Profile
Today, John specializes in security operations, threat hunting, network security monitoring, SIEM design and optimization, and constructing defensible networks that allow organizations to protect their most sensitive data. John's mission to improve Blue Teams worldwide led him to partner with SANS to help develop the next generation of defensive talent around the globe. With a Bachelor of Science in Electrical Engineering from Purdue University and a Master’s in Computer Engineering with a concentration in Information Assurance and Network Security from SUNY Binghamton, John ended up in the cyber defense field because he loves solving tough challenges – of which the Blue Team has a never-ending supply! He loves the dynamic nature of cyber defense and how new attacks and malware bring a new puzzle to solve every day.
John has helped solve high-profile incidents, contributing key insights through malware analysis, containment and eradication strategy, and forensics support. He continues to do defensive research and loves to spread the word on the best tools and processes for the blue team. Because he understands the struggles of a SOC job and has worked to solve many of the problems the typical SOC encounters, John’s mission is to help share the lessons he’s learned throughout his career to help fast forward improvement of security operations for organizations around the world.
Students in his class can expect John to explain difficult concepts in clear and relatable language, illustrate important ideas with stories and demonstrations, and encourage students to push themselves beyond the limit of what they thought possible.
He chose to partner with SANS because, as a student of SANS himself, he saw the difference it made in his own capabilities and career trajectory. Every time he finished another SANS class, he felt like he had a new set of superpowers. When past students tell John they've gotten incredible value out of a course he taught, webcast/talk he gave, or were able to pass a certification after finishing one of his classes, it helps remind him that he’s making the same difference in the lives of others that SANS had originally brought to him. This is exactly why he loves to teach.
John also has several professional certifications, including GIAC GMON, GIAC GPEN, GIAC GSOC, and GIAC GCTD. He is a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense, and multiple winner of the National Cyber League competition.
When not slowly turning his home into a data center, John enjoys FPV drone racing, coffee roasting, and running.
Hear John teach about Elastic Stack and the Mitre ATT&CK Framework here.
ADDITIONAL CONTRIBUTIONS BY JOHN HUBBARD:
WEBCASTS
Cyber42 Game Day: SOC version, Oct 2021
Understanding and Leveraging the MITRE ATT&CK Framework: A SANS Roundtable, Aug 6, 2020
Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework: A SANS Panel Discussion, July 28, 2020
Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework, July 21, 2020
Putting Your SOC to the Test, June 2020
Faster, Better, AND Cheaper: Improving security operations using open source tools, March 2020
2019 SANS Survey on Next-Generation Endpoint Risks and Protections, Dec 2019
3 Critical Concepts That New SOC Analysts Must Master, Dec 2019
Untapped Potential: Getting the most out of your SIEM, Oct 2019
Sharing Alerts and Threat Intelligence with MISP, May 2019
Alert Investigations in the SOC - Building Your Workflow, April 2019
MITRE ATT&CK and Sigma Alerting, Feb 2019
Visit the SANS Webcast Archive for webcasts by John prior to 2019.
WHITEPAPERS
A Study of SSL Proxy Attacks on Android and iOS Mobile Applications, 2014
MORE
