Today, John specializes in security operations, threat hunting, network security monitoring, SIEM design and optimization, and constructing defensible networks that allow organizations to protect their most sensitive data. John's mission to improve Blue Teams worldwide led him to partner with SANS to help develop the next generation of defensive talent around the globe. With a Bachelor of Science in Electrical Engineering from Purdue University and a Master’s in Computer Engineering with a concentration in Information Assurance and Network Security from SUNY Binghamton, John ended up in the cyber defense field because he loves solving tough challenges – of which the Blue Team has a never ending supply! He loves the dynamic nature of cyber defense and how new attacks and malware bring a new puzzle to solve every day.
John has helped solve high-profile incidents, contributing key insights through malware analysis, containment and eradication strategy, and forensics support. He continues to do defensive research and loves to spread the word on the best tools and processes for the blue team. Because he understands the struggles of a SOC job and has worked to solve many of the problems the typical SOC encounters, John’s mission is to help share the lessons he’s learned throughout his career to help fast forward improvement of security operations for organizations around the world.
Students in his class can expect John to explain difficult concepts in a clear and relatable language, illustrate important ideas with stories and demonstrations, and encourage students to push themselves beyond the limit of what they thought possible.
He chose to partner with SANS because, as a student of SANS himself, he saw the difference it made in his own capabilities and career trajectory. Every time he finished another SANS class, he felt like he had a new set of superpowers. When past students tell John they've gotten incredible value out of a course he taught, webcast/talk he gave, or were able to pass a certification after finishing one of his classes, it helps remind him that he’s making the same difference in the lives of others that SANS had originally brought to him. This is exactly why he loves to teach.
John also has several professional certifications including GIAC GMON, GIAC GPEN.
When not slowly turning his home into a data center, John enjoys FPV drone racing, coffee roasting, and running.
Hear John teach about Elastic Stack and the Mitre ATT&CK Framework here.
ADDITIONAL CONTRIBUTIONS BY JOHN HUBBARD:
Putting Your SOC to the Test, June 2020
MITRE ATT&CK and Sigma Alerting, Feb 2019
Visit the SANS Webcast Archive for webcasts by John prior to 2019.