Presentations & Content

SANS Courses Authored

SEC450 – Blue Team Fundamentals: Security Operations and Analysis
LDR551 – Building, Designing, and Leading Security Operations Centers (co-authored with Mark Orlando)
SEC403 - Secrets to Successful Cybersecurity Presentation (co-authored with Alan Paller and Heather Mahalik)
[retired] SEC455 – SIEM Design and Implementation (co-authored with Justin Henderson)

YouTube Channel

12 Days of Cyber Defense - One of my most popular video playlists - a short mini-series of cyber security analyst related tools and techniques for network and malware analysis.
Virtuous Cycles: Rethinking the SOC for Long-term Success (slides only version) / Version 2 @ SANS Security Operations Summit (14-Aug-2019)
The Elastic Stack as a SIEM – Philly Security Shell (22-Feb-2019)
Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework (24-Sep-2018)
VMs All the Way Down – BSides Delware 2016 (16-Nov-2016) - My oldest recorded presentation on the internet?

SANS Webcasts

2020

2019

2019 SANS Survey on Next-Generation Endpoint Risks and Protections (03-Dec-2019)
3 Critical Concepts That New SOC Analysts Must Master (02-Dec-2019)
Untapped Potential: Getting the most out of your SIEM (24-Oct-2019)
Power up your Security Operations Center’s human capital with the new SEC450 Part 2 – Blue Team Fundamentals…Finding and training the right people! (16-Oct-2019)
Power up your Security Operations Center with the new SEC450 Part 1 – Blue Team Fundamentals…Creating an on-ramp for new defenders! (16-Sep-2019)
Live from the Security Operations Summit: Rethinking the SOC for Long-Term Success & 2019 SANS SOC Survey Preview (24-June-2019)
Sharing Alerts and Threat Intelligence with MISP (01-May-2019)
Alert Investigations in the SOC – Building Your Workflow (10-Apr-2019)
MITRE ATT&CK and Sigma Alerting (13-Feb-2019)

2018

Automation Nation (08-Nov-2018)
More Bad Data (07-Nov-2018)
Prioritizing Log Enrichment (06-Nov-2018)
High Fidelity Alerts: How to create custom alerts like a pro (30-May-2018)
How to Build & Maintain an Open Source SIEM (24-Jan-2018)

2017

Modern Log Parsing and Enrichment with SIEM (08-Nov-2017)
SIEM Design & Architecture (06-Sep-2017)

Presentations / Guides

Security Operations Guide – SANS Virtual Poster and PDF Guide with lessons from SEC450 and MGT551
Virtuous Cycles: Rethinking the SOC for Long-term Success Slides - My thoughts on keeping security analyst jobs long-term sustainable and burnout free
A Log Lifecycle – SANS digital poster on security logging
The Elastic Stack as a SIEM (Slideshare)
VMs All the Way Down (Slideshare)

Podcast, Blog, Article, and Other appearances

Positively Blue Team - Security Operations
Detections Podcast - The "Hubb" of Security with John Hubbard
Day In The Life Podcast, Episode #19 – Day in the Life of John Hubbard, Cyber Security Manager
Intro to Malware Analysis Dynamic Analysis (Parts: 1, 2, 3, 4, 5) – Advanced Persistent Security Blog

Research Papers

Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework by John Hubbard – July 17, 2020
2019 SANS Survey on Next-Generation Endpoint Risks and Protections by Justin Henderson and John Hubbard – December 2, 2019
"A study of SSL Proxy attacks on Android and iOS mobile applications", J. Hubbard, K. Weimer and Y. Chen, 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC), Las Vegas, NV, 2014, pp. 86-91, doi: 10.1109/CCNC.2014.6866553.