PodcastsTechnologyBlueprint: Build the Best in Cyber Defense

Blueprint: Build the Best in Cyber Defense

SANS Institute
Blueprint: Build the Best in Cyber Defense
Latest episode

66 episodes

  • Blueprint: Build the Best in Cyber Defense

    Building Trust Into Agentic SOC Tools with Oren Saban

    02/07/2026 | 44 mins.
    SANS Cloud Security Exchange Summit 2026 - Aug. 17-18, San Francisco: https://www.sans.org/mlp/cloud-security-exchange-2026
    Save $50 off registration with special promo code "Cloud_Promo50"!

    Agentic SOC platforms are no longer a future pitch — they're shipping, and teams are using them to triage and investigate cases end to end. But speed and automation only matter if you can trust the output. John sits down with Oren Saban to unpack what it actually takes to build a trustworthy agentic SOC tool.
    They cover why these platforms are built as swarms of specialized agents rather than one generalist model, the role organizational context and data quality play in getting good results, how teams measure confidence and catch AI mistakes before they become missed detections, which analyst skills are becoming obsolete and which matter more than ever, and the emerging risk of prompt injection attacks against AI-powered SOC tools.
    If you're evaluating these platforms — or trying to figure out what trust actually means when AI is doing most of the investigating — this conversation lays out the real tradeoffs.

    Oren on LinkedIn: https://www.linkedin.com/in/oren-saban/
    Contact, Courses, and More:
    For feedback, reviews, guest pitches, or to get in contact with me for any other reason, head to blueprintpodcast.live!
    Check out John's SOC Training Courses for SOC Analysts and Leaders:
    SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations
    LDR551: Building and Leader Security Operations Centers
    Follow and Connect with John:  LinkedIn
  • Blueprint: Build the Best in Cyber Defense

    Preventing Silent Failures with Nir Loya Dahan

    18/06/2026 | 55 mins.
    This episode is sponsored by Fig.
    This episode features a conversation with Nir Loya Dahan, Co-Founder and CPO at Fig, recorded at RSAC 2026. Our discussion covers telemetry health and SOC infrastructure resilience: what breaks in a log pipeline, why silent failures are so hard to catch, and how detection teams can build more confidence in their data foundation.
    Resources:
    Nir's Email: nir@fig.security
    Fig Website: https://www.fig.security
    Contact, Courses, and More:
    For feedback, reviews, guest pitches, or to get in contact with me for any other reason, head to blueprintpodcast.live!
    Check out John's SOC Training Courses for SOC Analysts and Leaders:
    SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations
    LDR551: Building and Leader Security Operations Centers
    Follow and Connect with John:  LinkedIn
  • Blueprint: Build the Best in Cyber Defense

    The 2 AM Call: A Ransomware Negotiator's Playbook with Wade Gettle

    09/02/2026 | 48 mins.
    What happens after you discover ransomware? You have to talk to the attackers. And that conversation can make or break your entire response.
    In this episode, Wade Gettle, a professional ransomware negotiator, pulls back the curtain on the high-stakes world of threat actor negotiations. Wade is the person who gets the call at 2 AM when organizations are facing their worst moment, and he's handled negotiations across every scenario imaginable.
    You'll learn:
    What actually happens in the first 72 hours of a ransomware incident
    The psychological tactics threat actors use to manufacture urgency and pressure
    Why those 24-hour deadlines aren't real—and how to buy yourself time
    How threat actors research your financials, insurance policies, and supply chain before making contact
    When data validation saves companies from paying ransoms for data that isn't even theirs
    The real cost of ransomware (spoiler: it's 10x the ransom amount)
    Why paying doesn't guarantee your data back—or that you won't get hit again
    Third-party breaches: the biggest risk vector right now
    Key takeaway: Ransomware negotiations are psychological warfare disguised as business transactions. The best defense is being more prepared than the attackers expect you to be.
    Resources mentioned in this episode:
    ransomware.live (ransomware group tracking, info, conversations and more)
    ransomlook.io (ransomware group tracking and statistics)
    ChatGPT Ransomware Negotiation Simulator: https://chatgpt.com/g/g-679a6253574c8191a998145044b9c651-ransomsim-ransomware-negotiation-trainer
    Wade Gettle on LinkedIn: https://www.linkedin.com/in/wade-gettle-7733704a/
    About the guest: Wade Gettle is a Senior Advisor at Flashpoint and serves as a Cyber Mission Planner for the New York Army National Guard. With a background in intelligence analysis, incident response, and threat intelligence, Wade brings calm to the storm when organizations face their most critical security incidents.
    Contact, Courses, and More:
    For feedback, reviews, guest pitches, or to get in contact with me for any other reason, head to blueprintpodcast.live!
    Check out John's SOC Training Courses for SOC Analysts and Leaders:
    SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations
    LDR551: Building and Leader Security Operations Centers
    Follow and Connect with John:  LinkedIn
  • Blueprint: Build the Best in Cyber Defense

    Infiltration Alert! How to Catch Fake IT Employees in Your Network with Zak Stufflebeam

    05/01/2026 | 1h 36 mins.
    This episode is a big one! We kick off 2026 with a critical lessons learned on how to detect and prevent the threat of fake IT workers infiltrating your organization through the story of a REAL compromise. In this episode, repeat guest Zak Stufflebeam shares a detailed case study involving a major investigation of multiple counterfeit IT employees within a company. The episode provides valuable insights and actionable detection tactics, covering everything from unusual VPN activity and AI-generated resumes to suspicious interview responses and unauthorized access requests. 
    With the rise of remote work, this episode is essential listening for cyber defenders aiming to ensure their networks are clean and defensible in the new year.
    Contact, Courses, and More:
    For feedback, reviews, guest pitches, or to get in contact with me for any other reason, head to blueprintpodcast.live!
    Check out John's SOC Training Courses for SOC Analysts and Leaders:
    SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations
    LDR551: Building and Leader Security Operations Centers
    Follow and Connect with John:  LinkedIn
  • Blueprint: Build the Best in Cyber Defense

    Leading by Example: Confidence and Responsibility in Cybersecurity with Zak Stufflebeam

    19/08/2025 | 1h 6 mins.
    In this episode, we sit down with Zak Stufflebeam, Director of Cybersecurity at a publicly traded insurance company. Zak shares his unique journey from the military to leading security operations, emphasizing essential leadership principles learned along the way. From his early days in basic training to leading complex cybersecurity teams, Zak’s story is one of perseverance, adaptability, and unwavering commitment. He delves into vital leadership lessons, the importance of confidence, and strategies to maintain focus and calm under pressure. This episode is packed with insights for aspiring SOC analysts and leaders looking to make an impact in their field.
    Contact, Courses, and More:
    For feedback, reviews, guest pitches, or to get in contact with me for any other reason, head to blueprintpodcast.live!
    Check out John's SOC Training Courses for SOC Analysts and Leaders:
    SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations
    LDR551: Building and Leader Security Operations Centers
    Follow and Connect with John:  LinkedIn
More Technology podcasts
About Blueprint: Build the Best in Cyber Defense
Are you a cyber defender looking to keep up on the newest tools, technology, and security concepts? Then BLUEPRINT is the podcast for you! Tune in to hear the latest in cyber defense and security operations from blue team leaders and experts. With a focus on learning, BLUEPRINT includes interviews with today’s top security practitioners defending the world’s most respected brands, and in-depth explanations on the newest technologies, protocols, and defensive tools. BLUEPRINT, is a podcast hosted by John Hubbard and brought to you by the SANS Institute. BLUEPRINT - your one-stop shop for taking your defense skills to the next level!
Podcast website

Listen to Blueprint: Build the Best in Cyber Defense, Lex Fridman Podcast and many other podcasts from around the world with the radio.net app

Get the free radio.net app

  • Stations and podcasts to bookmark
  • Stream via Wi-Fi or Bluetooth
  • Supports Carplay & Android Auto
  • Many other app features
Blueprint: Build the Best in Cyber Defense: Podcasts in Family