Click here to send us your ideas and feedback on Blueprint!

In this episode, we sit down with Zak Stufflebeam, Director of Cybersecurity at a publicly traded insurance company. Zak shares his unique journey from the military to leading security operations, emphasizing essential leadership principles learned along the way. From his early days in basic training to leading complex cybersecurity teams, Zak’s story is one of perseverance, adaptability, and unwavering commitment. He delves into vital leadership lessons, the importance of confidence, and strategies to maintain focus and calm under pressure. This episode is packed with insights for aspiring SOC analysts and leaders looking to make an impact in their field.

Check out John's SOC Training Courses for SOC Analysts and Leaders:

• SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations
• LDR551: Building and Leader Security Operations Centers

Follow and Connect with John: LinkedIn

Click here to send us your ideas and feedback on Blueprint!

This podcast episode is from the SANS Cyber Leaders Podcast.

The episode features Blueprint host John Hubbard, where he talks with hosts James Lyne and Ciaran Martin on the ever-changing threat landscape and how SOC teams can stay ahead. John shares his expertise on spotting threats early, how to test your defences before the real attackers show up, and why he’s on a mission to simplify cybersecurity operations for the next generation of defenders.

Check out John's SOC Training Courses for SOC Analysts and Leaders:

• SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations
• LDR551: Building and Leader Security Operations Centers

Follow and Connect with John: LinkedIn

Click here to send us your ideas and feedback on Blueprint!

In this episode of Blueprint, host John Hubbard sits down with James Spiteri from Elastic to explore the transformative power of AI on the SOC. They delve into how advanced AI technologies, such as agentic AI models, MCP protocol, and automation, are reshaping the SOC landscape. Discover how AI enhances SOC efficiency, reduces mundane tasks, and integrates context-aware capabilities. Learn about the real-world applications, from automation in cybersecurity operations to the challenges and promises of large language models. This discussion covers the ethical considerations, potential risks, and the promising future of SOCs powered by AI. Tune in to get inspired and see how AI might revolutionize your cyber defense strategies.

Check out John's SOC Training Courses for SOC Analysts and Leaders:

• SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations
• LDR551: Building and Leader Security Operations Centers

Follow and Connect with John: LinkedIn

Click here to send us your ideas and feedback on Blueprint!

In this episode, we sit down with Rich Greene, a former United States Army Special Forces Green Beret and current SANS instructor for SEC275 and SEC301. Rich shares his incredible journey spanning 20 years in the Army, including his transition from military communication roles into the realm of cybersecurity. He talks about the importance of fundamentals in cybersecurity, the power of effective communication and persuasion, and dispels common misconceptions about entering the cyber field. Rich also highlights his passion for teaching and how his military background has shaped his approach to instruction and information security. Tune in for invaluable advice that applies to anyone no matter your role!.

Check out John's SOC Training Courses for SOC Analysts and Leaders:

• SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations
• LDR551: Building and Leader Security Operations Centers

Follow and Connect with John: LinkedIn

Click here to send us your ideas and feedback on Blueprint!

In this episode, we sit down with Ryan Thompson, a seasoned expert in building dashboards that actually detect real threats—not just look pretty. With experience at Elastic, Alert Logic, and top EDR vendors, Ryan shares deep insights into the science behind effective dashboards and how security teams can cut through the noise to find the threats on your network.

We cover:

• Why most SOC dashboards fail to deliver real insights—and how to fix them.
• The right way to structure dashboards for SIEM, EDR, and threat hunting.
• How to visualize security data effectively to make detection faster.
• The balance between automation, alerts, and analyst intuition.

If you’re a SOC analyst, detection engineer, or security leader looking to elevate your dashboard game and sharpen your cyber threat detection skills, this is an episode you won’t want to miss!

Check out John's SOC Training Courses for SOC Analysts and Leaders:

• SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations
• LDR551: Building and Leader Security Operations Centers

Follow and Connect with John: LinkedIn

Click here to send us your ideas and feedback on Blueprint!

Surprise!! It's a mini solo episode to kick off the new year and it's on one of the most important topics there is - how to achieve your goals in 2025 and beyond!

In this episode I talk about a topic I've never covered anywhere before - my personal system for productivity and how it helps me, and can likely you help you stay on track for those 2025 goals and stay aligned with what is most important in your life.

Check this episode out for some useful productivity tips, inspiration, recommendations for some of my favorite books, and fuel to get fired up for 2025!

HAPPY NEW YEAR!

Note: The episode thumbnail is the actual picture that I took of the quote that I mention seeing in the coffee shop that day in 2018.

Episode Notes

• Simon Sinek - Start With Why
• The 5-Fold Why Technique
• Book - The 12 Week Year
• Book - The ONE Thing
• Obsidian
• The Eisenhower Matrix
• Book - Steal Like An Artist
• Book - 4000 Weeks: Time Management for Mortals

Check out John's SOC Training Courses for SOC Analysts and Leaders:

• SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations
• LDR551: Building and Leader Security Operations Centers

Follow and Connect with John: LinkedIn

Click here to send us your ideas and feedback on Blueprint!

Mark Morowczynski returns for his 4th(!) time with his Microsoft coworker and identity and authentication expert Tarek Dawoud in this incredibly insightful conversation on the what, why, and how of phishing resistant credentials that YOU can implement right now!

This conversation covers:

• What makes MFA phishable?
• What phishing resistant credentials are and how they work
• The history and modern methods for phishing resistant credentials
• What attacks will be used once we move to phishing resistant credentials, and how to prevent and detect it
• How verified digital identities and corporate identification can help further reduce risk of help desk based attacks
• Shifting the culture to adopt a passwordless login
• Key logs to detect identity attacks
• Resources for learning KQL

Episode Links:

• Tarek Explains Phishing Resistant Authentication: https://www.youtube.com/watch?v=3wtwUh6iyxY
• Microsoft Digital Defense Report: https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024
• Nuance: https://www.nuance.com/index.html
• Book - The Definitive Guide to KQL: https://www.microsoftpressstore.com/store/definitive-guide-to-kql-using-kusto-query-language-9780138293383
• KQL Github Repo: github.com/kqlmspress
• Kusto Detective Agency: https://detective.kusto.io/

Check out John's SOC Training Courses for SOC Analysts and Leaders:

• SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations
• LDR551: Building and Leader Security Operations Centers

Follow and Connect with John: LinkedIn

Click here to send us your ideas and feedback on Blueprint!

In this mega-discussion with Seth Misenar on GenAI and LLM usage for security operations we cover some very interesting questions such as:

- The importance of natural language processing in Sec Ops
- How AI is helping us detect phishing email
- Where and how AI is lowering the bar for entry-level security SOC roles
- Should we worry about AI hallucinations or AI taking our jobs?
- What is a reasoning model and how is it different than what we've seen so far?
- The future of AI - Multimodal interaction, Larger Context Windows, RAG, and more
- What is Agentic AI and why will it change the game?

Episode Links:

• The book from Manning Seth liked as a thoughtful accessible on-ramp: https://www.manning.com/books/introduction-to-generative-ai
• Coursera prompt engineering course series: https://coursera.org/specializations/prompt-engineering
• Gandalf Online Prompt Injection Challenges from Lakera (FYI Seth finds a lot of Lakera’s content to be really high-quality and useful): https://gandalf.lakera.ai/baseline
• “Nonsense on stilts” reference from Gary Marcus in response to the Google employee claiming LaMDA was sentient: https://garymarcus.substack.com/p/nonsense-on-stilts?utm_source=twitter&sd=pf.
• AI as a monster with a smiley face image: https://knowyourmeme.com/memes/shoggoth-with-smiley-face-artificial-intelligence
• Ethan Mollick is the Wharton professor Seth mentioned, Seth says his “One Useful Thing” Substack is a valuable and thought provoking source: https://www.oneusefulthing.org/. Also his book, Co-Intelligence: Living and Working with AI, would also be worth checking out: https://www.penguinrandomhouse.com/book

Check out John's SOC Training Courses for SOC Analysts and Leaders:

• SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations
• LDR551: Building and Leader Security Operations Centers

Follow and Connect with John: LinkedIn