Blueprint Podcast

Rob Lee: Training and Reskilling in Cyber Security | 35

Many of us are either looking to start a cyber security career, improve our knowledge and skills to further our career, or hire a team that has the most skilled and promising candidates. In this special episode with Rob Lee, Chief Curriculum Director of the SANS Institute, we discuss strategies for building, improving, and testing your cyber security group’s skill levels, and working to keep our knowledge as current as possible - a critical skill for anyone in the fast moving world of cyber security.

Jaron Bradley: Securing Enterprise macOS | 34

In this episode of the Blueprint Podcast, we cover monitoring and securing macOS in an enterprise environment at scale with Jaron Bradley, Threat Detection lead at Jamf. We discuss the ups and downs of Apple's approach to macOS data collection over the years, the data sources and types that are accessible to defenders, what 3rd party agents bring to the table for security monitoring, and much more. Plus, Jaron gives us some great bonus tips for finding persistence mechanisms and malicious processes in enterprise macOS devices.

Alexia Crumpton: MITRE ATT&CK for Defenders | 33

One of the best frameworks that showed up within the last 5 or so years is undoubtedly the MITRE ATT&CK® framework. Many of us may know about it in passing and even reference from time to time, but very few people seem to know the true depth of knowledge contained - everything from analytics to threat groups, specific mitigation and detection opportunities, and with the newest versions, even specific data sources. In this episode we talk to the Defensive Lead of ATT&CK from MITRE, Lex Crumpton, about what every blue team member needs to know about this framework, and more!

Cat Self: macOS and Linux Security | 32

Ever wonder why there’s so little information regarding macOS and Linux-oriented attacks? In this episode, we get the answer from the multi-talented Cat Self - an Adversary Emulation Engineer at MITRE, Cyber Threat Intelligence Team Leader on ATT&CK Evaluations and macOS/ Lead on MITRE ATT&CK Enterprise. We discuss defense tools, attacker TTPs, and what to consider when approaching defense for a macOS and Linux environment, and what trends we can expect in the future for these operating systems. Check out the resources below for links mentioned during this enlightening conversation!

Corissa Koopmans & Mark Morowczynski: Azure AD Threat Detection and Logging | 31

Nearly every organization is using Microsoft Azure AD services in some respect, but monitoring Azure AD for threats is a significantly different skill that traditional Windows logging. In this episode we have 2 experts from Microsoft, Corissa Koopmans, and 3rd time returning guest Mark Morowczynski, to tell us about the important work that’s been done to help organizations understand their data and detect Azure AD attacks. We cover log sources, the new Microsoft security operations guide, standardized dashboards and visualizations you can leverage to jump right in with best practice, and much more. You don’t want to miss this one!

Tony Turner: Securing the Cyber Supply Chain | 30

John and Tony Turner share their wisdom on trends they are seeing in the cyber industry and offer advice as to how we should be looking at cyber defense in 2022 and beyond.

Mark Orlando: Building a Stronger Blue Team | 29

There are many technical factors that contribute to the success of a security operations team, but you need more than just tech skills for mounting a solid defense. In this episode of Blueprint we bring back previous guest Mark Orlando to talk about his BlackHat 2022 presentation with Dr. Daniel Shore (PhD in workplace psychology). We discuss team dynamics, how the mapping of multi-team systems can improve the flow of your incident response activities, and much more.

Blueprint Live at SANSFIRE 2022: A panel with Heather Mahalik, Katie Nickels and Jeff McJunkin | 28

Host John Hubbard, Blueprint host and SANS Cyber Defense Curriculum Lead, moderated a panel of cyber security experts including Heather Mahalik, Katie Nickels and Jeff McJunkin for this powerful discussion.

David Hoelzer: Threat Detection with Machine Learning and AI | 27

Many of us with the typical IT and security backgrounds might not have the slightest idea what to expect when we hear the terms “this product uses advanced machine learning…”, but that claim certainly conjures up a lot of skepticism due to the opaque nature of the algorithms in many of these products. In this episode we discuss what AI and ML are best used for, and what they can, can’t, and shouldn’t be used for with guest Dave Hoelzer.

James Rowley: Creating and Running an Insider Threat Program | 26

Blueprint - James Rowley: Creating and Running an Insider Threat Program | 26

Dean Parsons: Cyber Security for OT and ICS | 25

With ransomware and other highly disruptive attacks on the rise, there are few systems more important to defend than our critical infrastructure and ICS equipment. How should we think about defending these systems vs our typical IT network though? In this episode, Dean Parsons is here to give us that answer.  Resources mentioned in this episode:  OSINT / Site-visit Cheat Sheet https://www.sans.org/posters/i... ICS Cyber Kill Chain Whitepaper: https://www.sans.org/white-pap... ICS specific Network Security Monitoring: https://www.sans.org/posters/i... Top 5 ICS Incident Response Tabletops https://www.sans.org/blog/top-... My weekly ICS Defense Force LiveStream https://www.youtube.com/playli...

John Hubbard: Your Top Cyber Defense Questions Answered from Seasons 1 + 2 | 24

It's a special mailbag episode from John Hubbard! After two full seasons, John asks listeners what questions they have for him. In answering, he touches on the current XDR trend, how other teams can support SOC activities, defining security mindset, and more.