In this episode of Simply Defensive, Josh Mason and Wade Wells sit down with Josh Stroschein — aka The Cyber Yeti — a former professor turned reverse engineer now working on one of the largest malware analysis teams in the world.
Josh shares his unconventional path through .NET development, credit card processing security, and academia before landing at Google. He opens up about teaching reverse engineering while learning it himself, building educational CTFs, and the realities of making it as a full-time reverse engineer in an industry where those roles are rare.
What you'll hear:
🔹 From pre-law to pilot training to PhD in cybersecurity
🔹 How teaching RE forced him to truly master it
🔹 Life inside Google's FLARE team (via Chronicle → Mandiant)
🔹 Flareon CTF — the RE challenge that's run for 12 years
🔹 A wild Black Hat NOC story involving an infected Mac and Atomic Stealer
🔹 Using AI to build malware samples for training labs
🔹 Why going low-level is the best advice for blue teamers
Chapters:
00:00 Introduction and Welcome
00:50 Josh's Connection to Dr. Gerald Auger
02:00 The Non-Traditional Path: Pre-Law, Pilot Training & .NET Dev
05:00 Getting Into Security at a Credit Card Processor
07:00 Teaching Reverse Engineering at Dakota State
10:00 Flareon CTF and Educational CTF Design
14:00 Is Reverse Engineering Offensive or Defensive?
17:00 How Rare Are Full-Time RE Roles?
21:00 The Path to Google: Chronicle, Mandiant & FLARE
25:00 Learning Through Teaching and YouTube Content
28:00 Black Hat NOC Story: Catching Atomic Stealer Live
33:00 Using AI to Create Malware Training Samples
37:00 Building a Defang Tool (and .NET Nightmares)
40:00 Advice for Blue Teamers: Go Low-Level
🎧 Find Josh Stroschein:
→ Website: https://www.thecyberyeti.com
→ YouTube: The Cyber Yeti
→ Podcast: The Cyber Yeti Podcast
👥 Connect with the Hosts:
→ Josh Mason: https://www.linkedin.com/in/joshuacmason/
→ Wade Wells: https://www.linkedin.com/in/wadingthrulogs/
→ Swimlane: https://www.linkedin.com/company/swimlane
🎙️ Listen on Your Favorite Platform:
→ Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4
→ Apple Podcasts: https://podcasts.apple.com/us/podcast/simply-defensive/id1773806182
→ Full Playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4
👍 If you enjoyed this episode, don't forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity professionals who are doing the work.
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group
In this episode of Simply Defensive, hosts Josh Mason and Wade Wells welcome Yuriy Tsibere, Product Manager at ThreatLocker, for a behind-the-scenes look at how security products actually get built.
Yuriy's path to cybersecurity started in Ukraine, where he worked in telecom during sophisticated APT campaigns that lasted over a year. Now at ThreatLocker, he shapes the tools defenders use daily—from allow listing to compliance automation.
Episode Highlights:
Key Takeaway: Most breaches still come from employees clicking without paying attention. Security products matter, but user education accounts for the largest share of issues. Yuriy also emphasizes that when compliance drift happens—when systems become uncompliant—it should trigger an investigation into what changed and why.
Resources Mentioned:
Perfect for blue teamers, SOC analysts, security engineers, and anyone interested in how security products evolve from concept to deployment.
Connect with Yuriy Tsibere (Guest) on LinkedIn: https://www.linkedin.com/in/yuriy-tsibere/
🔗 Links & Resources:
→ ThreatLocker Free Trial: https://www.threatlocker.com/simplydefensive
→ Zero Trust World Conference: https://www.intlcybersec.org/zerotrustworldmain
👥 Connect with the Hosts:
→ Josh Mason: https://www.linkedin.com/in/joshuacmason/
→ Wade Wells: https://www.linkedin.com/in/wadingthrulogs/
→ Swimlane: https://www.linkedin.com/company/swimlane
🎙️ Listen on Your Favorite Platform:
→ Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4
→ Apple Podcasts: https://podcasts.apple.com/us/podcast/simply-defensive/id1773806182
→ Full Playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4
👍 If you enjoyed this episode, don't forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity professionals who are doing the work.
💡 Brought to you by ThreatLocker – Secure your business with zero trust application control. https://www.threatlocker.com/simplydefensive
=========================
Sponsored by @ThreatLocker - Free 30-day trial visit:
https://www.threatlocker.com/simplydefensive
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group
From teaching AP art history to brokering cyber insurance deals. 🎓➡️🛡️
In this episode of Simply Defensive, Josh Mason and Wade Wells sit down with Andy Runyan from Yukon to break down everything blue teamers need to know about cyber insurance — before an incident happens. Andy shares his unconventional journey from fourth-generation educator and baseball coach to becoming a cyber insurance specialist, and explains why understanding your policy is just as important as your incident response plan.
What you'll hear:
🔹 How cyber insurance actually works (and what it doesn't cover)
🔹 Why having an incident response retainer matters — before you need it
🔹 The role of cyber insurance in incident response and recovery
🔹 Third-party contract requirements and state mandates on the rise
🔹 Common mistakes companies make when filing claims
🔹 FTC Safeguard Rules and what they mean for businesses
🔹 How to prepare your organization for cyber insurance requirements
🔹 What lowers premiums (and what should, but doesn't)
Why This Matters for Blue Teamers:
If you're in a SOC or handling incident response, you will interact with cyber insurance at some point. Understanding how policies work, what triggers coverage, and how to prepare can make the difference between a smooth recovery and a catastrophic financial loss. This episode gives you the insider knowledge to help your organization be ready.
⏱️ Timestamps:
00:00 Introduction and Welcome
00:15 Andy's Unique Background: From Teacher to Cyber Insurance
03:00 Getting Into Cyber Insurance in 2019
04:00 The Wild West of Cyber Insurance During COVID
06:00 When Companies Actually Buy Cyber Insurance
08:00 What Blue Teamers Need to Know About Insurance
10:00 The Problem with Incident Response Retainers
12:00 How Insurance Companies Handle IR vs. What You Need
15:00 Multi-Factor Authentication and Premium Discounts
18:00 Why Having an IR Plan Doesn't Lower Your Premium (But Should)
21:00 Third-Party Contract Requirements on the Rise
24:00 State Mandates: What's Coming Next?
27:00 FTC Safeguard Rules and Compliance Reality
30:00 Where to Learn More About Yukon
🔗 Connect with Andy Runyan:
→ Yukon Website: https://www.ukon.com
→ LinkedIn: https://www.linkedin.com/in/andy-runyan
→ Email: andy.runyan@ukon.com
👥 Connect with the Hosts:
→ Josh Mason: https://www.linkedin.com/in/joshuacmason/
→ Wade Wells: https://www.linkedin.com/in/wadingthrulogs/
→ Swimlane: https://www.linkedin.com/company/swimlane
🎙️ Listen on Your Favorite Platform:
→ Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4
→ Apple Podcasts: https://podcasts.apple.com/us/podcast/simply-defensive/id1773806182
→ Full Playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4
👍 If you enjoyed this episode, don't forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity professionals who are doing the work.
💡 Brought to you by ThreatLocker – Secure your business with zero trust application control. https://www.threatlocker.com/simplydefensive
=========================
Sponsored by @ThreatLocker - Free 30-day trial visit:
https://www.threatlocker.com/simplydefensive
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group
Josh Mason and Wade Wells sit down with Brian Carrier, the creator of Sleuth Kit and Autopsy, two of the most widely used digital forensics tools in the world. They dig into how Brian got his start in the early days of computer forensics, how open source shaped his career, and what he’s building now with Cyber Triage.
From stories about government funding and tool rewrites to the evolving balance between open source and commercial software, this episode is packed with insight for blue teamers, DFIR pros, and anyone who cares about investigation tooling that actually works.
Watch to hear:
⏱️ Timestamps:
00:00 Introduction and Guest Introduction
00:15 Brian Carrier's Journey with Sleuth Kit and Autopsy
02:06 Evolution and Funding of Autopsy
06:52 Open Source vs. Commercial Software
10:16 Future Roadmap and Innovations
14:16 Autopsy and Cyber Triage for Blue Teamers
16:24 Challenges in EDR and SOC Analysis
16:41 Investigative Process and Clues
17:18 Handling Noisy Data in EDR
17:49 Importance of Tracing Malware
18:28 Deploying Additional Collectors
19:25 Feedback from the Community
21:21 Cyber Insurance and Incident Response
23:34 Automation in Forensics
28:41 Advice for Blue Teamers
30:12 Conclusion and Final Thoughts
Links:
🎧 Listen on Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4
🍎 Listen on Apple Podcasts: https://podcasts.apple.com/us/podcast/simply-defensive/id1668519478
💻 Learn more about Sleuth Kit: https://sleuthkit.org/
🔍 Try Autopsy: https://www.autopsy.com/
🧠 Explore Cyber Triage: https://www.cybertriage.com/
Connect with Brain:
👤 Brian Carrier on LinkedIn: https://www.linkedin.com/in/brian-carrier-169243/
🏢 Sleuth Kit / Basis Technology on LinkedIn: https://www.linkedin.com/company/basis-technology/
💼 Cyber Triage on LinkedIn: https://www.linkedin.com/company/cyber-triage/
Don't forget to like, subscribe, and hit the bell icon for more blue team content!
🔗 Follow the hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason/
Wade Wells: https://www.linkedin.com/in/wadingthrulogs/
💡 Brought to you by ThreatLocker – Secure your business with zero trust application control. https://www.threatlocker.com/simplydefensive
🎙️ More Simply Defensive
- Full playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4
- Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4
- Apple Podcasts: https://podcasts.apple.com/il/podcast/simply-defensive/id1773806182
👍 If you enjoyed this episode, don’t forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity leaders.
=========================
Sponsored by @ThreatLocker - Free 30-day trial visit:
https://www.threatlocker.com/simplydefensive
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group
In this episode of Simply Defensive, host Josh Mason and co-host discuss their experiences and challenges in cybersecurity, along with guest Victoria, a student and SOC analyst at UNLV.
The conversation covers the complexities of building a Security Operations Center (SOC) and compares academic learning with real-world applications. Victoria shares insights from her studies and practical work, including developing a SOC program at UNLV and addressing common cybersecurity misconceptions.
The episode highlights the importance of communication, real-world projects, continuous learning, and the balance between technical and business aspects of cybersecurity.
00:00 Introduction and Host Banter
00:20 Guest Introduction: Victoria
01:03 Building a SOC: Challenges and Experiences
01:29 Education vs. Real-World Experience
02:29 SOC Class and Practical Training
03:49 Group Projects and Communication
07:14 Real-Life Incident Stories
10:33 Getting into Cybersecurity: Victoria's Journey
12:54 Business Side of Cybersecurity
16:17 The Cost of MFA and Free Alternatives
16:31 Lock Picking and Security Value
17:30 Teaching Cybersecurity Concepts
18:44 Consulting Experience for Students
19:15 Client Feedback and Confidential Reports
19:52 Challenges in Cybersecurity Projects
20:27 Transitioning into the SOC
22:34 Federal and State Regulations
26:16 Advice for Blue Teamers
28:06 Conclusion and Farewell
Don't forget to like, subscribe, and hit the bell icon for more blue team content!
🔗 Follow the hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason/
Wade Wells: https://www.linkedin.com/in/wadingthrulogs/
💡 Brought to you by ThreatLocker – Secure your business with zero trust application control. https://www.threatlocker.com/simplydefensive
🎙️ More Simply Defensive
- Full playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4
- Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4
- Apple Podcasts: https://podcasts.apple.com/il/podcast/simply-defensive/id1773806182
👍 If you enjoyed this episode, don’t forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity leaders.
=========================
Sponsored by @ThreatLocker - Free 30-day trial visit:
https://www.threatlocker.com/simplydefensive
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group
What happens when you go from fixing executives’ laptops at Goldman Sachs to defending against cyber threats in a SOC?
In this episode of Simply Defensive, hosts Josh Mason and Wade Wells sit down with Kevin Apolinario — better known as KevTech — to unpack his journey from IT support to cybersecurity analyst, all without a single certification.
Kev gets real about what it’s actually like to land your first SOC role: the flood of alerts, the burnout, learning Excel the hard way, and relying on ChatGPT to survive scripting. He also shares how TryHackMe, Hack The Box, and constant hands-on practice built the foundation for his success.
If you’ve ever wondered what breaking into cybersecurity really looks like, this conversation pulls back the curtain — no fluff, no spin, just honest talk from the trenches.
Chapters:
00:00 Introduction and Welcome
00:29 Guest Introduction: Kev Apolinario
00:51 Transition to SOC Analyst Role
01:53 Challenges and Learning in Cybersecurity
06:43 Handling Alerts and Fatigue
10:26 Importance of Teamwork and Asking for Help
19:56 Executive Support Experience
27:02 Advice for Aspiring Blue Teamers
Follow Kevin on YouTube: https://youtube.com/@kevtechitsupport
Connect with Kevin on LinkedIn: https://www.linkedin.com/in/itprofessionalkevinapolinario
Don't forget to like, subscribe, and hit the bell icon for more blue team content!
🔗 Follow the hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason/
Wade Wells: https://www.linkedin.com/in/wadingthrulogs/
💡 Brought to you by ThreatLocker – Secure your business with zero trust application control.
🎙️ More Simply Defensive
- Full playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4
- Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4
- Apple Podcasts: https://podcasts.apple.com/il/podcast/simply-defensive/id1773806182
👍 If you enjoyed this episode, don’t forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity leaders.
=========================
Sponsored by @ThreatLocker - Free 30-day trial visit:
https://www.threatlocker.com/simplydefensive
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group
In this episode of Simply Defensive, we sit down with JB, a Senior Cybersecurity Engineer working in detection engineering. JB shares his journey from SOC analyst to detection engineer, diving deep into the challenges of cloud-native security, Kubernetes logging, and building a sustainable career in cybersecurity.
What We Cover:
Resources & Links Mentioned:
Connect with JB:
Timestamps:
00:00 Introduction and Guest Welcome
00:50 JB's Day-to-Day Role in Cybersecurity
01:47 Past Experiences and Career Journey
02:27 Challenges in Detection Engineering
03:23 Kubernetes and Incident Investigation
03:51 SANS Classes and CTF Experiences
09:07 Remote vs In-Person Learning
11:21 Future Plans and Learning Platforms
14:13 Docker and Kubernetes in Labs
16:11 The Reality of Cybersecurity Skills
16:40 Defcon and Octopus Games
22:04 Balancing Cybersecurity and Personal Life
31:01 Advice for Aspiring Blue Teamers
32:57 Final Thoughts and Farewell
Don't forget to like, subscribe, and hit the bell icon for more blue team content!
🔗 Follow the hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason/
Wade Wells: https://www.linkedin.com/in/wadingthrulogs/
💡 Brought to you by ThreatLocker – Secure your business with zero trust application control.
🎙️ More Simply Defensive
- Full playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4
- Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4
- Apple Podcasts: https://podcasts.apple.com/il/podcast/simply-defensive/id1773806182
👍 If you enjoyed this episode, don’t forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity leaders.
=========================
Sponsored by @ThreatLocker - Free 30-day trial visit:
https://www.threatlocker.com/simplydefensive
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group
In this episode of Simply Defensive, Josh Mason and Wade Wells sit down with Markus Schober, founder of Blue Cape Security, to talk all things digital forensics, incident response (DFIR), and why hands-on training beats theory every time.
We dig into:
🔹 The hidden value of building your own cyber range
🔹 How IR pros train using real attacks (and why they need red team skills)
🔹 Eric Zimmerman's forensics tools and practical lab setups
🔹 Ransomware war stories from Fortune 100 response
🔹 The role (and limitations) of AI in forensics
🔹 How to break into DFIR as a practitioner — not just a paper tiger
Whether you’re building detections, teaching DFIR, or just figuring out where to start, this one’s for you.
👇 Timestamps https://www.bluecapesecurity.com/& Resources
0:00 Intro & ThreatLocker sponsorship
2:00 Markus' journey from responder to trainer
5:00 What makes a good DFIR workshop?
7:00 Building a cyber range that doesn’t suck
10:00 Favorite open-source tools (hint: Zimmerman)
14:00 Consulting vs. in-house IR
19:00 APT10, ransomware, and real-world incidents
24:00 Can AI replace forensic analysts?
27:00 Where to find Markus' courses
29:00 Parting wisdom for aspiring defenders
📚 Check out Blue Cape Security:
→ https://www.bluecapesecurity.com/
→ Hands-on IR & Forensics Labs
→ Certification (coming soon!)
🔗 Follow the hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason/
Wade Wells: https://www.linkedin.com/in/wadingthrulogs/
💡 Brought to you by ThreatLocker – Secure your business with zero trust application control.
From Army recon missions to building Morado, COO Jordan Kalm reveals how military intelligence tactics translate into modern cyber threat intelligence. In this Simply Defensive episode, Josh Mason and Wade Wells dive into what really works for blue teams and SOC analysts — and what’s just noise.
👉 If you’ve ever wondered how to turn raw intel into actionable defense, this conversation is packed with practical takeaways you can use right away.
⏱ Timestamps
0:00 – Intro & Jordan’s background
4:00 – From infantry recon to threat intel
12:00 – Building a threat intel platform that works
20:00 – What blue teams actually need
33:00 – Advice for new defenders
🔗 Connect with Jordan & Morado
Jordan Kalm: https://www.linkedin.com/in/jordan-kalm-2a562b5b/
Morado: https://www.morado.io/
👥 Connect with us on LinkedIn:
- Josh Mason (Co-Host): https://www.linkedin.com/in/joshuacmason
- Wade Wells (Co-Host): https://www.linkedin.com/in/wadingthrulogs/
- Kevin Mata (Guest): https://www.linkedin.com/in/kevinmata
- Swimlane: https://www.linkedin.com/company/swimlane
🎙️ More Simply Defensive
- Full playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4
- Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4
- Apple Podcasts: https://podcasts.apple.com/il/podcast/simply-defensive/id1773806182
👍 If you enjoyed this episode, don’t forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity leaders.
=========================
Sponsored by ThreatLocker - Free 30-day trial of ThreatLocker
https://www.threatlocker.com/simplydefensive
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group
From the streets to the SOC. 💻
In this episode of Simply Defensive, Josh Mason and Wade Wells talk with Andrew Crotty — aka Ginger Hacker. A former detective turned Tier 3 SOC analyst and Army reservist, Andrew shares his journey into cyber, the struggles of breaking in, and the lessons he’s learned (including the rookie mistake that accidentally dosed the DMV 👀).
What you’ll hear:
🔹 Andrew’s pivot from law enforcement to cybersecurity
🔹 SOC life, schedules, and fighting burnout
🔹 Job hunting, recruiters, and landing that first role
🔹 Why soft skills matter as much as technical skills
🔹 Andrew’s advice for blue teamers: ask why, stay curious, fight alert fatigue
📺 Check out Andrew’s channel, Ginger Hacker: https://www.youtube.com/@gingerhacker
🎙️ More episodes of Simply Defensive: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4&si=TqefAfDjdR1AYt1c
👥 Connect with Us on LinkedIn:
- Josh Mason (Co-Host): https://www.linkedin.com/in/joshuacmason
- Wade Wells (Co-Host): https://www.linkedin.com/in/wadingthrulogs/
- Kevin Mata (Guest): https://www.linkedin.com/in/kevinmata
- Swimlane: https://www.linkedin.com/company/swimlane
🎙️ More Simply Defensive
- Full playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4
- Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4
- Apple Podcasts: https://podcasts.apple.com/il/podcast/simply-defensive/id1773806182
👍 If you enjoyed this episode, don’t forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity leaders.
=========================
Sponsored by ThreatLocker - Free 30-day trial of ThreatLocker
https://www.threatlocker.com/simplydefensive
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group
Automation is changing the way defenders work. In this episode of Simply Defensive, we sit down with Kevin Mata, Director of Cloud Operations at Swimlane, to talk about his journey from flipping burgers at In-N-Out to flipping SOC alerts with automation, SOAR, and AI.
Kevin shares how he got started in cybersecurity, how Swimlane helps Blue Teams save time and reduce alert fatigue, and where AI is already making a difference in the SOC. Along the way, he and Wade swap stories about early career struggles, Python hacks, and the future of automation in security operations.
If you’ve ever wondered how much you can trust automation, what SOAR really does in a SOC, or how AI will shape the future of defenders—this episode is for you.
👉 What You’ll Learn in This Episode:
- Kevin’s unique career journey: In-N-Out → SOC → Swimlane leadership
- How to use automation to supercharge Blue Team efficiency
- The role of SOAR platforms in ticketing, response, and orchestration
- Where AI fits into SOC operations (and where it doesn’t…yet)
- Tips for defenders at any stage of their career
🔗 Links & References from the Episode:
- Swimlane: https://swimlane.com
- Recorded Future: https://www.recordedfuture.com
- VirusTotal: https://www.virustotal.com
- Mistral AI: https://mistral.ai
👥 Connect with Us on LinkedIn:
- Josh Mason (Co-Host): https://www.linkedin.com/in/joshuacmason
- Wade Wells (Co-Host): https://www.linkedin.com/in/wadingthrulogs/
- Kevin Mata (Guest): https://www.linkedin.com/in/kevinmata
- Swimlane: https://www.linkedin.com/company/swimlane
🎙️ More Simply Defensive
- Full playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4
- Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4
- Apple Podcasts: https://podcasts.apple.com/il/podcast/simply-defensive/id1773806182
👍 If you enjoyed this episode, don’t forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity leaders.
=========================
Sponsored by ThreatLocker - Free 30-day trial of ThreatLocker
https://www.threatlocker.com/simplydefensive
=========================
Connect with your hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason
Wade Wells: https://www.linkedin.com/in/wadingthrulogs
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group
Ready to level up your defensive cybersecurity skills? In this episode of Simply Defensive, Josh Mason and Wade Wells sit down with Dan Regalado and Belem — the founders of Hack Defender Academy — to explore how they’re using CTF-style challenges, real malware cases, and gamification to prepare the next generation of defenders.
💡 We cover:
🚨 Special Gift for Our Listeners: Hack Defender Academy is giving away one free certification pass! Details in the episode.
🔗 Links from the episode
Hack Defender Academy
🌐 Website: academy.hack-defender.com
▶️ YouTube: Hack Defender Official
📱 TikTok: @HackDefOfficial
📸 Instagram: @HackDefOfficial
🐦 X (Twitter): @HackDefOfficial
💼 LinkedIn: Hack Defender
📘 Facebook: Hack Defender
Connect with our guests
🔹 Dan Regalado – LinkedIn
🔹 Belem – LinkedIn
Simply Defensive Podcast
🎧 Spotify: Simply Defensive
🎧 Apple: Simply Defensive
Sponsor
💼 Thanks to ThreatLocker for supporting this episode.
👍 If you enjoyed this conversation, hit Like, Subscribe, and ring the 🔔 so you don’t miss our weekly episodes!
Drop a comment with the biggest challenge you’ve faced as a blue teamer — we’d love to hear your story.
=========================
Sponsored by ThreatLocker - Free 30-day trial of ThreatLocker
https://www.threatlocker.com/simplydefensive
=========================
Connect with your hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason
Wade Wells: https://www.linkedin.com/in/wadingthrulogs
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group
In Season 4, Episode 4 of Simply Defensive, hosts Josh Mason and Wade Wells sit down with Rob Allen, Chief Product Officer at ThreatLocker, to dive deep into the world of Zero Trust security, proactive cybersecurity strategies, and ransomware prevention.
Rob shares expert insights on:
Whether you’re a SOC analyst, detection engineer, IT manager, or anyone interested in protecting against ransomware, this episode offers practical, real-world strategies for building a stronger cyber defense posture.
Timestamps:
00:00 – Introduction and Host Greetings
00:23 – Guest Introduction: Rob Allen from ThreatLocker
00:44 – Rob Allen's Role and Responsibilities
02:30 – Proactive vs. Reactive Cybersecurity Approaches
03:54 – Challenges in Cybersecurity Detection
05:24 – ThreatLocker’s Deny by Default Approach
09:48 – The Importance of Application Definitions
16:52 – Security Myths and Misconceptions
18:53 – AI in Cybersecurity: Hype vs. Reality
23:32 – Travel Plans and Closing Remarks
🔗 Connect with Rob Allen & ThreatLocker
Website: https://www.threatlocker.com/
LinkedIn: https://www.linkedin.com/company/threatlocker/
=========================
Sponsored by ThreatLocker - Free 30-day trial of ThreatLocker
https://www.threatlocker.com/simplydefensive
=========================
Connect with your hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason
Wade Wells: https://www.linkedin.com/in/wadingthrulogs
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group
What if GitHub sucks for security detections—and AI is finally good enough to replace it?
Join Josh Mason and Wade Wells as they sit down with Aaron Mog, the outspoken founder of Detections.ai, to unpack why detection engineering is broken—and how his new platform signed up 4,000+ users in just two weeks.
Aaron doesn’t hold back. From ranting about GitHub’s failures to sharing how AI is now actually useful for real-world detections, this episode goes deep into:
Why most teams still build detections in silos (and waste time doing it)
What makes detections fail—and what 80% of orgs get wrong
How Detections.ai uses prompt engineering and log analysis to generate battle-ready alerts
Why vendors will never cover all your detection needs (and that’s okay)
Whether you're a threat hunter, detection engineer, or just AI-curious, this episode will challenge your assumptions and give you practical ideas to level up your SOC.
Connect with Aaron on LinkedIn: https://www.linkedin.com/in/aaronmog
https://detections.ai/ Code “SimplyCyber”
👉 Subscribe for more real talk on cyber defense.
🎧 Listen in and get ahead of the curve.
Chapters:
00:00 Introduction and Guest Welcome
00:31 Aaron Mog and Detections.ai Overview
01:58 Community-Driven Detection Engineering
04:24 AI Integration and Product Evolution
06:20 Challenges in Detection Engineering
08:11 AI's Role in Detection Engineering
15:51 Vendor Limitations and Custom Solutions
16:54 Microsoft's Limitations in Cybersecurity
17:23 The Evolution of Threat Hunting
18:07 Collaborative Approach to Cybersecurity
20:07 Crowdsourcing and AI in Detection Engineering
20:57 Challenges and Innovations in AI for Security
21:37 AI's Role in Detection and Response
23:25 Elastic's Blog and Detection Engineering
24:29 AI in Summarizing and Enhancing Security Reports
28:14 Community and Commercial Aspects of AI in Security
32:18 Conclusion and Community Engagement
=========================
Sponsored by ThreatLocker - Free 30-day trial of ThreatLocker
https://www.threatlocker.com/simplydefensive
=========================
Connect with your hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason
Wade Wells: https://www.linkedin.com/in/wadingthrulogs
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group
How does a Navy fire control tech who once wrangled a six-barrel death robot become the head of security operations at Jack in the Box? In this episode of Simply Defensive, we sit down with Chris Julio — SOC Manager, veteran, and self-proclaimed lover of both metrics and munchie meals.
Chris shares his journey from Windows NT and dot-matrix printers to modern InfoSec leadership, explains what he actually looks for when hiring blue teamers (hint: it's not your certs), and drops tactical insights on building a metrics program that actually matters to the business.
We also talk about:
Oh, and there's a fast-food burger debate. No spoilers, but lines are drawn.
Whether you're just getting started in security or leading your own team, this episode’s got something for you.
Connect with Chris on LinkedIn:
🔗 https://www.linkedin.com/in/christopherjulio/
Chapters:
00:00 Introduction and Guest Welcome
00:43 Chris Julio's Navy Background
04:27 Transition to Cybersecurity
06:42 Hiring and Team Building Insights
21:36 Balancing Work and Family Life
25:53 Engaging with the InfoSec Community
27:09 Final Thoughts and Advice for Blue Teamers
28:16 Closing Remarks and Sponsor Acknowledgment
=========================
Sponsored by ThreatLocker - Free 30-day trial of ThreatLocker
https://www.threatlocker.com/simplydefensive
=========================
Connect with your hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason
Wade Wells: https://www.linkedin.com/in/wadingthrulogs
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group
SOC analysts, detection engineers, and pentesters—you’re not imagining it: software supply chain security is a dumpster fire 🔥. In this episode of Simply Defensive, we sit down with Kyle Kelly, engineering manager at GitHub and author of Crime Hacks, to unpack the chaos.
We cover:
- Why malicious packages are sneaking past defenders
- The truth about SBOMs (and what most orgs are doing wrong)
- How to spot typo-squatting and backdoored build scripts
- What defenders can do—even if you're not building the code
- Why “just NPM install” is more dangerous than you think
From transitive dependencies to the hidden power of private package repositories, this episode is packed with practical insights, hilarious stories, and advice every blue teamer needs.
Episode Links:
🔗 Kyle’s blog: https://crimehacks.com
👨💻 Kyle on LinkedIn: https://www.linkedin.com/in/kyle-m-kelly
📰 Crime Hacks on LinkedIn: https://www.linkedin.com/company/crimehacks
=========================
Sponsored by ThreatLocker - Free 30-day trial of ThreatLocker https://www.threatlocker.com/simplydefensive
=========================
Connect with your hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason
Wade Wells: https://www.linkedin.com/in/wadingthrulogs
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group
In the final episode of Season 3 on Simply Defensive, hosts Josh Mason and Wade Wells welcome John Liliston, the Product Director at ThreatLocker.
John shares his journey into cybersecurity, his role at ThreatLocker, and his thoughts on the evolution of security solutions. He discusses ThreatLocker's approach to zero trust, the impact of AI on cybersecurity, and the unique integration of application control and threat detection in their offerings.
The episode also covers John's experiences and insights from recent conferences like RSA and potential future advancements in the industry. Tune in for an in-depth discussion on defensive cybersecurity and innovative product design.
Connect with John on LinkedIn: https://www.linkedin.com/in/john-lilliston-4725217b/
00:00 Introduction to Simply Defensive
00:31 Meet John Liliston: Threat Locker's Product Director
02:35 John's Journey into Cybersecurity
03:45 Transitioning to Product Design
04:52 Balancing Roles at Threat Locker
06:10 Emerging Threats and Product Development
17:47 The Future of Security Solutions
24:56 Concluding Thoughts and Upcoming Events
=========================
Connect with your hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason
Wade Wells: https://www.linkedin.com/in/wadingthrulogs
=========================
Sponsored by ThreatLocker @ThreatLocker
Allow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform from ThreatLocker. Learn more at https://simplycyber.io/threatlocker
=========================
Simply Cyber empowers people who want a rewarding cybersecurity career 💪
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group
Join hosts Josh and Wade as they sit down with Charles (Chuck) Sapp, a seasoned cybersecurity expert and security awareness specialist. In this episode, Chuck shares his unique journey from serving in the Marine Corps to becoming an influencer in the cybersecurity community.
Gain insights into his military background, his passion for educating others about cybersecurity, and engaging stories from his experiences. Chuck also previews his upcoming talk for BSides Tampa 2025, offering valuable advice on tailoring security training for diverse audiences.
Don't miss this opportunity to tap into his innovative approach to cybersecurity awareness!
Connect with Chuck on LinkedIn: https://www.linkedin.com/in/chucksapp/
Check out the article discussed: https://www.staysafeonline.org/articles/ai-fools-stay-sharp
00:00 Introduction and Guest Welcome
01:18 Chuck's Background and Military Experience
03:54 Transition to Cybersecurity
06:29 Hackspace Con Story
10:35 Upcoming Talk and Security Awareness
15:15 Challenges in Security Awareness
20:38 Storytelling in Cybersecurity
21:56 Real-Life Examples of Scams
23:30 Phishing Tests and Awareness
31:03 Creative Security Solutions
32:03 Leveraging Security Behavior Databases
35:23 Meeting Industry Leaders
37:53 Final Thoughts and Recommendations
=========================
Connect with your hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason
Wade Wells: https://www.linkedin.com/in/wadingthrulogs
=========================
Sponsored by ThreatLocker @ThreatLocker
Allow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform from ThreatLocker. Learn more at https://simplycyber.io/threatlocker
=========================
Simply Cyber empowers people who want a rewarding cybersecurity career 💪
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group
Welcome to another episode of Simply Defensive! In this installment, hosts Josh Mason and Wade Wells are joined by cybersecurity expert James Berley.
James shares his unique journey from a submarine sonar technician in the Navy to founding his own security firm, Secure Point Solutions, which specializes in helping small businesses tackle cybersecurity threats. They discuss the vital steps and strategies for implementing robust security measures in small companies, the importance of patch management, and how to protect sensitive information.
Additionally, James delves into his experiences as a foster parent, offering insights into the foster care system and the impactful ways you can contribute. Stay tuned for valuable tips on safeguarding your business and heartwarming stories from the world of foster care.
Episode Links:
Connect with James on LI: https://www.linkedin.com/in/jbierly/
Secure Point Solutions: https://www.secureps.net/
NFPA: https://nfpaonline.org/
00:00 Introduction and Guest Welcome
00:22 James Berley's Journey from Submarines to Cybersecurity
02:54 Transition to IT and Cybersecurity
07:28 Challenges and Rewards of Small Business Cybersecurity
12:29 Starting a Cybersecurity Business
20:11 Key Security Practices for Small Businesses
22:42 Challenges in School Cybersecurity
25:29 Starting a Cybersecurity Consulting Business
26:14 Engaging with Local Businesses
28:42 Building a Network Through Referrals
32:54 Becoming a Foster Parent
43:48 Advice for Blue Teamers
=========================
Connect with your hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason
Wade Wells: https://www.linkedin.com/in/wadingthrulogs
=========================
Sponsored by ThreatLocker @ThreatLocker
Allow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform from ThreatLocker. Learn more at https://simplycyber.io/threatlocker
=========================
Simply Cyber empowers people who want a rewarding cybersecurity career 💪
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group
Join hosts Josh Mason and Wade Wells as they sit down with David French for an insightful episode of Simply Defensive.
Discover David's journey from coding CCTV systems to becoming a staff security engineer at Google Cloud. Explore their discussion on detection as code, automation, detection testing, and relevant tools like Dorothy and Atomic Red Team.
Learn why coding skills are crucial for modern cybersecurity professionals, and get tips on leveraging AI in the field.
Whether you're a beginner or an experienced blue teamer, this episode is packed with valuable insights and actionable advice.
LinkedIn - https://www.linkedin.com/in/davidfrench001/
Google Cloud Security community - https://www.googlecloudcommunity.com/gc/Google-Cloud-Security/ct-p/googlecloud-security
Medium - https://medium.com/@threatpunter
GitHub - https://github.com/threat-punter
00:00 Introduction and Casual Banter
00:21 Guest Introduction: David French
01:11 David's Background and Career Journey
02:40 Detection Engineering and Origin Stories
04:18 Current Role and Responsibilities
05:05 Getting into Cybersecurity
08:30 Detection as Code: Concepts and Practices
12:34 Testing Detections: Challenges and Strategies
16:51 Tools and Techniques for Detection Testing
19:25 Open Source Tools and Community Contributions
23:23 AI in Detection Engineering
26:32 Exploring AI Tools for Coding and Presentations
27:50 Deep Research and Its Impact
28:52 Journey into Public Speaking
40:00 Community Engagement and Networking
40:29 Upcoming Conference and Final Thoughts
43:45 The Importance of Coding for Security Professionals
=========================
Connect with your hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason
Wade Wells: https://www.linkedin.com/in/wadingthrulogs
=========================
Sponsored by ThreatLocker @ThreatLocker https://threatlocker.com
=========================
Simply Cyber empowers people who want a rewarding cybersecurity career 💪
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group