Blueprint: Build the Best in Cyber Defense

Click here to send us your ideas and feedback on Blueprint!In this mega-discussion with Seth Misenar on GenAI and LLM usage for security operations we cover some very interesting questions such as: - The importance of natural language processing in Sec Ops- How AI is helping us detect phishing email- Where and how AI is lowering the bar for entry-level security SOC roles- Should we worry about AI hallucinations or AI taking our jobs?- What is a reasoning model and how is it different than what we've seen so far?- The future of AI - Multimodal interaction, Larger Context Windows, RAG, and more- What is Agentic AI and why will it change the game?Episode Links:The book from Manning Seth liked as a thoughtful accessible on-ramp: https://www.manning.com/books/introduction-to-generative-aiCoursera prompt engineering course series: https://coursera.org/specializations/prompt-engineeringGandalf Online Prompt Injection Challenges from Lakera (FYI Seth finds a lot of Lakera’s content to be really high-quality and useful): https://gandalf.lakera.ai/baseline“Nonsense on stilts” reference from Gary Marcus in response to the Google employee claiming LaMDA was sentient: https://garymarcus.substack.com/p/nonsense-on-stilts?utm_source=twitter&sd=pf. AI as a monster with a smiley face image: https://knowyourmeme.com/memes/shoggoth-with-smiley-face-artificial-intelligenceEthan Mollick is the Wharton professor Seth mentioned, Seth says his “One Useful Thing” Substack is a valuable and thought provoking source: https://www.oneusefulthing.org/. Also his book, Co-Intelligence: Living and Working with AI, would also be worth checking out: Connect with John:- LinkedIn- Take A Training Course with JohnSOC Analyst and Leadership Training Courses:- SEC450: Blue Team Fundamentals - Security Operations and Analysis- LDR551: Building and Leading Security Operations CentersSANS:- Cyber Defense Course List- Upcoming Training Events- Free tools, VMs, cheat sheets and more for cyber defenders

Click here to send us your ideas and feedback on Blueprint!In this episode, we take you behind the scenes of a complex gift card fraud investigation. Join host John Hubbard and guest Mark Jeanmougin as they explore the intricate details of uncovering and combating a clever case of cyber fraud. In this episode Mark discusses how the incident was identified, investigated, contained, and what lessons were learned along the way.Episode Links:- Mark's LinkedIn Profile: https://www.linkedin.com/in/markjx/- Mark's Teaching Schedule: https://www.sans.org/profiles/mark-jeanmougin/Connect with John:- LinkedIn- Take A Training Course with JohnSOC Analyst and Leadership Training Courses:- SEC450: Blue Team Fundamentals - Security Operations and Analysis- LDR551: Building and Leading Security Operations CentersSANS:- Cyber Defense Course List- Upcoming Training Events- Free tools, VMs, cheat sheets and more for cyber defenders

Click here to send us your ideas and feedback on Blueprint!Have you ever wondered what it takes to write and publish an information security book? In this special bonus episode following season 4, John discusses with Kathryn, Ingrid, and Carson the challenges and rewards of self-publishing, and the kind of effort that goes into producing a book like "11 Strategies of a World-Class Cybersecurity Operations Center".This special season of the Blueprint Podcast is taking a deep dive into MITRE’s 11 Strategies of a World-Class Cyber Security Operations Center. Each episode John will break down a chapter of the book with the book’s authors Kathryn Knerler, Ingrid Parker, and Carson Zimmerman.-----------Support for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.Check out the details at sansurl.com/450 Hope to see you in class!Connect with John:- LinkedIn- Take A Training Course with JohnSOC Analyst and Leadership Training Courses:- SEC450: Blue Team Fundamentals - Security Operations and Analysis- LDR551: Building and Leading Security Operations CentersSANS:- Cyber Defense Course List- Upcoming Training Events- Free tools, VMs, cheat sheets and more for cyber defenders

Click here to send us your ideas and feedback on Blueprint!"This final chapter of the book is no simple closer! "Turn Up the Volume by Expanding SOC Functionality" covers testing that your SOC is functioning as intended through activities such as Threat Hunting, Red and Purple Teaming, Adversary Emulation, Breach and Attack Simulation, tabletop exercises and more. There's even a discussion of cyber deception types and tactics, and how it can be used to further frustrate attackers. Join John, Kathryn, Ingrid, and Carson in this final chapter episode for some not to be missed tips! This special season of the Blueprint Podcast is taking a deep dive into MITRE’s 11 Strategies of a World-Class Cyber Security Operations Center. Each episode John will break down a chapter of the book with the book’s authors Kathryn Knerler, Ingrid Parker, and Carson Zimmerman.Support for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.Check out the details at sansurl.com/450 Hope to see you in class!Connect with John:- LinkedIn- Take A Training Course with JohnSOC Analyst and Leadership Training Courses:- SEC450: Blue Team Fundamentals - Security Operations and Analysis- LDR551: Building and Leading Security Operations CentersSANS:- Cyber Defense Course List- Upcoming Training Events- Free tools, VMs, cheat sheets and more for cyber defenders