Simply Defensive

S6:E3 - Tom Dejong - Inside the BHIS SOC: Triage, Curiosity, and Career Growth

Simply Defensive — Mon, 04 May 2026 16:29:05 -0400

Episode Show Notes

S6:E3 - Tom Dejong - Inside the BHIS SOC: Triage, Curiosity, and Career Growth

Episode Summary

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells sit down with Tom Dejong, Triage Lead at Black Hills Information Security (BHIS). Tom shares his unconventional path into cybersecurity — from a South Dakota apprenticeship scholarship to becoming one of the most detail-oriented analysts in the BHIS SOC. The conversation covers the realities of SOC triage, the importance of detailed documentation, mentoring new analysts, and how AI is reshaping (but not replacing) blue team work.

Whether you're an aspiring SOC analyst, a seasoned defender, or someone curious about how to build a career in cyber without a traditional path, Tom's story and practical advice will resonate.

What You'll Learn

How the Build Dakota Scholarship led Tom from apprenticeship to a cybersecurity career
What it's really like working triage at the BHIS SOC
Why detailed ticket notes are a force multiplier for SOC teams
The hypothesis-driven approach to alert investigation
How to pivot off IPs, hashes, process names, and file paths
Why curiosity is the #1 skill for SOC analysts
How AI is being used in modern SOCs (and why it's not taking your job)
The challenge of building SOC training and webcasts
Advice for handling mistakes and learning from them

Episode Highlights

Tom's Journey Into Cyber From discovering Darknet Diaries and hearing John Strand mention Spearfish, South Dakota — the same town Tom was living in — to landing his first day at Wild West Hacking Fest 2022 as a BHIS intern.

The Triage Mindset Tom walks through his approach to investigating alerts: starting with detection logic, checking for prior tickets, and breaking down each piece of evidence in writing to make the logic click.

Documentation as a Superpower Why Tom believes detailed notes aren't just nice-to-have — they're essential for the next analyst down the line and for his own thought process.

AI in the SOC Tom's honest take on using AI for investigations, polishing client communications, and writing detection logic — plus why he's not worried about it taking his job.

Advice for Blue Teamers You're going to make mistakes. Use them as learning experiences. Lean on your teammates. Stay curious.

Timestamps

00:00 Intro and Welcome
01:00 Tom's Role at the BHIS SOC
01:30 From Apprenticeship to Cybersecurity: The Build Dakota Story
03:00 Discovering BHIS Through Darknet Diaries
04:00 Wild West Hacking Fest as Day One
04:30 Behind the Scenes of a SOC Webcast
06:30 The Art of Alert Triage and Pivoting
08:30 Building Conference Talks and Training Content
10:30 Where Tom Sees His Career Going
11:30 Why Curiosity Is the #1 SOC Skill
12:30 Favorite Alert Types to Work
14:00 Round Robin vs. Self-Assigned Tickets
15:00 Note-Taking and Documentation Best Practices
19:00 Building a Hypothesis When an Alert Comes In
20:30 AI in the SOC: Hype, Reality, and Use Cases
24:00 Will AI Replace SOC Analysts?
26:00 Training Resources for New Analysts
28:00 Advice for Aspiring Blue Teamers
29:30 Closing Thoughts

Resources Mentioned

Black Hills Information Security: https://www.blackhillsinfosec.com/
Antisyphon Training: https://www.antisyphontraining.com/
Build Dakota Scholarship: https://www.builddakotascholarships.com/
Darknet Diaries Podcast: https://darknetdiaries.com/
Wild West Hacking Fest: https://wildwesthackinfest.com/

Connect with Tom

LinkedIn: Tom Dejong at Black Hills Information Security
BHIS Webcasts & Workshops: Available through Black Hills Information Security

Connect with Your Hosts

Josh Mason: https://www.linkedin.com/in/joshuacmason/
Wade Wells: https://www.linkedin.com/in/wadingthrulogs/

S6E2: John Hammond on Security Research, Storytelling, Deception, and Getting Hired in Cybersecurity

Simply Defensive — Tue, 17 Mar 2026 11:57:34 -0400

John Hammond on Security Research, Storytelling, and Deception for Defenders

In this Simply Defensive episode, hosts Josh Mason and Wade Wells interview John Hammond, a Huntress security researcher, YouTuber, and educator, about his career path and defensive research. Hammond explains he has never worked as a penetration tester, SOC analyst, or detection engineer, instead “falling into” security research through hands-on Capture the Flag work and building cyber threat emulation course content, earning Offensive Security’s OSCE3 bundle recognition. He discusses why storytelling and communication are critical for translating attacker tradecraft into actionable defenses, emphasizing understanding the attack chain to identify places to break it. He recommends building a public portfolio of write-ups and notes, and says multiple creators covering the same topic can still provide value through different explanations. The conversation also highlights endpoint deception and honeypots, challenges of reversing compiled binaries versus script-based malware, and his advice to document thoroughly in shared organizational knowledge bases.

00:00 S6E2: John Hammond on Security Research, Storytelling, Deception, and Getting Hired in Cybersecurity
01:27 Meet John Hammond
01:57 Security Researcher Life
04:43 OffSec Certs Explained
06:55 From CTF to Research
08:47 Storytelling in Cyber
12:10 Turning Attacks to Defense
15:19 Getting Hired as Researcher
16:48 Portfolio and Honeypots
19:05 Make the Video Anyway
21:40 Alternate Data Streams Nerdout
23:36 CTFs Then and Now
24:28 Life Shifts Priorities
25:44 Beyond CTFs Next Trend
26:52 Deception Meets Detection
28:48 Honeypots and Program Maturity
31:13 Malware Reversing Boss Fights
35:09 Blue Team Advice Document Everything
37:51 Where to Find John and Training
38:49 Wrap Up and Farewell

From Blue Team Challenges to AI Innovations: A Conversation with Jason Haddix

Josh and Wade — Tue, 24 Feb 2026 10:00:00 -0500

In this episode of Simply Defensive, Josh Mason and Wade Wells sit down with Jason Haddix — CISO veteran, AI security thought leader, and founder of Arcanum Information Security — for a wide-ranging conversation on where AI is actually headed in cybersecurity, and what blue teamers need to know right now.

Jason shares what he's learned from running AI scaling assessments inside major enterprises, why most organizations are still in the early stages of AI adoption, and how the industry needs to stop thinking about AI security like traditional web app security. He breaks down the stages of AI adoption (from custom bots to agents), explains why input validation is a losing game for LLM security, and makes the case for classifiers, guardrails, and LLM-based routing as the real defense-in-depth play for AI systems.

Wade and Jason also revisit the Red Blue Purple AI course, talk through how RAG and context engineering are transforming what's possible for blue teamers, and discuss why the credential leakage problem is still one of the biggest vectors defenders aren't taking seriously enough.

Topics covered:

Why CTI struggles to prove value — and where it actually matters most
Stealer logs, credential leakage, and when rolling an account isn't enough
AI adoption stages: custom bots → RAG → agents
Why SOAR skepticism is a preview of AI hesitancy
Context engineering vs. prompt engineering
Defending AI systems: prompt-level protections, classifiers, guardrails, and LLM routing
When does a prompt become IP?
Jason's advice for blue teamers: embrace AI as a tool, find your annoying tasks, and start chipping away

Connect with Jason Haddix:

Twitter/X: @jhaddix
Arcanum Information Security: arcanam-sec.com
GitHub (free tools & resources): ARCanum Information Security on GitHub
Newsletter: Executive Offense by Jay Haddix

Resources mentioned:

Red Blue Purple AI Course (ARCanum)
Flare (threat intelligence / credential monitoring): flare.io
Detections.ai

Connect with the Hosts:

Josh Mason: linkedin.com/in/joshuacmason
Wade Wells: linkedin.com/in/wadingthrulogs

From Pre-Law to FLARE: How Josh Stroschein Became Google's Malware Analyst

Simply Cyber Media Group — Mon, 01 Dec 2025 09:30:00 -0500

In this episode of Simply Defensive, Josh Mason and Wade Wells sit down with Josh Stroschein — aka The Cyber Yeti — a former professor turned reverse engineer now working on one of the largest malware analysis teams in the world.

Josh shares his unconventional path through .NET development, credit card processing security, and academia before landing at Google. He opens up about teaching reverse engineering while learning it himself, building educational CTFs, and the realities of making it as a full-time reverse engineer in an industry where those roles are rare.

What you'll hear:

🔹 From pre-law to pilot training to PhD in cybersecurity

🔹 How teaching RE forced him to truly master it

🔹 Life inside Google's FLARE team (via Chronicle → Mandiant)

🔹 Flareon CTF — the RE challenge that's run for 12 years

🔹 A wild Black Hat NOC story involving an infected Mac and Atomic Stealer

🔹 Using AI to build malware samples for training labs

🔹 Why going low-level is the best advice for blue teamers

Chapters:

00:00 Introduction and Welcome

00:50 Josh's Connection to Dr. Gerald Auger

02:00 The Non-Traditional Path: Pre-Law, Pilot Training & .NET Dev

05:00 Getting Into Security at a Credit Card Processor

07:00 Teaching Reverse Engineering at Dakota State

10:00 Flareon CTF and Educational CTF Design

14:00 Is Reverse Engineering Offensive or Defensive?

17:00 How Rare Are Full-Time RE Roles?

21:00 The Path to Google: Chronicle, Mandiant & FLARE

25:00 Learning Through Teaching and YouTube Content

28:00 Black Hat NOC Story: Catching Atomic Stealer Live

33:00 Using AI to Create Malware Training Samples

37:00 Building a Defang Tool (and .NET Nightmares)

40:00 Advice for Blue Teamers: Go Low-Level

🎧 Find Josh Stroschein:

→ Website: https://www.thecyberyeti.com

→ YouTube: The Cyber Yeti

→ Podcast: The Cyber Yeti Podcast

👥 Connect with the Hosts:
→ Josh Mason: https://www.linkedin.com/in/joshuacmason/
→ Wade Wells: https://www.linkedin.com/in/wadingthrulogs/
→ Swimlane: https://www.linkedin.com/company/swimlane

🎙️ Listen on Your Favorite Platform:
→ Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4
→ Apple Podcasts: https://podcasts.apple.com/us/podcast/simply-defensive/id1773806182
→ Full Playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4

👍 If you enjoyed this episode, don't forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity professionals who are doing the work.

=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group

Building Zero Trust Tools: Inside ThreatLocker with Product Manager Yuriy Tsibere

Simply Cyber Media Group — Mon, 24 Nov 2025 09:30:00 -0500

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells welcome Yuriy Tsibere, Product Manager at ThreatLocker, for a behind-the-scenes look at how security products actually get built.

Yuriy's path to cybersecurity started in Ukraine, where he worked in telecom during sophisticated APT campaigns that lasted over a year. Now at ThreatLocker, he shapes the tools defenders use daily—from allow listing to compliance automation.

Episode Highlights:

What product managers actually do at security companies
APT attack patterns: social engineering meets technical exploitation
How allow listing, ring fencing, and network control protect endpoints
Defense Against Configuration (DAC): automating FedRAMP, HIPAA, and NIST compliance
Why misconfigurations remain one of the biggest security gaps
Balancing strict security with real-world usability
Yuriy's top advice for defenders: Educate your personnel

Key Takeaway: Most breaches still come from employees clicking without paying attention. Security products matter, but user education accounts for the largest share of issues. Yuriy also emphasizes that when compliance drift happens—when systems become uncompliant—it should trigger an investigation into what changed and why.

Resources Mentioned:

ThreatLocker Zero Trust Endpoint Protection
Defense Against Configuration (DAC) for compliance monitoring
Zero Trust World Conference

Perfect for blue teamers, SOC analysts, security engineers, and anyone interested in how security products evolve from concept to deployment.

Connect with Yuriy Tsibere (Guest) on LinkedIn: https://www.linkedin.com/in/yuriy-tsibere/

🔗 Links & Resources:
→ ThreatLocker Free Trial: https://www.threatlocker.com/simplydefensive
→ Zero Trust World Conference: https://www.intlcybersec.org/zerotrustworldmain

💡 Brought to you by ThreatLocker – Secure your business with zero trust application control. https://www.threatlocker.com/simplydefensive

=========================
Sponsored by @ThreatLocker - Free 30-day trial visit:
https://www.threatlocker.com/simplydefensive
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group

Cyber Insurance Explained: What Blue Teams Need to Know Before an Incident

Simply Cyber Media Group — Mon, 17 Nov 2025 09:30:00 -0500

From teaching AP art history to brokering cyber insurance deals. 🎓➡️🛡️

In this episode of Simply Defensive, Josh Mason and Wade Wells sit down with Andy Runyan from Yukon to break down everything blue teamers need to know about cyber insurance — before an incident happens. Andy shares his unconventional journey from fourth-generation educator and baseball coach to becoming a cyber insurance specialist, and explains why understanding your policy is just as important as your incident response plan.

What you'll hear:
🔹 How cyber insurance actually works (and what it doesn't cover)
🔹 Why having an incident response retainer matters — before you need it
🔹 The role of cyber insurance in incident response and recovery
🔹 Third-party contract requirements and state mandates on the rise
🔹 Common mistakes companies make when filing claims
🔹 FTC Safeguard Rules and what they mean for businesses
🔹 How to prepare your organization for cyber insurance requirements
🔹 What lowers premiums (and what should, but doesn't)

Why This Matters for Blue Teamers:
If you're in a SOC or handling incident response, you will interact with cyber insurance at some point. Understanding how policies work, what triggers coverage, and how to prepare can make the difference between a smooth recovery and a catastrophic financial loss. This episode gives you the insider knowledge to help your organization be ready.

⏱️ Timestamps:
00:00 Introduction and Welcome
00:15 Andy's Unique Background: From Teacher to Cyber Insurance
03:00 Getting Into Cyber Insurance in 2019
04:00 The Wild West of Cyber Insurance During COVID
06:00 When Companies Actually Buy Cyber Insurance
08:00 What Blue Teamers Need to Know About Insurance
10:00 The Problem with Incident Response Retainers
12:00 How Insurance Companies Handle IR vs. What You Need
15:00 Multi-Factor Authentication and Premium Discounts
18:00 Why Having an IR Plan Doesn't Lower Your Premium (But Should)
21:00 Third-Party Contract Requirements on the Rise
24:00 State Mandates: What's Coming Next?
27:00 FTC Safeguard Rules and Compliance Reality
30:00 Where to Learn More About Yukon

🔗 Connect with Andy Runyan:
→ Yukon Website: https://www.ukon.com
→ LinkedIn: https://www.linkedin.com/in/andy-runyan
→ Email: andy.runyan@ukon.com

Building Forensics Tools That Last | Brian Carrier (Autopsy, Sleuth Kit)

Simply Cyber Media Group — Mon, 10 Nov 2025 09:30:00 -0500

Josh Mason and Wade Wells sit down with Brian Carrier, the creator of Sleuth Kit and Autopsy, two of the most widely used digital forensics tools in the world. They dig into how Brian got his start in the early days of computer forensics, how open source shaped his career, and what he’s building now with Cyber Triage.

From stories about government funding and tool rewrites to the evolving balance between open source and commercial software, this episode is packed with insight for blue teamers, DFIR pros, and anyone who cares about investigation tooling that actually works.

Watch to hear:

The 25-year evolution of Sleuth Kit & Autopsy
How Cyber Triage simplifies investigations for SOCs
The tradeoffs between open source and commercial tools
What Brian sees next in AI-driven forensics

⏱️ Timestamps:
00:00 Introduction and Guest Introduction
00:15 Brian Carrier's Journey with Sleuth Kit and Autopsy
02:06 Evolution and Funding of Autopsy
06:52 Open Source vs. Commercial Software
10:16 Future Roadmap and Innovations
14:16 Autopsy and Cyber Triage for Blue Teamers
16:24 Challenges in EDR and SOC Analysis
16:41 Investigative Process and Clues
17:18 Handling Noisy Data in EDR
17:49 Importance of Tracing Malware
18:28 Deploying Additional Collectors
19:25 Feedback from the Community
21:21 Cyber Insurance and Incident Response
23:34 Automation in Forensics
28:41 Advice for Blue Teamers
30:12 Conclusion and Final Thoughts

Links:
🎧 Listen on Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4
🍎 Listen on Apple Podcasts: https://podcasts.apple.com/us/podcast/simply-defensive/id1668519478
💻 Learn more about Sleuth Kit: https://sleuthkit.org/
🔍 Try Autopsy: https://www.autopsy.com/
🧠 Explore Cyber Triage: https://www.cybertriage.com/

Connect with Brain:
👤 Brian Carrier on LinkedIn: https://www.linkedin.com/in/brian-carrier-169243/
🏢 Sleuth Kit / Basis Technology on LinkedIn: https://www.linkedin.com/company/basis-technology/
💼 Cyber Triage on LinkedIn: https://www.linkedin.com/company/cyber-triage/

Don't forget to like, subscribe, and hit the bell icon for more blue team content!

🔗 Follow the hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason/
Wade Wells: https://www.linkedin.com/in/wadingthrulogs/

💡 Brought to you by ThreatLocker – Secure your business with zero trust application control. https://www.threatlocker.com/simplydefensive

🎙️ More Simply Defensive
- Full playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4
- Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4
- Apple Podcasts: https://podcasts.apple.com/il/podcast/simply-defensive/id1773806182

👍 If you enjoyed this episode, don’t forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity leaders.

Balancing Education and Real-World Cybersecurity with a SOC Analyst Student

Simply Cyber Media Group — Mon, 03 Nov 2025 09:30:00 -0500

In this episode of Simply Defensive, host Josh Mason and co-host discuss their experiences and challenges in cybersecurity, along with guest Victoria, a student and SOC analyst at UNLV.

The conversation covers the complexities of building a Security Operations Center (SOC) and compares academic learning with real-world applications. Victoria shares insights from her studies and practical work, including developing a SOC program at UNLV and addressing common cybersecurity misconceptions.

The episode highlights the importance of communication, real-world projects, continuous learning, and the balance between technical and business aspects of cybersecurity.

00:00 Introduction and Host Banter
00:20 Guest Introduction: Victoria
01:03 Building a SOC: Challenges and Experiences
01:29 Education vs. Real-World Experience
02:29 SOC Class and Practical Training
03:49 Group Projects and Communication
07:14 Real-Life Incident Stories
10:33 Getting into Cybersecurity: Victoria's Journey
12:54 Business Side of Cybersecurity
16:17 The Cost of MFA and Free Alternatives
16:31 Lock Picking and Security Value
17:30 Teaching Cybersecurity Concepts
18:44 Consulting Experience for Students
19:15 Client Feedback and Confidential Reports
19:52 Challenges in Cybersecurity Projects
20:27 Transitioning into the SOC
22:34 Federal and State Regulations
26:16 Advice for Blue Teamers
28:06 Conclusion and Farewell

Don't forget to like, subscribe, and hit the bell icon for more blue team content!

From Help Desk to SOC: How KevTech Broke Into Cybersecurity Without Certs

Simply Cyber Media Group — Mon, 20 Oct 2025 09:30:00 -0400

What happens when you go from fixing executives’ laptops at Goldman Sachs to defending against cyber threats in a SOC?

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells sit down with Kevin Apolinario — better known as KevTech — to unpack his journey from IT support to cybersecurity analyst, all without a single certification.

Kev gets real about what it’s actually like to land your first SOC role: the flood of alerts, the burnout, learning Excel the hard way, and relying on ChatGPT to survive scripting. He also shares how TryHackMe, Hack The Box, and constant hands-on practice built the foundation for his success.

If you’ve ever wondered what breaking into cybersecurity really looks like, this conversation pulls back the curtain — no fluff, no spin, just honest talk from the trenches.

Chapters:
00:00 Introduction and Welcome
00:29 Guest Introduction: Kev Apolinario
00:51 Transition to SOC Analyst Role
01:53 Challenges and Learning in Cybersecurity
06:43 Handling Alerts and Fatigue
10:26 Importance of Teamwork and Asking for Help
19:56 Executive Support Experience
27:02 Advice for Aspiring Blue Teamers

Follow Kevin on YouTube: https://youtube.com/@kevtechitsupport
Connect with Kevin on LinkedIn: https://www.linkedin.com/in/itprofessionalkevinapolinario

Don't forget to like, subscribe, and hit the bell icon for more blue team content!

Detection Engineering Tutorial: Cloud Security, Kubernetes Logging & SOC Career Path

Simply Cyber Media Group — Mon, 13 Oct 2025 09:30:00 -0400

In this episode of Simply Defensive, we sit down with JB, a Senior Cybersecurity Engineer working in detection engineering. JB shares his journey from SOC analyst to detection engineer, diving deep into the challenges of cloud-native security, Kubernetes logging, and building a sustainable career in cybersecurity.

What We Cover:

What detection engineering actually means in 2025
Working with dual-cloud environments (AWS + GCP)
The challenges of Kubernetes logging and ephemeral containers
SANS FOR508 (Digital Forensics and Threat Hunting) experience
How to avoid burnout in InfoSec
Building a SOC career: What do entry-level analysts really need to know?
Work-life balance with kids and an ambitious security career
DefCon stories and the Octopus Games competition

Resources & Links Mentioned:

Live Overflow's Hextree.io learning platform: https://hextree.io
SANS FOR508 (GCFA): https://www.sans.org/cyber-security-courses/advanced-incident-response-threat-hunting-training/
Marcus Hutchins (MalwareTech) on LinkedIn: https://www.linkedin.com/in/malwaretech/
Graham Helton's Kubernetes security work: https://www.linkedin.com/in/grahamhelton3/
Simply Defensive Podcast: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4

Connect with JB:

YouTube: @JBCulbert
Twitter/X: @JBTweetsStuff

Timestamps:

00:00 Introduction and Guest Welcome

00:50 JB's Day-to-Day Role in Cybersecurity

01:47 Past Experiences and Career Journey

02:27 Challenges in Detection Engineering

03:23 Kubernetes and Incident Investigation

03:51 SANS Classes and CTF Experiences

09:07 Remote vs In-Person Learning

11:21 Future Plans and Learning Platforms

14:13 Docker and Kubernetes in Labs

16:11 The Reality of Cybersecurity Skills

16:40 Defcon and Octopus Games

22:04 Balancing Cybersecurity and Personal Life

31:01 Advice for Aspiring Blue Teamers

32:57 Final Thoughts and Farewell

Don't forget to like, subscribe, and hit the bell icon for more blue team content!

Hands-On Defense: Markus Schober on DFIR, Labs, and Building Better Blue Teamers

Simply Cyber Media Group — Mon, 06 Oct 2025 09:30:00 -0400

In this episode of Simply Defensive, Josh Mason and Wade Wells sit down with Markus Schober, founder of Blue Cape Security, to talk all things digital forensics, incident response (DFIR), and why hands-on training beats theory every time.

We dig into:
🔹 The hidden value of building your own cyber range
🔹 How IR pros train using real attacks (and why they need red team skills)
🔹 Eric Zimmerman's forensics tools and practical lab setups
🔹 Ransomware war stories from Fortune 100 response
🔹 The role (and limitations) of AI in forensics
🔹 How to break into DFIR as a practitioner — not just a paper tiger

Whether you’re building detections, teaching DFIR, or just figuring out where to start, this one’s for you.

👇 Timestamps https://www.bluecapesecurity.com/& Resources
0:00 Intro & ThreatLocker sponsorship
2:00 Markus' journey from responder to trainer
5:00 What makes a good DFIR workshop?
7:00 Building a cyber range that doesn’t suck
10:00 Favorite open-source tools (hint: Zimmerman)
14:00 Consulting vs. in-house IR
19:00 APT10, ransomware, and real-world incidents
24:00 Can AI replace forensic analysts?
27:00 Where to find Markus' courses
29:00 Parting wisdom for aspiring defenders

📚 Check out Blue Cape Security:
→ https://www.bluecapesecurity.com/
→ Hands-on IR & Forensics Labs
→ Certification (coming soon!)

🔗 Follow the hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason/
Wade Wells: https://www.linkedin.com/in/wadingthrulogs/

💡 Brought to you by ThreatLocker – Secure your business with zero trust application control.

Cyber Threat Intelligence for Blue Teams with Jordan Kalm (Morado COO)

Simply Cyber Media Group — Mon, 15 Sep 2025 09:30:00 -0400

From Army recon missions to building Morado, COO Jordan Kalm reveals how military intelligence tactics translate into modern cyber threat intelligence. In this Simply Defensive episode, Josh Mason and Wade Wells dive into what really works for blue teams and SOC analysts — and what’s just noise.

👉 If you’ve ever wondered how to turn raw intel into actionable defense, this conversation is packed with practical takeaways you can use right away.

⏱ Timestamps
0:00 – Intro & Jordan’s background
4:00 – From infantry recon to threat intel
12:00 – Building a threat intel platform that works
20:00 – What blue teams actually need
33:00 – Advice for new defenders

🔗 Connect with Jordan & Morado
Jordan Kalm: https://www.linkedin.com/in/jordan-kalm-2a562b5b/
Morado: https://www.morado.io/

👥 Connect with us on LinkedIn:
- Josh Mason (Co-Host): https://www.linkedin.com/in/joshuacmason
- Wade Wells (Co-Host): https://www.linkedin.com/in/wadingthrulogs/
- Kevin Mata (Guest): https://www.linkedin.com/in/kevinmata
- Swimlane: https://www.linkedin.com/company/swimlane

=========================
Sponsored by ThreatLocker - Free 30-day trial of ThreatLocker
https://www.threatlocker.com/simplydefensive
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group

How a Detective Became the Ginger Hacker: SOC Life, Job Hunts & Blue Team Wisdom

Simply Cyber Media Group — Mon, 08 Sep 2025 09:30:00 -0400

From the streets to the SOC. 💻

In this episode of Simply Defensive, Josh Mason and Wade Wells talk with Andrew Crotty — aka Ginger Hacker. A former detective turned Tier 3 SOC analyst and Army reservist, Andrew shares his journey into cyber, the struggles of breaking in, and the lessons he’s learned (including the rookie mistake that accidentally dosed the DMV 👀).

What you’ll hear:
🔹 Andrew’s pivot from law enforcement to cybersecurity
🔹 SOC life, schedules, and fighting burnout
🔹 Job hunting, recruiters, and landing that first role
🔹 Why soft skills matter as much as technical skills
🔹 Andrew’s advice for blue teamers: ask why, stay curious, fight alert fatigue

📺 Check out Andrew’s channel, Ginger Hacker: https://www.youtube.com/@gingerhacker

🎙️ More episodes of Simply Defensive: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4&si=TqefAfDjdR1AYt1c

👥 Connect with Us on LinkedIn:
- Josh Mason (Co-Host): https://www.linkedin.com/in/joshuacmason
- Wade Wells (Co-Host): https://www.linkedin.com/in/wadingthrulogs/
- Kevin Mata (Guest): https://www.linkedin.com/in/kevinmata
- Swimlane: https://www.linkedin.com/company/swimlane

Automating the Blue Team | Kevin Mata (Swimlane) on SOAR & AI in Cybersecurity

Simply Cyber Media Group — Tue, 02 Sep 2025 09:30:00 -0400

Automation is changing the way defenders work. In this episode of Simply Defensive, we sit down with Kevin Mata, Director of Cloud Operations at Swimlane, to talk about his journey from flipping burgers at In-N-Out to flipping SOC alerts with automation, SOAR, and AI.

Kevin shares how he got started in cybersecurity, how Swimlane helps Blue Teams save time and reduce alert fatigue, and where AI is already making a difference in the SOC. Along the way, he and Wade swap stories about early career struggles, Python hacks, and the future of automation in security operations.

If you’ve ever wondered how much you can trust automation, what SOAR really does in a SOC, or how AI will shape the future of defenders—this episode is for you.

👉 What You’ll Learn in This Episode:
- Kevin’s unique career journey: In-N-Out → SOC → Swimlane leadership
- How to use automation to supercharge Blue Team efficiency
- The role of SOAR platforms in ticketing, response, and orchestration
- Where AI fits into SOC operations (and where it doesn’t…yet)
- Tips for defenders at any stage of their career

🔗 Links & References from the Episode:
- Swimlane: https://swimlane.com
- Recorded Future: https://www.recordedfuture.com
- VirusTotal: https://www.virustotal.com
- Mistral AI: https://mistral.ai

Inside Hack Defender Academy: Gamified Malware Training for Blue Teamers

Simply Cyber Media Group — Mon, 25 Aug 2025 09:30:00 -0400

Ready to level up your defensive cybersecurity skills? In this episode of Simply Defensive, Josh Mason and Wade Wells sit down with Dan Regalado and Belem — the founders of Hack Defender Academy — to explore how they’re using CTF-style challenges, real malware cases, and gamification to prepare the next generation of defenders.

💡 We cover:

Why gamified, CTF-style learning works better than traditional training
How Hack Defender Academy helps beginners grow into skilled malware analysts
The role of AI in threat research — friend, foe, or both?
The importance of staying hungry and keeping your edge as a blue teamer

🚨 Special Gift for Our Listeners: Hack Defender Academy is giving away one free certification pass! Details in the episode.

🔗 Links from the episode

Hack Defender Academy
🌐 Website: academy.hack-defender.com
▶️ YouTube: Hack Defender Official
📱 TikTok: @HackDefOfficial
📸 Instagram: @HackDefOfficial
🐦 X (Twitter): @HackDefOfficial
💼 LinkedIn: Hack Defender
📘 Facebook: Hack Defender

Connect with our guests
🔹 Dan Regalado – LinkedIn
🔹 Belem – LinkedIn

Simply Defensive Podcast
🎧 Spotify: Simply Defensive
🎧 Apple: Simply Defensive

Sponsor
💼 Thanks to ThreatLocker for supporting this episode.

👍 If you enjoyed this conversation, hit Like, Subscribe, and ring the 🔔 so you don’t miss our weekly episodes!
Drop a comment with the biggest challenge you’ve faced as a blue teamer — we’d love to hear your story.

=========================
Sponsored by ThreatLocker - Free 30-day trial of ThreatLocker
https://www.threatlocker.com/simplydefensive
=========================
Connect with your hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason
Wade Wells: https://www.linkedin.com/in/wadingthrulogs
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group

Rob Allen (ThreatLocker) on Zero Trust, Proactive Security, and Ransomware Prevention

Simply Cyber Media Group — Mon, 18 Aug 2025 09:30:00 -0400

In Season 4, Episode 4 of Simply Defensive, hosts Josh Mason and Wade Wells sit down with Rob Allen, Chief Product Officer at ThreatLocker, to dive deep into the world of Zero Trust security, proactive cybersecurity strategies, and ransomware prevention.

Rob shares expert insights on:

Proactive vs. Reactive cybersecurity — why a balanced security stack matters
How Zero Trust infrastructure can stop cyber attacks before they start
ThreatLocker’s "Deny by Default" approach to endpoint and application control
The importance of application definitions for effective security
Why AI is not the silver bullet for cybersecurity defense
Common security myths and misconceptions that put organizations at risk

Whether you’re a SOC analyst, detection engineer, IT manager, or anyone interested in protecting against ransomware, this episode offers practical, real-world strategies for building a stronger cyber defense posture.

Timestamps:
00:00 – Introduction and Host Greetings
00:23 – Guest Introduction: Rob Allen from ThreatLocker
00:44 – Rob Allen's Role and Responsibilities
02:30 – Proactive vs. Reactive Cybersecurity Approaches
03:54 – Challenges in Cybersecurity Detection
05:24 – ThreatLocker’s Deny by Default Approach
09:48 – The Importance of Application Definitions
16:52 – Security Myths and Misconceptions
18:53 – AI in Cybersecurity: Hype vs. Reality
23:32 – Travel Plans and Closing Remarks

🔗 Connect with Rob Allen & ThreatLocker
Website: https://www.threatlocker.com/
LinkedIn: https://www.linkedin.com/company/threatlocker/

Why Your CISO Needs a “Shut Up, Boss” Button

Simply Cyber Media Group — Mon, 04 Aug 2025 09:30:00 -0400

What if GitHub sucks for security detections—and AI is finally good enough to replace it?

Join Josh Mason and Wade Wells as they sit down with Aaron Mog, the outspoken founder of Detections.ai, to unpack why detection engineering is broken—and how his new platform signed up 4,000+ users in just two weeks.

Aaron doesn’t hold back. From ranting about GitHub’s failures to sharing how AI is now actually useful for real-world detections, this episode goes deep into:

Why most teams still build detections in silos (and waste time doing it)
What makes detections fail—and what 80% of orgs get wrong
How Detections.ai uses prompt engineering and log analysis to generate battle-ready alerts
Why vendors will never cover all your detection needs (and that’s okay)

Whether you're a threat hunter, detection engineer, or just AI-curious, this episode will challenge your assumptions and give you practical ideas to level up your SOC.

Connect with Aaron on LinkedIn: https://www.linkedin.com/in/aaronmog
https://detections.ai/ Code “SimplyCyber”

👉 Subscribe for more real talk on cyber defense.
🎧 Listen in and get ahead of the curve.

Chapters:
00:00 Introduction and Guest Welcome
00:31 Aaron Mog and Detections.ai Overview
01:58 Community-Driven Detection Engineering
04:24 AI Integration and Product Evolution
06:20 Challenges in Detection Engineering
08:11 AI's Role in Detection Engineering
15:51 Vendor Limitations and Custom Solutions
16:54 Microsoft's Limitations in Cybersecurity
17:23 The Evolution of Threat Hunting
18:07 Collaborative Approach to Cybersecurity
20:07 Crowdsourcing and AI in Detection Engineering
20:57 Challenges and Innovations in AI for Security
21:37 AI's Role in Detection and Response
23:25 Elastic's Blog and Detection Engineering
24:29 AI in Summarizing and Enhancing Security Reports
28:14 Community and Commercial Aspects of AI in Security
32:18 Conclusion and Community Engagement

Why Jack in the Box Might Have the Best Security Team in Fast Food

Simply Cyber Media Group — Mon, 28 Jul 2025 09:30:00 -0400

How does a Navy fire control tech who once wrangled a six-barrel death robot become the head of security operations at Jack in the Box? In this episode of Simply Defensive, we sit down with Chris Julio — SOC Manager, veteran, and self-proclaimed lover of both metrics and munchie meals.

Chris shares his journey from Windows NT and dot-matrix printers to modern InfoSec leadership, explains what he actually looks for when hiring blue teamers (hint: it's not your certs), and drops tactical insights on building a metrics program that actually matters to the business.

We also talk about:

The chaos theory of SOC alerts
The power of curiosity in detection work
Building a team culture that beats burnout
Why your legal team doesn’t care about phishing — and how to change that

Oh, and there's a fast-food burger debate. No spoilers, but lines are drawn.

Whether you're just getting started in security or leading your own team, this episode’s got something for you.

Connect with Chris on LinkedIn:
🔗 https://www.linkedin.com/in/christopherjulio/

Chapters:
00:00 Introduction and Guest Welcome

00:43 Chris Julio's Navy Background

04:27 Transition to Cybersecurity

06:42 Hiring and Team Building Insights

21:36 Balancing Work and Family Life

25:53 Engaging with the InfoSec Community

27:09 Final Thoughts and Advice for Blue Teamers

28:16 Closing Remarks and Sponsor Acknowledgment

Coffee Is Your Top Supply Chain Risk: A Conversation with Kyle Kelly

Simply Cyber Media Group — Mon, 21 Jul 2025 09:30:00 -0400

SOC analysts, detection engineers, and pentesters—you’re not imagining it: software supply chain security is a dumpster fire 🔥. In this episode of Simply Defensive, we sit down with Kyle Kelly, engineering manager at GitHub and author of Crime Hacks, to unpack the chaos.

We cover:
- Why malicious packages are sneaking past defenders
- The truth about SBOMs (and what most orgs are doing wrong)
- How to spot typo-squatting and backdoored build scripts
- What defenders can do—even if you're not building the code
- Why “just NPM install” is more dangerous than you think

From transitive dependencies to the hidden power of private package repositories, this episode is packed with practical insights, hilarious stories, and advice every blue teamer needs.

Episode Links:
🔗 Kyle’s blog: https://crimehacks.com
👨‍💻 Kyle on LinkedIn: https://www.linkedin.com/in/kyle-m-kelly
📰 Crime Hacks on LinkedIn: https://www.linkedin.com/company/crimehacks

=========================
Sponsored by ThreatLocker - Free 30-day trial of ThreatLocker https://www.threatlocker.com/simplydefensive
=========================
Connect with your hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason
Wade Wells: https://www.linkedin.com/in/wadingthrulogs
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group

S3 E8: Innovations in Cybersecurity: A Conversation with Threat Locker's John Liliston

Simply Cyber Media Group — Mon, 02 Jun 2025 09:30:00 -0400

In the final episode of Season 3 on Simply Defensive, hosts Josh Mason and Wade Wells welcome John Liliston, the Product Director at ThreatLocker.

John shares his journey into cybersecurity, his role at ThreatLocker, and his thoughts on the evolution of security solutions. He discusses ThreatLocker's approach to zero trust, the impact of AI on cybersecurity, and the unique integration of application control and threat detection in their offerings.

The episode also covers John's experiences and insights from recent conferences like RSA and potential future advancements in the industry. Tune in for an in-depth discussion on defensive cybersecurity and innovative product design.

Connect with John on LinkedIn: https://www.linkedin.com/in/john-lilliston-4725217b/

00:00 Introduction to Simply Defensive

00:31 Meet John Liliston: Threat Locker's Product Director

02:35 John's Journey into Cybersecurity

03:45 Transitioning to Product Design

04:52 Balancing Roles at Threat Locker

06:10 Emerging Threats and Product Development

17:47 The Future of Security Solutions

24:56 Concluding Thoughts and Upcoming Events

=========================
Connect with your hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason
Wade Wells: https://www.linkedin.com/in/wadingthrulogs
=========================
Sponsored by ThreatLocker @ThreatLocker
Allow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform from ThreatLocker. Learn more at https://simplycyber.io/threatlocker
=========================
Simply Cyber empowers people who want a rewarding cybersecurity career 💪
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group

S3 E7: Cybersecurity Chat with Chuck Sapp | From Military Service to Cyber Awareness

Simply Cyber Media Group — Mon, 19 May 2025 09:30:00 -0400

Join hosts Josh and Wade as they sit down with Charles (Chuck) Sapp, a seasoned cybersecurity expert and security awareness specialist. In this episode, Chuck shares his unique journey from serving in the Marine Corps to becoming an influencer in the cybersecurity community.

Gain insights into his military background, his passion for educating others about cybersecurity, and engaging stories from his experiences. Chuck also previews his upcoming talk for BSides Tampa 2025, offering valuable advice on tailoring security training for diverse audiences.

Don't miss this opportunity to tap into his innovative approach to cybersecurity awareness!

Connect with Chuck on LinkedIn: https://www.linkedin.com/in/chucksapp/
Check out the article discussed: https://www.staysafeonline.org/articles/ai-fools-stay-sharp

00:00 Introduction and Guest Welcome

01:18 Chuck's Background and Military Experience

03:54 Transition to Cybersecurity

06:29 Hackspace Con Story

10:35 Upcoming Talk and Security Awareness

15:15 Challenges in Security Awareness

20:38 Storytelling in Cybersecurity

21:56 Real-Life Examples of Scams

23:30 Phishing Tests and Awareness

31:03 Creative Security Solutions

32:03 Leveraging Security Behavior Databases

35:23 Meeting Industry Leaders

37:53 Final Thoughts and Recommendations

S3 E6: From Submarines to Cybersecurity - Navigating Small Business Security

Simply Cyber Media Group — Mon, 12 May 2025 09:30:00 -0400

Welcome to another episode of Simply Defensive! In this installment, hosts Josh Mason and Wade Wells are joined by cybersecurity expert James Bierly.

James shares his unique journey from a submarine sonar technician in the Navy to founding his own security firm, Secure Point Solutions, which specializes in helping small businesses tackle cybersecurity threats. They discuss the vital steps and strategies for implementing robust security measures in small companies, the importance of patch management, and how to protect sensitive information.

Additionally, James delves into his experiences as a foster parent, offering insights into the foster care system and the impactful ways you can contribute. Stay tuned for valuable tips on safeguarding your business and heartwarming stories from the world of foster care.

Episode Links:
Connect with James on LI: https://www.linkedin.com/in/jbierly/
Secure Point Solutions: https://www.secureps.net/
NFPA: https://nfpaonline.org/

00:00 Introduction and Guest Welcome
00:22 James Bierly's Journey from Submarines to Cybersecurity
02:54 Transition to IT and Cybersecurity
07:28 Challenges and Rewards of Small Business Cybersecurity
12:29 Starting a Cybersecurity Business
20:11 Key Security Practices for Small Businesses
22:42 Challenges in School Cybersecurity
25:29 Starting a Cybersecurity Consulting Business
26:14 Engaging with Local Businesses
28:42 Building a Network Through Referrals
32:54 Becoming a Foster Parent
43:48 Advice for Blue Teamers

S3 E5: The Ultimate Guide to Detection as Code and Blue Team Tactics with David French

Simply Cyber Media Group — Mon, 05 May 2025 09:30:00 -0400

Join hosts Josh Mason and Wade Wells as they sit down with David French for an insightful episode of Simply Defensive.

Discover David's journey from coding CCTV systems to becoming a staff security engineer at Google Cloud. Explore their discussion on detection as code, automation, detection testing, and relevant tools like Dorothy and Atomic Red Team.

Learn why coding skills are crucial for modern cybersecurity professionals, and get tips on leveraging AI in the field.

Whether you're a beginner or an experienced blue teamer, this episode is packed with valuable insights and actionable advice.

LinkedIn - https://www.linkedin.com/in/davidfrench001/

Google Cloud Security community - https://www.googlecloudcommunity.com/gc/Google-Cloud-Security/ct-p/googlecloud-security

Medium - https://medium.com/@threatpunter

GitHub - https://github.com/threat-punter

00:00 Introduction and Casual Banter

00:21 Guest Introduction: David French

01:11 David's Background and Career Journey

02:40 Detection Engineering and Origin Stories

04:18 Current Role and Responsibilities

05:05 Getting into Cybersecurity

08:30 Detection as Code: Concepts and Practices

12:34 Testing Detections: Challenges and Strategies

16:51 Tools and Techniques for Detection Testing

19:25 Open Source Tools and Community Contributions

23:23 AI in Detection Engineering

26:32 Exploring AI Tools for Coding and Presentations

27:50 Deep Research and Its Impact

28:52 Journey into Public Speaking

40:00 Community Engagement and Networking

40:29 Upcoming Conference and Final Thoughts

43:45 The Importance of Coding for Security Professionals

S3 E3: Unlocking the Secrets of OPSEC - A Deep Dive with Mitch Cohen

Simply Cyber Media Group — Mon, 21 Apr 2025 09:30:00 -0400

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells welcome Mitch Cohen, privacy and OPSEC expert from flare.io.

Mitch shares his journey to becoming a 'digital ghost' and offers valuable insights into operational security (OPSEC) and privacy practices. He discusses the importance of securing personal information, the risks associated with poor OPSEC, and provides actionable steps for improving digital privacy.

Josh, Wade, and Mitch explore real-world examples, the ethical implications of privacy, and how to strike a balance between convenience and security.

An excellent resource for cybersecurity professionals and anyone interested in protecting their digital footprint.

Learn more in the flare.io Discord

00:00 Introduction to Simply Defensive

00:27 Meet Mitch Cohen: Privacy and OPSEC Expert

01:29 The Importance of OPSEC

04:13 Defining OPSEC and Its Relevance

07:07 Real-World OPSEC Challenges

08:23 Balancing Public Presence and Privacy

12:44 Threat Models and OPSEC Strategies

18:07 Practical OPSEC Tips and Personal Stories

20:53 Rolling Back Your Public Profile

21:48 Digital Spring Cleaning: Deleting Old Posts

23:03 The Art of Misinformation: Poisoning the Well

24:51 Changing Your Appearance for OPSEC

27:38 Resources for Learning OPSEC

31:23 The Importance of Privacy as a Human Right

36:41 Convenience vs. Security: The Trade-offs

40:01 Final Thoughts and Advice for Blue Teamers

S3 E2: Navigating the Cybersecurity Landscape with Edna Johnson - From Developer to Threat Hunter

Simply Cyber Media Group — Mon, 14 Apr 2025 09:30:00 -0400

Navigating the Cybersecurity Landscape with Edna Johnson: From Developer to Threat Hunter

Join hosts Josh Mason and Wade Wells as they welcome Edna Johnson, a vibrant and passionate cybersecurity engineer, to Simply Defensive. Edna shares her journey from initially wanting to be a developer to diving deep into the world of cybersecurity, attending and volunteering at major conferences such as Defcon and BSides.

She discusses her role in various cybersecurity groups, her imposter syndrome battles, and the importance of volunteering and community engagement in this field. Listen in for valuable insights on threat hunting, content creation, and the significance of understanding basic processes in blue teaming. Don't miss this fantastic episode filled with real-world advice and behind-the-scenes stories from Edna's inspiring career!

Connect with Edna:
https://www.linkedin.com/in/ednajonsson/
https://www.buzzsprout.com/1749189
https://deathcon.io/

00:00 Introduction and Guest Welcome

00:36 Edna Johnson's Background and Achievements

01:53 Challenges and Successes in CTFs

03:41 Journey into Cybersecurity

05:12 Teaching Cybersecurity and Overcoming Imposter Syndrome

08:52 Involvement with BSides and Networking During the Pandemic

10:39 Current Projects and Content Development

11:49 Exploring AI-Generated Honeypots

14:06 Passion for Threat Hunting and Script Writing

14:58 Involvement with Death Con

17:01 Exploring the Unique Aspects of Death Con

17:35 The Value of Networking and Friendships

18:17 Extended Access to Labs and Workshops

19:21 Organizing Death Con San Diego

20:59 The Benefits of Volunteering in Cybersecurity

24:40 Joining and Growing DEF CON Groups

30:34 Final Thoughts and Advice for Blue Teamers

S3 E1: Building Effective Cyber Defense Teams with Fletus Poston III

Simply Cyber Media Group — Mon, 07 Apr 2025 09:30:00 -0400

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells are joined by special guest Fletus Poston III, a seasoned cyber defense expert with nearly 18 years of experience.

Learn about the complexities of cyber defense in various industries, discussing the pros and cons of regulatory red tape, the impact of audits on cybersecurity, and the dynamics between internal and external red teams.

Fletus shares valuable insights on mentorship, career advice for aspiring SOC analysts, and the importance of understanding different perspectives within the industry.

Whether you're new to cybersecurity or a seasoned professional, this episode offers a deep dive into the real-world challenges and strategies in the field.

Connect with Fletus on YouTube at ⁨@fletusposton⁩ and on LinkedIn.

00:00 Introduction and Guest Introduction
00:55 Discussing Industry Regulations
01:34 Challenges with Auditing
04:46 Red Team vs Blue Team Dynamics
08:34 Career Journey in Cybersecurity
11:16 Building and Managing SOCs
13:34 Internal vs External SOC Management
17:05 Maintaining SOC Analyst Morale
18:22 Testing and Tabletops
18:36 Disaster Recovery Scenarios
19:16 Level One Analysts and Guardrails
19:38 Tierless SOCs and Escalation
20:13 Choosing the Right SOC Environment
21:26 Understanding Documentation and SOPs
22:25 Advice for Aspiring SOC Analysts
24:21 Work-Life Balance in SOC Roles
29:32 Reverse Mentorship and Cross-Training
31:01 Finding the Right Company Culture
34:57 Conclusion and Final Thoughts

S2 E8: SOC Challenges, Trends, and Community Wisdom with Reanna Schultz

Simply Cyber Media Group — Mon, 03 Mar 2025 09:30:00 -0500

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells are joined by Reanna Schultz, a renowned cyber influencer and SOC manager. Reanna shares her journey from aspiring state highway patrolwoman to cybersecurity expert, emphasizing the importance of community engagement and continuous learning.

Join us as we cover the challenges and rewards of working in a SOC, the nuances of public speaking, and offers valuable advice for newcomers to the field. This episode is a treasure trove of insights, humor, and practical tips for anyone interested in cybersecurity.

Connect with Reanna on LinkedIn: https://www.linkedin.com/in/reanna-schultz/

Follow Reanna on YouTube: https://www.youtube.com/channel/UC52GRGtruHriE2yGJzv5nuA

S2 E7: Understanding Mac Security - Challenges and Insights with Slava Konstantinov

Simply Cyber Media Group — Mon, 24 Feb 2025 09:30:00 -0500

Understanding Mac Security: Challenges and Insights with Slava Konstantinov

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells are joined by Slava Konstantinov, the Head of Mac Development at ThreatLocker. Slava dives deep into the world of Mac security, explaining the challenges and intricacies of developing security agents for macOS. Learn about the differences discussed between Mac, Windows, and Linux security, the hurdles in defending Macs due to Apple's privacy measures, and the importance of zero trust security models. Slava also shares stories from his journey in cybersecurity, tips for defenders, and insights into current developments and future plans at ThreatLocker.

Don't miss this comprehensive discussion on modern Mac security!

Connect with Slava on LinkedIn: https://www.linkedin.com/in/franticmm
Connect with @ThreatLocker

00:00 Introduction and Guest Introduction

00:57 Challenges of Mac Security

01:38 Mac vs. Windows Security

02:32 Kernel Level Security

05:34 Mac Malware and Attack Vectors

10:10 Hackintosh and Early Mac Experiences

15:00 Zero Trust and ThreatLocker Mac Agent

16:31 Inbound Connection Issues

17:04 Ring Fencing and Application Control

17:38 Unified Audit and ThreatLocker Detect

18:24 Cross-Platform Detection Challenges

20:16 MacOS Debugging and Firewall Issues

24:34 Zero Trust and Elevation

26:13 Conference Experiences and Advice

28:28 Final Thoughts and Security Tips

S2 E6: Navigating OT Security - An Inside Look with Lesley Carhart

Simply Cyber Media Group — Mon, 17 Feb 2025 09:30:00 -0500

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells welcome the highly esteemed Leslie Carhart from Dragos.

We step into the world of industrial cybersecurity, discussing the critical nature of securing vital infrastructure like power plants, water treatment facilities, and manufacturing setups. Leslie shares insights on the unique challenges faced in this sector, including handling old systems, different procedural mindsets, and low-level industrial devices.

The episode also covers Leslie's intriguing career journey, filled with diverse technical roles, and her advice on entering and thriving in cybersecurity. Moreover, Leslie offers valuable guidance on mentorship and maintaining a work-life balance for cybersecurity professionals.

https://www.linkedin.com/in/lcarhart/

https://pancakescon.com/

https://www.sans.org/profiles/lesley-carhart/

https://bsky.app/profile/hacks4pancakes.com

00:00 Introduction and Guest Welcome

01:02 Leslie Carhartt's Role at Dragos

02:06 Challenges in Industrial Cybersecurity

06:39 Leslie's Career Journey

09:01 Advice for Aspiring OT Cybersecurity Professionals

13:24 Incident Response in OT Environments

16:50 Mapping Processes in OT Security

18:06 Reflecting on Early Career Lessons

18:31 Navigating Social Media Criticism

19:55 Cyber Warfare and Air Force Insights

22:04 Challenges in OT Security

24:02 Mentoring in Cybersecurity

24:43 Advice for Aspiring Cybersecurity Professionals

25:51 Realities of Pen Testing and Incident Response

29:32 Effective Mentorship Strategies

32:50 Final Thoughts and Contact Information

S2 E5: From Red to Blue - David Perez's Cybersecurity Odyssey

Simply Cyber Media Group — Mon, 10 Feb 2025 09:30:00 -0500

From Navy Red Team to Blue Team: David Perez's Cybersecurity Journey

In this episode of Simply Defensive, hosts Josh Mason and Wade What’s Up interview David Perez, a Navy veteran who transitioned from red teaming to blue teaming in cybersecurity. David shares insights into his career path, his experience with the Navy’s Skillbridge program, and the challenges he faced moving from a structured military environment to the more fluid civilian sector.

David also discusses the importance of thinking like an attacker for effective defense, his thoughts on training and detection engineering, and offers valuable advice for those looking to break into the cybersecurity field. Join the conversation to learn about David’s journey, his day-to-day responsibilities, and how he stays sharp in the ever-evolving world of cybersecurity.

Don’t forget to like, subscribe, and share!

00:00 Introduction and Guest Introduction

00:19 David Perez's Cybersecurity Journey

00:54 Transition from Military to Civilian Cybersecurity

01:48 Skill Bridge Experience

03:07 First SOC Job and Responsibilities

03:51 Becoming a Detection Engineer

04:41 Challenges and Freedom in Cybersecurity Roles

08:28 Detection Engineering Insights

11:06 Risk-Based Alerting

13:14 Detection Rule Management

16:38 Detection Building Process

18:24 Automated Threat Hunting

19:40 Challenges in Detection Engineering

20:15 Resources and Learning for Detection Engineering

21:46 Teaching and Learning in Cybersecurity

22:46 The Importance of Experience in Detection Engineering

28:31 Balancing Work and Personal Life

31:46 Advice for Aspiring Blue Teamers

34:12 Conclusion and Contact Information

S2 E4: SOC Operations and Metrics with Hayden Covington

Simply Cyber Media Group — Mon, 03 Feb 2025 09:30:00 -0500

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells are joined by Hayden Covington from Black Hills Information Security. Hayden shares insights into his role at a Security Operations Center (SOC), discussing key metrics, challenges in SOC work, and the importance of communication with MSP customers.

The conversation also delves into Hayden's new course on SOC foundations using Elastic and Jira, his experiences with public speaking, and the importance of personal documentation for productivity and problem-solving.

- Hayden’s Webinar on Metrics in the SOC: https://www.youtube.com/watch?v=RvsAy4xXrpQ
- Hayden’s LinkedIn: https://www.linkedin.com/in/hayden-covington-468495128/
- Hayden’s Course: https://www.antisyphontraining.com/course/foundations-of-soc-with-elastic-and-jira-with-hayden-covington/

00:00 Introduction and Guest Welcome
00:18 Hayden's Background and Role at Black Hills
01:15 Importance of SOC Metrics
04:06 Challenges in SOC and Customer Relationships
09:19 Working from Home vs. Office
11:50 Foundations of SOC Course
16:46 Discussing the Course and Coffee Consumption
17:30 Teaching Experiences and Imposter Syndrome
19:10 Career Journey and Working at Black Hills
20:55 Public Speaking and Overcoming Fear
22:52 Balancing Hobbies and Work
27:57 Dungeons & Dragons and Gaming
33:41 Productivity Tips and Tools
34:41 Conclusion and Farewell

S2 E3: Unlocking the Potential of Blue Teaming with Microsoft Intel Analyst Simeon

Simply Cyber Media Group — Mon, 27 Jan 2025 09:30:00 -0500

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells talk with Simeon, an Intel Analyst at Microsoft. Listen as they explore his journey from aspiring doctor to cybersecurity expert, discussing his innovative contributions like the creation of KC7 Cyber, a tool that democratizes access to cybersecurity training.

Learn about Simeon's early influences, challenges, and the importance of critical thinking, analytical reasoning, and communication in cybersecurity. He also shares his passion for breaking down biases and encouraging diversity in the tech world while offering practical advice for both new and seasoned blue teamers. Discover how KC7 is shaping the future of cyber defense training and get inspired by Simeon's dedication to making cybersecurity accessible to all.

Connect with Simeon: https://www.linkedin.com/in/kakpovi/

Check out KC7: https://kc7cyber.com/

00:00 Introduction and Guest Welcome

00:36 Simeon's Background and Career Journey

01:26 Getting Started in Cybersecurity

02:17 The Cyber Analyst Challenge Experience

04:03 Industry vs Academic Cybersecurity

07:08 Diversity in Cybersecurity

07:54 Emerging Coders Club at Howard

08:21 Breaking Technical and Non-Technical Labels

13:17 The Birth of KC7 Cyber

17:19 Using AI to Scale Cybersecurity Training

18:28 Behind the Scenes of a Complex Engine

20:01 Teaching Critical Thinking and Analytical Reasoning

20:50 The Importance of Transferable Skills

21:13 Using KQL for Fast Data Access

22:57 Investigative Process and Anticipating Questions

24:19 Technical Interviews and Investigative Skills

26:39 Training New Analysts in Full Scope Investigations

32:57 KC7: A Tool for Accelerated Learning

36:37 Final Thoughts and Recommendations

S2 E2: From Military Police to Cyber Sleuth - Jess Bishop's Journey and Insights

Simply Cyber Media Group — Mon, 20 Jan 2025 09:30:00 -0500

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells are joined by SOC analyst Jessica Bishop. Jessica shares her unconventional journey into cybersecurity, transitioning from military police to a corporate role and eventually into a SOC analyst position at an MSSP.

She discusses her job's dynamic and engaging aspects, the importance of teamwork and communication within cybersecurity, and her intriguing hobby of paranormal investigation. Tune in to hear about effective cybersecurity practices, the challenges of working in a SOC, and the crossover between investigative tactics in cybersecurity and paranormal research.

Follow Jess on LinkedIn: https://www.linkedin.com/in/jessica-bishop-%F0%9F%A7%AD-262729b4/

00:00 Introduction and Guest Welcome
00:38 Jessica's Journey into Cybersecurity
04:02 Networking and Mentorship
05:00 Education and Career Path
09:24 Challenges and Rewards in SOC Work
13:58 Paranormal Investigations
16:05 Haunted House Stories
17:35 The Importance of Skepticism in Investigations
18:38 Relating Skepticism to Cybersecurity
19:00 The Dropbox Incident
20:18 Inflating Metrics in SOC
21:04 Challenges of Working in a SOC
24:21 The Importance of Communication in Security
29:41 Empathy in Security Work
30:22 Final Thoughts and Recommendations

S2 E1: Cybersecurity Adventures with Dan Reardon - Memes, Blogging, and Community Insights

Simply Cyber Media Group — Mon, 13 Jan 2025 09:30:00 -0500

Join hosts Josh Mason and Wade Wells in this episode of Simply Defensive as they welcome cybersecurity meme-maker and SOC analyst, Dan Reardon, also known as The HaircutFish.

Discover Dan's unconventional journey into cybersecurity, from creating influential memes about prominent figures like Jon Hammond and John Strand to writing insightful blogs on Medium. Dan shares his experiences at Wild West Hacking Fest, overcoming personal challenges, and the importance of networking within the cybersecurity community.

Learn about the reality of working as a SOC analyst, the tools of the trade such as Vim, VS Code, and Wireshark, and the rewarding nature of thwarting cyber attacks. This episode emphasizes the power of community, the significance of balancing work with family life, and the benefits of giving back through knowledge sharing.

Don't miss these valuable insights, and expect more exciting discussions in future episodes!

Connect with our guest, Dan Reardon, on LinkedIn: https://www.linkedin.com/in/danrearden

00:00 Welcome to Simply Defensive

00:10 Meet Dan Reardon aka Haircutfish

00:51 Dan's Journey into Cybersecurity

01:14 The Art of Meme Making

02:15 Connecting Through Memes

06:20 Dan's Blogging Adventures

11:50 Learning and Adapting in Cybersecurity

14:21 Dan's Hacker Origin Story

17:07 Getting Started with TryHackMe and Blue Teaming

17:48 First Security Job Experience

18:19 Expectations vs Reality in SOC Roles

20:30 Favorite Tools and Utilities

25:16 The Importance of Community in Cybersecurity

33:08 Final Thoughts and Recommendations for Blue Teamers

S1 E8: From Cyber Beginnings to VP - An Interview with Melanie Thomas

Simply Cyber Media Group — Mon, 18 Nov 2024 09:30:00 -0500

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells sit down with Melanie Thomas, Vice President of Cyber Security at BridgePoint Technologies. Melanie shares insights from her role, her experience in cybersecurity, and her path from tech support to VP. She discusses her adjunct professorship at the University of San Diego, her community service, and the importance of networking. The conversation covers the significance of education in cybersecurity, Melanie's approach to balancing technical and strategic roles, and valuable advice for new entrants in the field, including teamwork and maintaining humility.

=========================
Connect with your hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason
Wade Wells: https://www.linkedin.com/in/wadingthrulogs
=========================
Simply Cyber empowers people who want a rewarding cybersecurity career 💪
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group

S1 E7: War Driving Adventures and Hard Hat Brigade Insights

Simply Cyber Media Group — Mon, 11 Nov 2024 09:30:00 -0500

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells welcome Ken, also known as MonkeyDragon, a member of Defcon 858 in San Diego and co-founder of Hard Hat Brigade. Ken introduces himself and discusses his role in cybersecurity, focusing primarily on incident response, threat detection, and threat hunting. The conversation transitions to the topic of 'war driving,' a practice of searching for wireless networks, which Ken is passionate about. He shares insights into the tools used, such as Kismet, and the community-driven project, Wiggle. Ken also talks about his journey into cybersecurity, the origins, and the activities of the Hard Hat Brigade, and offers advice for new blue teamers: ask questions without fear. The episode highlights Ken's involvement in various security events and his emphasis on community and kindness in the cybersecurity field.

=========================
Connect with your hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason
Wade Wells: https://www.linkedin.com/in/wadingthrulogs

=========================
Simply Cyber empowers people who want a rewarding cybersecurity career 💪
=========================
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================

S1 E6: Aligning Red and Blue Best Practices for Effective SOCs

Simply Cyber Media Group — Mon, 04 Nov 2024 09:30:00 -0500

Welcome to Simply Defensive! Josh Mason and co-host Wade Wells sit down with special guest Ashley Knowles from Black Hills InfoSec. Dive into the world of pen testing, SOC management, and the complex relationships between blue and red teams. Ashley shares her experiences working as a penetration tester for over a decade, her role with Black Hills InfoSec, and insights on improving SOC operations. Discover the challenges of balancing SOC metrics, handling new threats, and fostering transparency between teams. Plus, learn about the intricacies of Microsoft DevTunnels and other cutting-edge techniques used in the field. Don't miss Ashley's advice on research, continuous learning, and the importance of Googling effectively.

Subscribe and hit the bell for more episodes!

=========================
Connect with your hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason
Wade Wells: https://www.linkedin.com/in/wadingthrulogs

S1 E5: Incident Response, Career Evolution, and the Importance of Soft Skills

Simply Cyber Media Group — Mon, 28 Oct 2024 09:30:00 -0400

Blake Reagan on Incident Response, Career Evolution, and the Importance of Soft Skills

In this week's episode of Simply Defensive, host Josh Mason and co-host Wade Wells welcome incident response expert Blake Reagan. The discussion delves into Blake's journey from the building trades to cybersecurity, a field he entered after the 2008 economic downturn. Blake shares his experiences in digital forensics, emphasizing the importance of soft skills like public speaking and effective communication in cybersecurity roles. The trio also discusses the merits of tools like the Autopsy Digital Forensics platform, the utility of Toastmasters for public speaking, and time management strategies, making this episode a comprehensive look at the tech and human sides of cybersecurity.

=========================
Connect with your hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason
Wade Wells: https://www.linkedin.com/in/wadingthrulogs

S1 E4: Real Talk on Cybersecurity Careers with FedX

Simply Cyber Media Group — Mon, 21 Oct 2024 09:30:00 -0400

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells are joined by @TheFedXChannel, a seasoned security analyst from Central Florida. The conversation starts with FedEx discussing his local internet setup and transitioning into his extensive career journey from construction to IT and cybersecurity. They explore the importance of real-world experience, the challenges of getting started in the cybersecurity industry, and the value of networking, both online and locally. FedEx also shares his journey through higher education and obtaining his degree, along with the significance of continuous learning and certifications. The episode concludes with FedEx discussing his newly launched YouTube channel focused on cybersecurity content and his inspiration to share knowledge and help others enter the field.

=========================
Connect with your hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason
Wade Wells: https://www.linkedin.com/in/wadingthrulogs

S1 E3: Watchmaker to Threat Hunter - Jibby's Remarkable Journey

Simply Cyber Media Group — Mon, 14 Oct 2024 09:30:00 -0400

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells interview their first guest of the season, Jibby. Jibby shares his incredible journey from a decade-long career in watch and jewelry repair to a thriving role in cybersecurity. By leveraging community support, hands-on learning platforms like KC7 Cyber and TryHackMe, and staying committed despite multiple setbacks, Jibby has secured a prestigious role at Microsoft as a Security Researcher. He highlights the importance of networking, community, and continuous learning in forging a successful path in cybersecurity. The episode also explores Jibby’s passion for contributing back to the community, leading to talks at various conferences and building new cybersecurity challenges for others.

=========================
Connect with your hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason
Wade Wells: https://www.linkedin.com/in/wadingthrulogs
=========================
Simply Cyber empowers people who want a rewarding cybersecurity career 💪
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================

S1 E2: Decoding Detection As Code - A Deep Dive with Wade Wells

Simply Cyber Media Group — Mon, 07 Oct 2024 16:21:17 -0400

In this episode of Simply Defensive, host Josh Mason talks with co-host Wade Wells about the concept of 'detection as code,' a methodology in cybersecurity focusing on automating and enhancing detection logic using software development principles. Wade shares his experiences and upcoming engagements, including his talk at Blue Team Con in Chicago. The duo delves into the intricacies of detection engineering, highlighting the similarities with DevOps practices and the importance of proper tuning and testing. They discuss the challenges and benefits of employing detection as code, its future potential, and the role of cybersecurity tools like Splunk, CrowdStrike, and Google Chronicle. The episode also touches on how detection engineering could impact red teaming and the importance of understanding the client's environment to create effective detections.

S1 E1: Simply Defensive Launches! Meet Your Hosts, Josh and Wade

Simply Cyber Media Group — Mon, 30 Sep 2024 23:43:12 -0400

Simply Defensive: Episode 1 - Meet Your Hosts, Josh and Wade

Welcome to the inaugural episode of Simply Defensive! Join hosts Josh Mason and Wade Wells as they introduce the podcast and share their professional backgrounds in cybersecurity. Discover the story behind the podcast's creation, their unique approach compared to vendor-driven content, and the importance of community in cybersecurity. Josh dives into his journey from being a pilot in the Air Force to becoming a director of cyber training, while Wade talks about his varied roles in the cybersecurity industry, including his work in SOCs and threat intelligence.

Get insights on upcoming talks, community involvement, and the launch of future episodes focused on real-world experiences from the defensive side of cybersecurity.

=========================
Simply Cyber empowers people who want a rewarding cybersecurity career
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================