John Hubbard

John is a Security Operations Center (SOC) consultant and speaker, a Senior SANS instructor, and the course author of two SANS courses, SEC450: Blue Team Fundamentals - Security Operations and Analysis and LDR551: Building and Leading Security Operations Centers. John previously taught additional SANS Cyber Defense courses such as SEC511: Continuous Monitoring and Security Operations, and SEC555: SIEM with Tactical Analytics. Through his years of experience as a Lead Cyber Security Analyst and SOC Manager for a major pharmaceutical company with over 100,000 employees and global operations, John has developed real-world, first-hand knowledge of what it takes to defend an organization against advanced cyber-attacks.

More About John

Profile

Today, John specializes in security operations, threat hunting, network security monitoring, SIEM design and optimization, and constructing defensible networks that allow organizations to protect their most sensitive data. John's mission to improve Blue Teams worldwide led him to partner with SANS to help develop the next generation of defensive talent around the globe. With a Bachelor of Science in Electrical Engineering from Purdue University and a Master’s in Computer Engineering with a concentration in Information Assurance and Network Security from SUNY Binghamton, John ended up in the cyber defense field because he loves solving tough challenges – of which the Blue Team has a never-ending supply! He loves the dynamic nature of cyber defense and how new attacks and malware bring a new puzzle to solve every day.

John has helped solve high-profile incidents, contributing key insights through malware analysis, containment and eradication strategy, and forensics support. He continues to do defensive research and loves to spread the word on the best tools and processes for the blue team. Because he understands the struggles of a SOC job and has worked to solve many of the problems the typical SOC encounters, John’s mission is to help share the lessons he’s learned throughout his career to help fast forward improvement of security operations for organizations around the world.

Students in his class can expect John to explain difficult concepts in clear and relatable language, illustrate important ideas with stories and demonstrations, and encourage students to push themselves beyond the limit of what they thought possible.

He chose to partner with SANS because, as a student of SANS himself, he saw the difference it made in his own capabilities and career trajectory. Every time he finished another SANS class, he felt like he had a new set of superpowers. When past students tell John they've gotten incredible value out of a course he taught, webcast/talk he gave, or were able to pass a certification after finishing one of his classes, it helps remind him that he’s making the same difference in the lives of others that SANS had originally brought to him. This is exactly why he loves to teach.

John also has several professional certifications, including GIAC GMON, GIAC GPEN, GIAC GSOC, and GIAC GCTD. He is a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense, and multiple winner of the National Cyber League competition.

When not slowly turning his home into a data center, John enjoys FPV drone racing, coffee roasting, and running.

Hear John teach about Elastic Stack and the Mitre ATT&CK Framework here.

ADDITIONAL CONTRIBUTIONS BY JOHN HUBBARD:

WEBCASTS

Cyber42 Game Day: SOC version, Oct 2021

Understanding and Leveraging the MITRE ATT&CK Framework: A SANS Roundtable, Aug 6, 2020

Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework: A SANS Panel Discussion, July 28, 2020

Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework, July 21, 2020

Putting Your SOC to the Test, June 2020

Faster, Better, AND Cheaper: Improving security operations using open source tools, March 2020

2019 SANS Survey on Next-Generation Endpoint Risks and Protections, Dec 2019

3 Critical Concepts That New SOC Analysts Must Master, Dec 2019

Untapped Potential: Getting the most out of your SIEM, Oct 2019

Power up your Security Operations Center’s human capital with the new SEC450 Part 2 - Blue Team Fundamentals…Finding and training the right people!, Oct 2019

Power up your Security Operations Center with the new SEC450 Part 1 - Blue Team Fundamentals…Creating an on-ramp for new defenders!, Sept 2019

Live from the Security Operations Summit: Rethinking the SOC for Long-Term Success & 2019 SANS SOC Survey Preview, June 2019

Power up your Security Operations Center’s human capital with the new SEC450 Part 2 - Blue Team Fundamentals…Finding and training the right people!, June 2019

Power up your Security Operations Center with the new SEC450 Part 1 - Blue Team Fundamentals: Creating an on-ramp for new defenders!, May 2019

Sharing Alerts and Threat Intelligence with MISP, May 2019

Alert Investigations in the SOC - Building Your Workflow, April 2019

MITRE ATT&CK and Sigma Alerting, Feb 2019


Visit the SANS Webcast Archive for webcasts by John prior to 2019.

WHITEPAPERS

A Study of SSL Proxy Attacks on Android and iOS Mobile Applications, 2014

MORE

Sechubb.com

John's Contributions