducted on how to use divergent or convergent thinking for improving the quality of your analysis.

Shock to the System: Re-Evaluating Your Security Operations | 02

In our very first guest interview with Mark Orlando, John asks Mark questions to help us re-evaluate our security operations.