Blueprint: Build the Best in Cyber Defense

Click here to send us your ideas and feedback on Blueprint!Even if you're not a malware analyst, any blue teamer should be able to do some initial basic malware sample triage. The good news is that this is quite easy to do using freely available tools once you know what is available. Join John in this conversation with Ryan Chapman as they discuss how to reverse engineer malware and why you might want to do so.Our Guest - Ryan ChapmanRyan Chapman works as a Principal Incident Response analyst. He also teaches SANS FOR610: Reverse Engineering Malware and is the lead organizer for CactusCon, Arizona's hcaker conference. Ryan has worked in Security Operations Center and Computer Incident Response Team roles that handled incidents from inception all the way through remediation. Reviewing log traffic; researching domains and IPs; hunting through log aggregation utilities; sifting through pack captures; analyzing malware; and performing host and network forensics are all things that Ryan loves to do. With Ryan, it's all about the blue team!Follow RyanTwitter: @rj_chapLinkedIn: /in/ryanjchapmanWeb: https://incidentresponse.trainingSponsor's Note:Support for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.Check out the details at sansurl.com/450  Hope to see you in class!Follow SANS Cyber Defense: Twitter | LinkedIn | YouTubeFollow John Hubbard: Twitter | LinkedInCheck out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

Click here to send us your ideas and feedback on Blueprint!Looking for a new way to approach the difficult problem of measuring and improving your SOC? Check out this episode to hear how to use methods pioneered in the manufacturing and reliability industry to help wrap your head around, and solve this complex issue. You don’t want to miss this episode with Jon Hencinski, Director of Operations at Expel who covers all of this and more.Our guest - Jon HencinskiJon Hencinski is the Director of Global Operations at Expel. In this role, he’s responsible for the day-to-day operations of Expel’s security operations center (SOC) and detection and response engineering. He oversees how Expel recruits, trains, and develops security analysts. Jon has over a decade of experience in the areas of SOC operations, threat detection, and incident response. Prior to Expel, Jon worked at FireEye, BAE Systems, and was an adjunct professor at The George Washington University.Follow JonTwitter: @jhencinskiLinkedIn: /in/jonathanhencinskiWeb: https://hencinski.medium.comSupport for the Blueprint podcast comes from the SANS Institute.Since the debut of SEC450, we’ve always had students interested in a matching course covering the management and leadership aspects of running a SOC. If you like the topics in this podcast and would like to learn more about Blue Team leadership and management, check out the new MGT551: Building and Leading Security Operations Centers. This new course is designed for Security Team leaders looking to build, grow and operate a security operation center with peak efficiency. It’s a hands-on technical leadership course, that takes you through everything from scoping threat groups to use case creation, threat hunting, planning, SOC maturity and detection assessment and much much more.Check out the course syllabus, labs and a free demo at sansurl.com/551 Follow SANS Cyber Defense: Twitter | LinkedIn | YouTubeFollow John Hubbard: Twitter | LinkedInCheck out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

Click here to send us your ideas and feedback on Blueprint!Austin Taylor discusses the promise and reality of cyber security-centric data science, and how you can use machine learning for solving practical security problems.Twitter Handles: @HuntOperator | @SecHubb | @SANSDefenseAll Blueprint Podcast Episodes: sans.org/blueprint-podcastCheck out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

Click here to send us your ideas and feedback on Blueprint!Roberto Rodriguez explains the awesome projects and initiatives he is working on to help blue teams perform advanced data collection, analysis, and threat hunting.Twitter Handles: @Cyb3rWard0g | @SecHubb | @SANSDefenseAll Blueprint Podcast Episodes: sans.org/blueprint-podcastCheck out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

Click here to send us your ideas and feedback on Blueprint!Cloud expert Kyle Dickinson discusses common cloud infrastructure attacks, and how you can detect and prevent them before they happen to your organization.Twitter Handles: @KyleHaxWhy | @SecHubb | @SANSDefenseAll Blueprint Podcast Episodes: sans.org/blueprint-podcastCheck out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

Click here to send us your ideas and feedback on Blueprint!Mark and Libby share the new technologies in use at Microsoft to dramatically decrease the need for the use of passwords in the enterprise.Twitter Handles: @markmorow | @TruBluDevil | @SecHubb | @SANSDefenseAll Blueprint Podcast Episodes: sans.org/blueprint-podcastCheck out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

Click here to send us your ideas and feedback on Blueprint!Dave and Ryan speak with John about resources for training yourself, and the challenges of setting up a large-scale cyber lab to simulate an advanced attack for their Splunk Boss of the SOC competition.Twitter Handles: @daveherrald | @meansec | @SecHubb | @SANSDefenseAll Blueprint Podcast Episodes: sans.org/blueprint-podcastCheck out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

Click here to send us your ideas and feedback on Blueprint!Katie Nickels talks about what threat intelligence is, where to get it, what you should expect from it, and how the SOC should be using it. Twitter Handles: @likethecoins | @SecHubb | @SANSDefenseAll Blueprint Podcast Episodes: sans.org/blueprint-podcastCheck out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

Click here to send us your ideas and feedback on Blueprint!Mary Chaney shares what types of laws we should be concerned about. She discusses her thoughts on privacy laws and how that will drive cyber security, and what she’s doing to get more diverse representation in the industry at all levels. Twitter Handles: @MaryNChaney | @SecHubb | @SANSDefenseAll Blueprint Podcast Episodes: sans.org/blueprint-podcastCheck out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn

Click here to send us your ideas and feedback on Blueprint!Chris Sanders and Stef Rand discuss qualitative research they conducted on how to use divergent or convergent thinking for improving the quality of your analysis.Twitter Handles: @ChrisSanders88 | @techieStef | @SecHubb | @SANSDefenseAll Blueprint Podcast Episodes: sans.org/blueprint-podcastCheck out John's SOC Training Courses for SOC Analysts and Leaders: SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations LDR551: Building and Leader Security Operations Centers Follow and Connect with John: LinkedIn