Simply Defensive

In this episode of Simply Defensive, host Josh Mason and co-host discuss their experiences and challenges in cybersecurity, along with guest Victoria, a student and SOC analyst at UNLV.The conversation covers the complexities of building a Security Operations Center (SOC) and compares academic learning with real-world applications. Victoria shares insights from her studies and practical work, including developing a SOC program at UNLV and addressing common cybersecurity misconceptions.The episode highlights the importance of communication, real-world projects, continuous learning, and the balance between technical and business aspects of cybersecurity.00:00 Introduction and Host Banter00:20 Guest Introduction: Victoria01:03 Building a SOC: Challenges and Experiences01:29 Education vs. Real-World Experience02:29 SOC Class and Practical Training03:49 Group Projects and Communication07:14 Real-Life Incident Stories10:33 Getting into Cybersecurity: Victoria's Journey12:54 Business Side of Cybersecurity16:17 The Cost of MFA and Free Alternatives16:31 Lock Picking and Security Value17:30 Teaching Cybersecurity Concepts18:44 Consulting Experience for Students19:15 Client Feedback and Confidential Reports19:52 Challenges in Cybersecurity Projects20:27 Transitioning into the SOC22:34 Federal and State Regulations26:16 Advice for Blue Teamers28:06 Conclusion and FarewellDon't forget to like, subscribe, and hit the bell icon for more blue team content!🔗 Follow the hosts:Josh Mason: https://www.linkedin.com/in/joshuacmason/Wade Wells: https://www.linkedin.com/in/wadingthrulogs/💡 Brought to you by ThreatLocker – Secure your business with zero trust application control. https://www.threatlocker.com/simplydefensive🎙️ More Simply Defensive- Full playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4- Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4- Apple Podcasts: https://podcasts.apple.com/il/podcast/simply-defensive/id1773806182👍 If you enjoyed this episode, don’t forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity leaders.=========================Sponsored by @ThreatLocker - Free 30-day trial visit:https://www.threatlocker.com/simplydefensive=========================All the ways to connect with Simply Cyber  https://SimplyCyber.io/Socials=========================This podcast is presented by Simply Cyber Media Group

What happens when you go from fixing executives’ laptops at Goldman Sachs to defending against cyber threats in a SOC?In this episode of Simply Defensive, hosts Josh Mason and Wade Wells sit down with Kevin Apolinario — better known as KevTech — to unpack his journey from IT support to cybersecurity analyst, all without a single certification.Kev gets real about what it’s actually like to land your first SOC role: the flood of alerts, the burnout, learning Excel the hard way, and relying on ChatGPT to survive scripting. He also shares how TryHackMe, Hack The Box, and constant hands-on practice built the foundation for his success.If you’ve ever wondered what breaking into cybersecurity really looks like, this conversation pulls back the curtain — no fluff, no spin, just honest talk from the trenches.Chapters:00:00 Introduction and Welcome00:29 Guest Introduction: Kev Apolinario00:51 Transition to SOC Analyst Role01:53 Challenges and Learning in Cybersecurity06:43 Handling Alerts and Fatigue10:26 Importance of Teamwork and Asking for Help19:56 Executive Support Experience27:02 Advice for Aspiring Blue TeamersFollow Kevin on YouTube: https://youtube.com/@kevtechitsupportConnect with Kevin on LinkedIn: https://www.linkedin.com/in/itprofessionalkevinapolinarioDon't forget to like, subscribe, and hit the bell icon for more blue team content!🔗 Follow the hosts:Josh Mason: https://www.linkedin.com/in/joshuacmason/Wade Wells: https://www.linkedin.com/in/wadingthrulogs/💡 Brought to you by ThreatLocker – Secure your business with zero trust application control.🎙️ More Simply Defensive- Full playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4- Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4- Apple Podcasts: https://podcasts.apple.com/il/podcast/simply-defensive/id1773806182👍 If you enjoyed this episode, don’t forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity leaders.=========================Sponsored by @ThreatLocker - Free 30-day trial visit:https://www.threatlocker.com/simplydefensive=========================All the ways to connect with Simply Cyber  https://SimplyCyber.io/Socials=========================This podcast is presented by Simply Cyber Media Group

In this episode of Simply Defensive, we sit down with JB, a Senior Cybersecurity Engineer working in detection engineering. JB shares his journey from SOC analyst to detection engineer, diving deep into the challenges of cloud-native security, Kubernetes logging, and building a sustainable career in cybersecurity.What We Cover:What detection engineering actually means in 2025Working with dual-cloud environments (AWS + GCP)The challenges of Kubernetes logging and ephemeral containersSANS FOR508 (Digital Forensics and Threat Hunting) experienceHow to avoid burnout in InfoSecBuilding a SOC career: What do entry-level analysts really need to know?Work-life balance with kids and an ambitious security careerDefCon stories and the Octopus Games competitionResources & Links Mentioned:Live Overflow's Hextree.io learning platform: https://hextree.ioSANS FOR508 (GCFA): https://www.sans.org/cyber-security-courses/advanced-incident-response-threat-hunting-training/Marcus Hutchins (MalwareTech) on LinkedIn: https://www.linkedin.com/in/malwaretech/Graham Helton's Kubernetes security work: https://www.linkedin.com/in/grahamhelton3/Simply Defensive Podcast: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4Connect with JB:YouTube: @JBCulbertTwitter/X: @JBTweetsStuffTimestamps: 00:00 Introduction and Guest Welcome00:50 JB's Day-to-Day Role in Cybersecurity01:47 Past Experiences and Career Journey02:27 Challenges in Detection Engineering03:23 Kubernetes and Incident Investigation03:51 SANS Classes and CTF Experiences09:07 Remote vs In-Person Learning11:21 Future Plans and Learning Platforms14:13 Docker and Kubernetes in Labs16:11 The Reality of Cybersecurity Skills16:40 Defcon and Octopus Games22:04 Balancing Cybersecurity and Personal Life31:01 Advice for Aspiring Blue Teamers32:57 Final Thoughts and FarewellDon't forget to like, subscribe, and hit the bell icon for more blue team content!🔗 Follow the hosts:Josh Mason: https://www.linkedin.com/in/joshuacmason/Wade Wells: https://www.linkedin.com/in/wadingthrulogs/💡 Brought to you by ThreatLocker – Secure your business with zero trust application control.🎙️ More Simply Defensive- Full playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4- Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4- Apple Podcasts: https://podcasts.apple.com/il/podcast/simply-defensive/id1773806182👍 If you enjoyed this episode, don’t forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity leaders.=========================Sponsored by @ThreatLocker - Free 30-day trial visit:https://www.threatlocker.com/simplydefensive=========================All the ways to connect with Simply Cyber  https://SimplyCyber.io/Socials=========================This podcast is presented by Simply Cyber Media Group

In this episode of Simply Defensive, Josh Mason and Wade Wells sit down with Markus Schober, founder of Blue Cape Security, to talk all things digital forensics, incident response (DFIR), and why hands-on training beats theory every time.We dig into: 🔹 The hidden value of building your own cyber range 🔹 How IR pros train using real attacks (and why they need red team skills) 🔹 Eric Zimmerman's forensics tools and practical lab setups 🔹 Ransomware war stories from Fortune 100 response 🔹 The role (and limitations) of AI in forensics 🔹 How to break into DFIR as a practitioner — not just a paper tigerWhether you’re building detections, teaching DFIR, or just figuring out where to start, this one’s for you.👇 Timestamps https://www.bluecapesecurity.com/& Resources 0:00 Intro & ThreatLocker sponsorship 2:00 Markus' journey from responder to trainer 5:00 What makes a good DFIR workshop? 7:00 Building a cyber range that doesn’t suck 10:00 Favorite open-source tools (hint: Zimmerman) 14:00 Consulting vs. in-house IR 19:00 APT10, ransomware, and real-world incidents 24:00 Can AI replace forensic analysts? 27:00 Where to find Markus' courses 29:00 Parting wisdom for aspiring defenders📚 Check out Blue Cape Security:→ https://www.bluecapesecurity.com/ → Hands-on IR & Forensics Labs → Certification (coming soon!)🔗 Follow the hosts: Josh Mason: https://www.linkedin.com/in/joshuacmason/ Wade Wells: https://www.linkedin.com/in/wadingthrulogs/💡 Brought to you by ThreatLocker – Secure your business with zero trust application control.

From Army recon missions to building Morado, COO Jordan Kalm reveals how military intelligence tactics translate into modern cyber threat intelligence. In this Simply Defensive episode, Josh Mason and Wade Wells dive into what really works for blue teams and SOC analysts — and what’s just noise.👉 If you’ve ever wondered how to turn raw intel into actionable defense, this conversation is packed with practical takeaways you can use right away.⏱ Timestamps 0:00 – Intro & Jordan’s background 4:00 – From infantry recon to threat intel 12:00 – Building a threat intel platform that works 20:00 – What blue teams actually need 33:00 – Advice for new defenders🔗 Connect with Jordan & Morado Jordan Kalm: https://www.linkedin.com/in/jordan-kalm-2a562b5b/ Morado: https://www.morado.io/👥 Connect with us on LinkedIn:- Josh Mason (Co-Host): https://www.linkedin.com/in/joshuacmason- Wade Wells (Co-Host): https://www.linkedin.com/in/wadingthrulogs/- Kevin Mata (Guest): https://www.linkedin.com/in/kevinmata- Swimlane: https://www.linkedin.com/company/swimlane🎙️ More Simply Defensive- Full playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4- Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4- Apple Podcasts: https://podcasts.apple.com/il/podcast/simply-defensive/id1773806182👍 If you enjoyed this episode, don’t forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity leaders.=========================Sponsored by ThreatLocker - Free 30-day trial of ThreatLockerhttps://www.threatlocker.com/simplydefensive=========================All the ways to connect with Simply Cyberhttps://SimplyCyber.io/Socials=========================This podcast is presented by Simply Cyber Media Group

From the streets to the SOC. 💻In this episode of Simply Defensive, Josh Mason and Wade Wells talk with Andrew Crotty — aka Ginger Hacker. A former detective turned Tier 3 SOC analyst and Army reservist, Andrew shares his journey into cyber, the struggles of breaking in, and the lessons he’s learned (including the rookie mistake that accidentally dosed the DMV 👀).What you’ll hear:🔹 Andrew’s pivot from law enforcement to cybersecurity🔹 SOC life, schedules, and fighting burnout🔹 Job hunting, recruiters, and landing that first role🔹 Why soft skills matter as much as technical skills🔹 Andrew’s advice for blue teamers: ask why, stay curious, fight alert fatigue📺 Check out Andrew’s channel, Ginger Hacker: https://www.youtube.com/@gingerhacker🎙️ More episodes of Simply Defensive: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4&si=TqefAfDjdR1AYt1c👥 Connect with Us on LinkedIn:- Josh Mason (Co-Host): https://www.linkedin.com/in/joshuacmason- Wade Wells (Co-Host): https://www.linkedin.com/in/wadingthrulogs/- Kevin Mata (Guest): https://www.linkedin.com/in/kevinmata- Swimlane: https://www.linkedin.com/company/swimlane🎙️ More Simply Defensive- Full playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4- Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4- Apple Podcasts: https://podcasts.apple.com/il/podcast/simply-defensive/id1773806182👍 If you enjoyed this episode, don’t forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity leaders.=========================Sponsored by ThreatLocker - Free 30-day trial of ThreatLockerhttps://www.threatlocker.com/simplydefensive=========================All the ways to connect with Simply Cyberhttps://SimplyCyber.io/Socials=========================This podcast is presented by Simply Cyber Media Group

Automation is changing the way defenders work. In this episode of Simply Defensive, we sit down with Kevin Mata, Director of Cloud Operations at Swimlane, to talk about his journey from flipping burgers at In-N-Out to flipping SOC alerts with automation, SOAR, and AI.Kevin shares how he got started in cybersecurity, how Swimlane helps Blue Teams save time and reduce alert fatigue, and where AI is already making a difference in the SOC. Along the way, he and Wade swap stories about early career struggles, Python hacks, and the future of automation in security operations.If you’ve ever wondered how much you can trust automation, what SOAR really does in a SOC, or how AI will shape the future of defenders—this episode is for you.👉 What You’ll Learn in This Episode:- Kevin’s unique career journey: In-N-Out → SOC → Swimlane leadership- How to use automation to supercharge Blue Team efficiency- The role of SOAR platforms in ticketing, response, and orchestration- Where AI fits into SOC operations (and where it doesn’t…yet)- Tips for defenders at any stage of their career🔗 Links & References from the Episode:- Swimlane: https://swimlane.com- Recorded Future: https://www.recordedfuture.com- VirusTotal: https://www.virustotal.com- Mistral AI: https://mistral.ai👥 Connect with Us on LinkedIn:- Josh Mason (Co-Host): https://www.linkedin.com/in/joshuacmason- Wade Wells (Co-Host): https://www.linkedin.com/in/wadingthrulogs/- Kevin Mata (Guest): https://www.linkedin.com/in/kevinmata- Swimlane: https://www.linkedin.com/company/swimlane🎙️ More Simply Defensive- Full playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4- Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4- Apple Podcasts: https://podcasts.apple.com/il/podcast/simply-defensive/id1773806182👍 If you enjoyed this episode, don’t forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity leaders.=========================Sponsored by ThreatLocker - Free 30-day trial of ThreatLockerhttps://www.threatlocker.com/simplydefensive=========================All the ways to connect with Simply Cyberhttps://SimplyCyber.io/Socials=========================This podcast is presented by Simply Cyber Media Group

Ready to level up your defensive cybersecurity skills? In this episode of Simply Defensive, Josh Mason and Wade Wells sit down with Dan Regalado and Belem — the founders of Hack Defender Academy — to explore how they’re using CTF-style challenges, real malware cases, and gamification to prepare the next generation of defenders.💡 We cover:Why gamified, CTF-style learning works better than traditional trainingHow Hack Defender Academy helps beginners grow into skilled malware analystsThe role of AI in threat research — friend, foe, or both?The importance of staying hungry and keeping your edge as a blue teamer🚨 Special Gift for Our Listeners: Hack Defender Academy is giving away one free certification pass! Details in the episode.🔗 Links from the episodeHack Defender Academy 🌐 Website: academy.hack-defender.com ▶️ YouTube: Hack Defender Official 📱 TikTok: @HackDefOfficial 📸 Instagram: @HackDefOfficial 🐦 X (Twitter): @HackDefOfficial 💼 LinkedIn: Hack Defender 📘 Facebook: Hack DefenderConnect with our guests🔹 Dan Regalado – LinkedIn 🔹 Belem – LinkedInSimply Defensive Podcast🎧 Spotify: Simply Defensive 🎧 Apple: Simply DefensiveSponsor 💼 Thanks to ThreatLocker for supporting this episode.👍 If you enjoyed this conversation, hit Like, Subscribe, and ring the 🔔 so you don’t miss our weekly episodes! Drop a comment with the biggest challenge you’ve faced as a blue teamer — we’d love to hear your story.=========================Sponsored by ThreatLocker - Free 30-day trial of ThreatLockerhttps://www.threatlocker.com/simplydefensive=========================Connect with your hosts:Josh Mason: https://www.linkedin.com/in/joshuacmasonWade Wells: https://www.linkedin.com/in/wadingthrulogs=========================All the ways to connect with Simply Cyberhttps://SimplyCyber.io/Socials=========================This podcast is presented by Simply Cyber Media Group

In Season 4, Episode 4 of Simply Defensive, hosts Josh Mason and Wade Wells sit down with Rob Allen, Chief Product Officer at ThreatLocker, to dive deep into the world of Zero Trust security, proactive cybersecurity strategies, and ransomware prevention.Rob shares expert insights on:Proactive vs. Reactive cybersecurity — why a balanced security stack mattersHow Zero Trust infrastructure can stop cyber attacks before they startThreatLocker’s "Deny by Default" approach to endpoint and application controlThe importance of application definitions for effective securityWhy AI is not the silver bullet for cybersecurity defenseCommon security myths and misconceptions that put organizations at riskWhether you’re a SOC analyst, detection engineer, IT manager, or anyone interested in protecting against ransomware, this episode offers practical, real-world strategies for building a stronger cyber defense posture.Timestamps: 00:00 – Introduction and Host Greetings 00:23 – Guest Introduction: Rob Allen from ThreatLocker 00:44 – Rob Allen's Role and Responsibilities 02:30 – Proactive vs. Reactive Cybersecurity Approaches 03:54 – Challenges in Cybersecurity Detection 05:24 – ThreatLocker’s Deny by Default Approach 09:48 – The Importance of Application Definitions 16:52 – Security Myths and Misconceptions 18:53 – AI in Cybersecurity: Hype vs. Reality 23:32 – Travel Plans and Closing Remarks🔗 Connect with Rob Allen & ThreatLocker Website: https://www.threatlocker.com/ LinkedIn: https://www.linkedin.com/company/threatlocker/=========================Sponsored by ThreatLocker - Free 30-day trial of ThreatLockerhttps://www.threatlocker.com/simplydefensive=========================Connect with your hosts:Josh Mason: https://www.linkedin.com/in/joshuacmasonWade Wells: https://www.linkedin.com/in/wadingthrulogs=========================All the ways to connect with Simply Cyberhttps://SimplyCyber.io/Socials=========================This podcast is presented by Simply Cyber Media Group

What if GitHub sucks for security detections—and AI is finally good enough to replace it?Join Josh Mason and Wade Wells as they sit down with Aaron Mog, the outspoken founder of Detections.ai, to unpack why detection engineering is broken—and how his new platform signed up 4,000+ users in just two weeks.Aaron doesn’t hold back. From ranting about GitHub’s failures to sharing how AI is now actually useful for real-world detections, this episode goes deep into:Why most teams still build detections in silos (and waste time doing it)What makes detections fail—and what 80% of orgs get wrongHow Detections.ai uses prompt engineering and log analysis to generate battle-ready alertsWhy vendors will never cover all your detection needs (and that’s okay)Whether you're a threat hunter, detection engineer, or just AI-curious, this episode will challenge your assumptions and give you practical ideas to level up your SOC.Connect with Aaron on LinkedIn: https://www.linkedin.com/in/aaronmoghttps://detections.ai/ Code “SimplyCyber”👉 Subscribe for more real talk on cyber defense. 🎧 Listen in and get ahead of the curve.Chapters:00:00 Introduction and Guest Welcome00:31 Aaron Mog and Detections.ai Overview01:58 Community-Driven Detection Engineering04:24 AI Integration and Product Evolution06:20 Challenges in Detection Engineering08:11 AI's Role in Detection Engineering15:51 Vendor Limitations and Custom Solutions16:54 Microsoft's Limitations in Cybersecurity17:23 The Evolution of Threat Hunting18:07 Collaborative Approach to Cybersecurity20:07 Crowdsourcing and AI in Detection Engineering20:57 Challenges and Innovations in AI for Security21:37 AI's Role in Detection and Response23:25 Elastic's Blog and Detection Engineering24:29 AI in Summarizing and Enhancing Security Reports28:14 Community and Commercial Aspects of AI in Security32:18 Conclusion and Community Engagement=========================Sponsored by ThreatLocker - Free 30-day trial of ThreatLockerhttps://www.threatlocker.com/simplydefensive=========================Connect with your hosts:Josh Mason: https://www.linkedin.com/in/joshuacmasonWade Wells: https://www.linkedin.com/in/wadingthrulogs=========================All the ways to connect with Simply Cyberhttps://SimplyCyber.io/Socials=========================This podcast is presented by Simply Cyber Media Group