SANS Courses Authored
- SEC450 – Blue Team Fundamentals: Security Operations and Analysis
- LDR551 – Building, Designing, and Leading Security Operations Centers (co-authored with Mark Orlando)
- SEC403 - Secrets to Successful Cybersecurity Presentation (co-authored with Alan Paller and Heather Mahalik)
- [retired] SEC455 – SIEM Design and Implementation (co-authored with Justin Henderson)
YouTube Channel
- 12 Days of Cyber Defense - One of my most popular video playlists - a short mini-series of cyber security analyst related tools and techniques for network and malware analysis.
- Virtuous Cycles: Rethinking the SOC for Long-term Success (slides only version) / Version 2 @ SANS Security Operations Summit (14-Aug-2019)
- The Elastic Stack as a SIEM – Philly Security Shell (22-Feb-2019)
- Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework (24-Sep-2018)
- VMs All the Way Down – BSides Delware 2016 (16-Nov-2016) - My oldest recorded presentation on the internet?
SANS Webcasts
2020
- Untapped Potential - SANS Blue Team Summit Keynote 2020
- Understanding and Leveraging the MITRE ATT&CK® Framework: A SANS Roundtable (06-Aug-2020)
- Measuring and Improving Cyber Defense Using the MITRE ATT&CK® Framework: A SANS Panel Discussion (28-Jul-2020)
- Measuring and Improving Cyber Defense Using the MITRE ATT&CK® Framework (21-Jul-2020)
- Supercharge your security operations with the brand new MGT551 – Building and Leading Security Operations Centers! (12-Jun-2020)
- Putting Your SOC to the Test (10-Jun-2020)
- Faster, Better, AND Cheaper: Improving security operations using open source tools (17-Mar-2020)
2019
- 2019 SANS Survey on Next-Generation Endpoint Risks and Protections (03-Dec-2019)
- 3 Critical Concepts That New SOC Analysts Must Master (02-Dec-2019)
- Untapped Potential: Getting the most out of your SIEM (24-Oct-2019)
- Power up your Security Operations Center’s human capital with the new SEC450 Part 2 – Blue Team Fundamentals…Finding and training the right people! (16-Oct-2019)
- Power up your Security Operations Center with the new SEC450 Part 1 – Blue Team Fundamentals…Creating an on-ramp for new defenders! (16-Sep-2019)
- Live from the Security Operations Summit: Rethinking the SOC for Long-Term Success & 2019 SANS SOC Survey Preview (24-June-2019)
- Sharing Alerts and Threat Intelligence with MISP (01-May-2019)
- Alert Investigations in the SOC – Building Your Workflow (10-Apr-2019)
- MITRE ATT&CK and Sigma Alerting (13-Feb-2019)
2018
- Automation Nation (08-Nov-2018)
- More Bad Data (07-Nov-2018)
- Prioritizing Log Enrichment (06-Nov-2018)
- High Fidelity Alerts: How to create custom alerts like a pro (30-May-2018)
- How to Build & Maintain an Open Source SIEM (24-Jan-2018)
2017
- Modern Log Parsing and Enrichment with SIEM (08-Nov-2017)
- SIEM Design & Architecture (06-Sep-2017)
Presentations / Guides
- Security Operations Guide – SANS Virtual Poster and PDF Guide with lessons from SEC450 and MGT551
- Virtuous Cycles: Rethinking the SOC for Long-term Success Slides - My thoughts on keeping security analyst jobs long-term sustainable and burnout free
- A Log Lifecycle – SANS digital poster on security logging
- The Elastic Stack as a SIEM (Slideshare)
- VMs All the Way Down (Slideshare)
Podcast, Blog, Article, and Other appearances
- Positively Blue Team - Security Operations
- Detections Podcast - The "Hubb" of Security with John Hubbard
- Day In The Life Podcast, Episode #19 – Day in the Life of John Hubbard, Cyber Security Manager
- Intro to Malware Analysis Dynamic Analysis (Parts: 1, 2, 3, 4, 5) – Advanced Persistent Security Blog
Research Papers
- Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework by John Hubbard – July 17, 2020
- 2019 SANS Survey on Next-Generation Endpoint Risks and Protections by Justin Henderson and John Hubbard – December 2, 2019
- "A study of SSL Proxy attacks on Android and iOS mobile applications", J. Hubbard, K. Weimer and Y. Chen, 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC), Las Vegas, NV, 2014, pp. 86-91, doi: 10.1109/CCNC.2014.6866553.