The Secret Sauce of SANS Instructors with John Hubbard
Hacker Valley Studio1 Nov 2022

The Secret Sauce of SANS Instructors with John Hubbard

John Hubbard, SOC consultant, SANS Sr. Instructor and host of the Blueprint Podcast, joins the Hacker Valley team this week to discuss SANS, SOCs, and seeking new hobbies. As the curriculum lead for cyber defense, John breaks down what makes a good SANS instructor and how to inspire passion in students when teaching for long hours. Additionally, John gives away his life hacks for pursuing passions outside of the cybersecurity industry, including podcasting, video editing, music creation, and nutrition.

Time Coded Guide:

[00:00] Instructing for SANS & what it takes to be a good instructor

[07:33] Exploring the potential of a SOC-less cyber industry

[13:38] Teaching complicated topics with clear visuals & simple comparisons

[19:37] Podcasting his way to better SOC consulting skills

[26:12] Finding a balance between jack of all trades & single skill master

Sponsor Links:

Thank you to our sponsor Axonius for bringing this episode to life!

The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

What do you think are the makings of a good instructor, especially for SANS?

Transitioning from the world of electrical and computer engineering, John’s journey to becoming a SANS instructor took over 3 years of study. Although he jokes that training to be a SANS instructor was the longest job interview ever, John is thankful for the mentorship and inspiration his training gave him. SANS courses require long hours and hard work, but John believes the best instructors bring a real love for what they do to each class.

“The technical aspect has to be there in a very strong way. Beyond that, you have to deliver this message not only with razor sharp clarity, but also with passion and energy. People are sitting there watching you talk for hours. If you aren't excited, they're not going to be excited.”

Cyber defense is a pretty broad topic. What makes you feel comfortable teaching a course on cyber defense?

Cyber defense can be a topic that’s both broad and confusing for students, but John has been dedicated to building a curriculum that cuts through the confusion and inspires innovation. Teaching his students to focus on priorities, John wants to bring clarity to complex topics like SOCs, Kerberos, and related security issues. While the topics can be broad and debatable, John wants to equip his students with real world examples and simple comparable concepts.

“If there was one word I was going to summarize both of the classes I teach with, it’s ‘priorities.’ It's getting the right stuff there first, and not getting distracted by all the other details that are potentially trying to pull you in the wrong direction.”

Have there been unintended benefits to being a podcast host, that either helps you as an instructor, or even someone that does consulting in the SOC space?

Taking the chance to start the Blueprint podcast was inspired partly by John’s previous interest in podcasts like Security Now, but also by his pursuit of learning content creation. Starting a podcast, for John, was an exercise in testing his comfort zone. Learning the technical aspects as well as the creative aspects of content creation and podcast hosting continues to build John’s confidence in his storytelling and teaching skills.

“For me, a lot of things have come out of podcasting. Probably one of the biggest things is just flexing that muscle of doing things that are slightly uncomfortable and scary. Any time you think, ‘I don't know if I can pull this off. Should I do it?’ The answer should always be yes.”

What is one piece of advice or philosophy that enables you to do more and squeeze as much as you can out of life?

In the same way that he teaches his SANS students about priorities, John focuses on his personal priorities often in order to accomplish his well-rounded, jack of all trades lifestyle. Building new skills and cataloging new experiences feels vital for John. Taking full advantage of the time he’s been given and getting curious about expanding his comfort zone is an essential philosophy that has taught John not only about cyber defense, but about every hobby he enjoys as well.

“I try to get up as early as I can manage to get up every day, well before I start getting emails and meeting requests and all sorts of stuff like that, and try to plan out my day and ask myself, ‘How am I going to actually approach doing the things that matter the most to me?’”

---------------

Links:

Keep up with our guest John Hubbard on LinkedIn, Twitter, and YouTube

Listen to John’s podcast on the Blueprint Blog

Learn more about John’s work on the SANS Institute website

Connect with Ron Eddings on LinkedIn and Twitter

Connect with Chris Cochran on LinkedIn and Twitter

Purchase a HVS t-shirt at our shop

Continue the conversation by joining our Discord

Check out Hacker Valley Media and Hacker Valley Studio

Avsnitt(404)

Breaking Into Banks and Bypassing Modern Security with Greg Hatcher and John Stigerwalt

Breaking Into Banks and Bypassing Modern Security with Greg Hatcher and John Stigerwalt

Three banks in four days isn't just a bragging right for penetration testers. It's a wake-up call showing that expensive security tools and alarm systems often fail when tested by skilled operators who understand both human behavior and technical vulnerabilities. Greg Hatcher and John Stigerwalt, co-founders of White Knight Labs, talk about their latest physical penetration tests on financial institutions, manufacturing facilities protecting COVID-19 vaccine production, and why their new Server 2025 course had to rewrite most common Active Directory tools. They share stories of armed guards, police gun draws, poison ivy reconnaissance, and a bag of chips that saved them from serious trouble. The conversation reveals why EDR alone won't stop ransomware, how offline backups remain the exception rather than the rule, and what security controls actually work when attackers bring custom tooling. Impactful Moments: 00:00 - Intro 01:00 - New training courses launched 03:00 - Server 2025 breaks standard tools 05:00 - COVID facility physical penetration 07:00 - Armed guards change the game 10:00 - Police draw guns on operators 13:00 - Bag of chips saves the day 15:00 - Nighttime versus daytime physical tests 18:00 - VIP home security assessments 20:00 - 2026 threat predictions 22:00 - Why EDR doesn't stop ransomware 27:00 - Low cost ransomware simulation ROI 29:00 - Three banks in four days 32:00 - Deepfake as the new EDR Links: Connect with our guests –  Greg Hatcher: https://www.linkedin.com/in/gregoryhatcher2/ John Stigerwalt: https://www.linkedin.com/in/john-stigerwalt-90a9b4110/ Learn more about White Knight Labs: https://www.whiteknightlabs.com Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

18 Dec 33min

Defending Your Cyber Systems and Your Mental Attack Surface with Chris Hughes

Defending Your Cyber Systems and Your Mental Attack Surface with Chris Hughes

When your firewall forgets to buckle up, the crash doesn’t happen in the network first, it happens in your blindspots. In this episode, Ron is joined by returning guest Chris Hughes, Co-Founder of Aquia and host of the Resilient Cyber podcast. Chris helps reframe vulnerability work as exposure management, connect technical risk to human resilience, and break down the scoring and runtime tools security teams actually need today. Expect clear takeaways on EPSS, reachability analysis, ADR, AI’s double-edged role, and the one habit Chris swears by as a CEO. This episode fuses attack-surface reality with mental-attack-surface strategy so you walk away with both tactical moves and daily practices that protect systems and people. Impactful Moments: 00:00 - Intro 02:00 - Breaking: Fortinet WAF zero-day & visibility lesson 05:00 - Meet Chris Hughes: CEO, author, Resilient Cyber host 08:00 - Mental attack surface explained and why it matters 18:00 - From CVSS to EPSS, reachability, and ADR realities 21:00 - AI as force-multiplier for attackers and defenders 24:30 - Exposure vs vulnerability naming, market trends 26:00 - Chris’s book & how to follow his work 30:00 - Ron’s solo: 3 pillars to patch your mindset 34:00 - Closing takeaways and subscribe reminder Links: Connect with our guest, Chris Hughes, on LinkedIn: https://www.linkedin.com/in/resilientcyber/ Check out the article on the Fortinet exploit here: https://www.helpnetsecurity.com/2025/11/14/fortinet-fortiweb-zero-day-exploited/  Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

11 Dec 34min

Thriving Beyond Human Labor with Context-Powered AI with Daniel Miessler

Thriving Beyond Human Labor with Context-Powered AI with Daniel Miessler

The real disruption isn’t AI replacing humans, it’s the shocking possibility that human labor was the economic bubble all along. In this episode, Ron Eddings sits down with Daniel Miessler, founder of Unsupervised Learning and longtime security leader, to break open why companies are hitting record profits with shrinking workforces, and what that means for your future. Daniel shares how AI agents, context management, and his Telos problem-first framework are reshaping what it means to create value in the modern economy. From Apple to Human 3.0, Daniel explains why building in public, learning fast, and solving real problems are the ultimate career edge in an AI-powered world. Impactful Moments: 00:00 - Introduction 02:00 - Jobless profit boom accelerates 05:00 - Daniel's AI journey at Apple 08:00 - Building careers around problems 12:00 - AI bubble or timing problem 15:00 - Nine-year-old codes app in two hours 18:00 - Human labor is the bubble 22:00 - Context management changes everything 26:00 - Adaptation equals survival Links: Daniel’s Website: danielmiessler.com/ Daniel’s Github: https://github.com/danielmiessler/ Daniel’s LinkedIn: https://www.linkedin.com/in/danielmiessler/ Upcoming events: https://www.hackervalley.com/livestreams Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio

4 Dec 29min

Building EDR for AI: Controlling Autonomous Agents Before They Go Rogue with Ron Eddings

Building EDR for AI: Controlling Autonomous Agents Before They Go Rogue with Ron Eddings

AI agents aren't just reacting anymore, they're thinking, learning, and sometimes deleting your entire production database without asking. The real question isn't if your AI agent will be hacked, it's when, and whether you'll have the right hooks in place to stop it before it happens. In this episode, Ron breaks down the ChatGPT Atlas vulnerability that shocked researchers, revealing how malicious prompts can turn AI assistants against their own users by bypassing safeguards and accessing file systems. He presents his new talk "Hooking Before Hacking," introducing a framework for applying EDR principles, prevention, detection, and response, to AI agents before they execute unauthorized commands. From pre-tool use hooks that catch malicious intent to one-time passwords that put humans back in the loop, this episode shares practical security controls you can implement today to prevent your AI agents from going rogue.   Impactful Moments: 00:00 - Introduction 02:00 - ChatGPT Atlas vulnerability exposed 04:00 - AI technology outpacing security guardrails 05:00 - Guardrail jailbreaks and prompt injection 06:00 - AI agents deleting production databases 07:00 - EDR principles for AI agents 09:00 - Pre-tool use hooks catch intention 11:00 - User prompt sanitization prevents leaks 14:00 - One-time passwords for agent workflows 16:00 - Automation mistakes across 10 years   Links: Connect with Ron on LinkedIn: https://www.linkedin.com/in/ronaldeddings/ Check out the entire article here: https://www.yahoo.com/news/articles/cybersecurity-experts-warn-openai-chatgpt-101658986.html  GitHub Repository: https://hackervalley.com/hooking-before-hacking  See Ron's "Hooking Before Hacking" presentation slides here: http://hackervalley.com/hooking-before-hacking-presentation Check out our website: https://hackervalley.com/ Upcoming events: https://www.hackervalley.com/livestreams Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio

2 Dec 19min

Can AI Run Your SOC Better Than You? with Ahmed Achchak

Can AI Run Your SOC Better Than You? with Ahmed Achchak

What if your security team never missed a single alert and actually had time to think strategically? In this episode, Ahmed Achchak, CEO and Co-Founder of Qevlar AI, reveals how autonomous SOCs are reshaping security operations worldwide. From tackling alert fatigue to empowering analysts with intelligent AI-driven investigations, Ahmed shares the inside story of building a system that can act on threats faster than any human alone. Learn how Qevlar’s innovative approach is giving organizations clarity, control, and measurable ROI while freeing security teams to focus on what truly matters. Impactful Moments 00:00 - Introduction 01:30 - Founding Qevlar AI by chance 03:30 - Inefficiency of current SOCs 05:00 - Augmenting analysts, not replacing them 08:00 - AI investigating alerts at scale 11:30 - How autonomous agents handle phishing 14:30 - Why tackling all alerts maximizes ROI 17:30 - Graph technology as investigation backbone 25:00 - Limitations and randomness of LLMs 30:30 - Advice for testing AI in SOCs Links Connect with our guest Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/   Check out Qevlar’s website: https://www.qevlar.com/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

13 Nov 32min

Making Cybersecurity Marketing Creative (and a Little Sexy) with Maria Velasquez

Making Cybersecurity Marketing Creative (and a Little Sexy) with Maria Velasquez

Who said cybersecurity had to be serious? The future of cyber is creative, human, and even a little sexy. In this special 400th episode, Ron Eddings celebrates six incredible years of Hacker Valley Studio with one of cyber’s most creative voices, Maria Velasquez, Co-Founder of the Cybersecurity Marketing Society and Co-Host of Breaking Through in Cybersecurity Marketing. Together, they discuss how bold storytelling, authentic community, and a touch of fun are reshaping the way we connect in cybersecurity. Maria opens up about turning burnout into purpose, building a 4,000-strong global movement, and why the next frontier in cyber might just be entertainment.   Impactful Moments: 00:00 - Introduction 02:00 - CISA layoffs and collaboration fragility 04:00 - Welcoming Maria Velasquez 06:00 - How loneliness sparked a global community 08:00 - Why collaboration fuels cybersecurity growth 10:00 - When cybersecurity marketing was “boring” 12:00 - The rise of creativity and brand power 14:00 - Story behind Torque’s “Kill the S.O.A.R” campaign 15:00 - Making cybersecurity emotional and human 17:00 - Maria’s advice for bold marketing leaders 18:00 - The next big thing: experiential marketing 20:00 - Inside Cyber Marketing Con 2025 24:00 - Final reflections on community and creativity 27:00 - Ron’s takeaways: connection drives innovation Links: Connect with Maria on LinkedIn: https://www.linkedin.com/in/maria-vepa/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

6 Nov 30min

How to See Your Organization Like a Hacker with Chris Dale

How to See Your Organization Like a Hacker with Chris Dale

To defend like a human, you first have to think like a hacker. In this episode, Ron Eddings sits down with Chris Dale, Co-Founder and Chief Hacking Officer at River Security, to explore the human side of hacking, where curiosity, persistence, and vigilance meet defense. Chris shares how the traditional idea of penetration testing has evolved into a continuous journey of discovery, and why reconnaissance and storytelling are critical tools for modern defenders. From real-world breach stories to lessons on trust and responsibility, this episode reveals how thinking like a hacker, and acting like a human can transform the way we approach cybersecurity.   Impactful Moments 00:00 - Introduction and massive breach overview 03:00 - Trusted systems become exposure points 05:00 - Meet Chris Dale of River Security 07:00 - The problem with traditional pen testing 08:30 - Continuous reconnaissance and real-world risk 10:00 - Knowing yourself as a security principle 13:00 - The meaning of continuous vigilance 15:00 - Turning cybersecurity lessons into stories 18:00 - Storytelling and mindset in defense 19:30 - Final takeaways on fundamentals and vigilance   Links: Connect with our Chris on LinkedIn: https://www.linkedin.com/in/chrisad/ Read the Tech Radar article here: https://www.techradar.com/pro/security/f5-breach-fallout-over-266-000-instances-exposed-to-remote-attacks Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

30 Okt 25min

Coding by Vibe: The Future of AI-Built Security with Ron Eddings

Coding by Vibe: The Future of AI-Built Security with Ron Eddings

When code meets intuition, innovation gets personal. But what happens when we let AI vibe with our ideas? In this episode, Ron Eddings covers the rise of AI-driven development from Vibe Coding, where natural language shapes real code, to the emerging Model Context Protocols (MCPs) that redefine how apps talk to AI. He breaks down the recent Figma MCP vulnerability to discuss how creativity and security now collide in surprising ways. With hands-on insights using Raycast and practical steps for building responsibly, Ron takes you inside a new era where human intuition and machine intelligence truly build together.     Impactful Moments 00:00 - Introduction 01:00 - The Figma vulnerability explained 03:00 - Why MCP security matters 05:00 - What vibe coding really means 07:00 - Writing with intention and context 08:00 - The power of structured prompting 10:00 - How MCP connects everything 12:00 - Why adoption is skyrocketing 15:00 - Setting up an MCP server 17:00 - Agents, actions, and security trust 19:00 - The real takeaway: curiosity with caution 30:00 - Predictions on OpenAI’s upcoming browser 33:00 - The profit battle between OpenAI and Microsoft 35:00 - Windsurf’s rollercoaster of acquisitions   Links: Connect with our Ron on LinkedIn: https://www.linkedin.com/in/ronaldeddings/ Check out the Hacker News article here:  https://thehackernews.com/2025/10/severe-figma-mcp-vulnerability-lets.html?m=1   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

24 Okt 20min

Populärt inom Utbildning

historiepodden-se
rss-bara-en-till-om-missbruk-medberoende-2
det-skaver
alska-oss
nu-blir-det-historia
harrisons-dramatiska-historia
johannes-hansen-podcast
sektledare
allt-du-velat-veta
roda-vita-rosen
rss-sjalsligt-avkladd
not-fanny-anymore
polisutbildningspodden
sa-in-i-sjalen
vi-gar-till-historien
rss-npf-podden
rss-om-vi-ska-vara-arliga
rss-max-tant-med-max-villman
dumforklarat
rss-basta-livet