Resources

SANS Courses Authored

• SEC450 – Blue Team Fundamentals: Security Operations and Analysis
• MGT551 – Building, Designing, and Leading Security Operations Centers
• SEC455 – SIEM Design and Implementation

Sans Webcasts

2020

• Understanding and Leveraging the MITRE ATT&CK® Framework: A SANS Roundtable (06-Aug-2020)
• Measuring and Improving Cyber Defense Using the MITRE ATT&CK® Framework: A SANS Panel Discussion (28-Jul-2020)
• Measuring and Improving Cyber Defense Using the MITRE ATT&CK® Framework (21-Jul-2020)
• Supercharge your security operations with the brand new MGT551 – Building and Leading Security Operations Centers! (12-Jun-2020)
• Putting Your SOC to the Test (10-Jun-2020)
• Faster, Better, AND Cheaper: Improving security operations using open source tools (17-Mar-2020)

2019

• 2019 SANS Survey on Next-Generation Endpoint Risks and Protections (03-Dec-2019)
• 3 Critical Concepts That New SOC Analysts Must Master (02-Dec-2019)
• Untapped Potential: Getting the most out of your SIEM (24-Oct-2019)
• Power up your Security Operations Center’s human capital with the new SEC450 Part 2 – Blue Team Fundamentals…Finding and training the right people! (16-Oct-2019)
• Power up your Security Operations Center with the new SEC450 Part 1 – Blue Team Fundamentals…Creating an on-ramp for new defenders! (16-Sep-2019)
• Live from the Security Operations Summit: Rethinking the SOC for Long-Term Success & 2019 SANS SOC Survey Preview (24-June-2019)
• Sharing Alerts and Threat Intelligence with MISP (01-May-2019)
• Alert Investigations in the SOC – Building Your Workflow (10-Apr-2019)
• MITRE ATT&CK and Sigma Alerting (13-Feb-2019)

2018

•  Automation Nation (08-Nov-2018)
• More Bad Data (07-Nov-2018)
• Prioritizing Log Enrichment (06-Nov-2018)
• High Fidelity Alerts: How to create custom alerts like a pro (30-May-2018)
• How to Build & Maintain an Open Source SIEM (24-Jan-2018)

2017

• Modern Log Parsing and Enrichment with SIEM (08-Nov-2017)
• SIEM Design & Architecture (06-Sep-2017)

YouTube

• Virtuous Cycles: Rethinking the SOC for Long-term Success  (slides only version) /  Version 2 @ SANS Security Operations Summit (14-Aug-2019)

• Q&A Interview with Stephen Hart (01-Nov-2019)

• The Elastic Stack as a SIEM – Philly Security Shell (22-Feb-2019)

• Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework (24-Sep-2018)

• VMs All the Way Down – BSides Delware 2016 (16-Nov-2016)

Presentations / Guides

• Security Operations Guide – SANS Virtual Poster (Coming Soon!)
• Virtuous Cycles: Rethinking the SOC for Long-term Success Slides
• A Log Lifecycle – SANS Poster
• The Elastic Stack as a SIEM (Slideshare)
• VMs All the Way Down (Slideshare)

Podcast, Blog, Article, and Other appearances

• Day In The Life Podcast, Episode #19 – Day in the Life of John Hubbard, Cyber Security Manager
• Intro to Malware Analysis Dynamic Analysis (Parts: 1, 2, 3, 4, 5) – Advanced Persistent Security Blog

Research Papers

• Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework by John Hubbard – July 17, 2020 
  • Associated Webcasts: Measuring and Improving Cyber Defense Using the MITRE ATT&CK® Framework Measuring and Improving Cyber Defense Using the MITRE ATT&CK® Framework: A SANS Panel Discussion Understanding and Leveraging the MITRE ATT&CK® Framework: A SANS Roundtable
• 2019 SANS Survey on Next-Generation Endpoint Risks and Protections by Justin Henderson and John Hubbard – December 2, 2019 
• J. Hubbard, K. Weimer and Y. Chen, “A study of SSL Proxy attacks on Android and iOS mobile applications“, 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC), Las Vegas, NV, 2014, pp. 86-91, doi: 10.1109/CCNC.2014.6866553.