In this episode of Simply Defensive, we sit down with JB, a Senior Cybersecurity Engineer working in detection engineering. JB shares his journey from SOC analyst to detection engineer, diving deep into the challenges of cloud-native security, Kubernetes logging, and building a sustainable career in cybersecurity.What We Cover:What detection engineering actually means in 2025Working with dual-cloud environments (AWS + GCP)The challenges of Kubernetes logging and ephemeral containersSANS FOR508 (Digital Forensics and Threat Hunting) experienceHow to avoid burnout in InfoSecBuilding a SOC career: What do entry-level analysts really need to know?Work-life balance with kids and an ambitious security careerDefCon stories and the Octopus Games competitionResources & Links Mentioned:Live Overflow's Hextree.io learning platform: https://hextree.ioSANS FOR508 (GCFA): https://www.sans.org/cyber-security-courses/advanced-incident-response-threat-hunting-training/Marcus Hutchins (MalwareTech) on LinkedIn: https://www.linkedin.com/in/malwaretech/Graham Helton's Kubernetes security work: https://www.linkedin.com/in/grahamhelton3/Simply Defensive Podcast: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4Connect with JB:YouTube: @JBCulbertTwitter/X: @JBTweetsStuffTimestamps: 00:00 Introduction and Guest Welcome00:50 JB's Day-to-Day Role in Cybersecurity01:47 Past Experiences and Career Journey02:27 Challenges in Detection Engineering03:23 Kubernetes and Incident Investigation03:51 SANS Classes and CTF Experiences09:07 Remote vs In-Person Learning11:21 Future Plans and Learning Platforms14:13 Docker and Kubernetes in Labs16:11 The Reality of Cybersecurity Skills16:40 Defcon and Octopus Games22:04 Balancing Cybersecurity and Personal Life31:01 Advice for Aspiring Blue Teamers32:57 Final Thoughts and FarewellDon't forget to like, subscribe, and hit the bell icon for more blue team content!🔗 Follow the hosts:Josh Mason: https://www.linkedin.com/in/joshuacmason/Wade Wells: https://www.linkedin.com/in/wadingthrulogs/💡 Brought to you by ThreatLocker – Secure your business with zero trust application control.🎙️ More Simply Defensive- Full playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4- Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4- Apple Podcasts: https://podcasts.apple.com/il/podcast/simply-defensive/id1773806182👍 If you enjoyed this episode, don’t forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity leaders.=========================Sponsored by @ThreatLocker - Free 30-day trial visit:https://www.threatlocker.com/simplydefensive=========================All the ways to connect with Simply Cyber https://SimplyCyber.io/Socials=========================This podcast is presented by Simply Cyber Media Group
--------
34:44
--------
34:44
Hands-On Defense: Markus Schober on DFIR, Labs, and Building Better Blue Teamers
In this episode of Simply Defensive, Josh Mason and Wade Wells sit down with Markus Schober, founder of Blue Cape Security, to talk all things digital forensics, incident response (DFIR), and why hands-on training beats theory every time.We dig into: 🔹 The hidden value of building your own cyber range 🔹 How IR pros train using real attacks (and why they need red team skills) 🔹 Eric Zimmerman's forensics tools and practical lab setups 🔹 Ransomware war stories from Fortune 100 response 🔹 The role (and limitations) of AI in forensics 🔹 How to break into DFIR as a practitioner — not just a paper tigerWhether you’re building detections, teaching DFIR, or just figuring out where to start, this one’s for you.👇 Timestamps https://www.bluecapesecurity.com/& Resources 0:00 Intro & ThreatLocker sponsorship 2:00 Markus' journey from responder to trainer 5:00 What makes a good DFIR workshop? 7:00 Building a cyber range that doesn’t suck 10:00 Favorite open-source tools (hint: Zimmerman) 14:00 Consulting vs. in-house IR 19:00 APT10, ransomware, and real-world incidents 24:00 Can AI replace forensic analysts? 27:00 Where to find Markus' courses 29:00 Parting wisdom for aspiring defenders📚 Check out Blue Cape Security:→ https://www.bluecapesecurity.com/ → Hands-on IR & Forensics Labs → Certification (coming soon!)🔗 Follow the hosts: Josh Mason: https://www.linkedin.com/in/joshuacmason/ Wade Wells: https://www.linkedin.com/in/wadingthrulogs/💡 Brought to you by ThreatLocker – Secure your business with zero trust application control.
--------
30:31
--------
30:31
Cyber Threat Intelligence for Blue Teams with Jordan Kalm (Morado COO)
From Army recon missions to building Morado, COO Jordan Kalm reveals how military intelligence tactics translate into modern cyber threat intelligence. In this Simply Defensive episode, Josh Mason and Wade Wells dive into what really works for blue teams and SOC analysts — and what’s just noise.👉 If you’ve ever wondered how to turn raw intel into actionable defense, this conversation is packed with practical takeaways you can use right away.⏱ Timestamps 0:00 – Intro & Jordan’s background 4:00 – From infantry recon to threat intel 12:00 – Building a threat intel platform that works 20:00 – What blue teams actually need 33:00 – Advice for new defenders🔗 Connect with Jordan & Morado Jordan Kalm: https://www.linkedin.com/in/jordan-kalm-2a562b5b/ Morado: https://www.morado.io/👥 Connect with us on LinkedIn:- Josh Mason (Co-Host): https://www.linkedin.com/in/joshuacmason- Wade Wells (Co-Host): https://www.linkedin.com/in/wadingthrulogs/- Kevin Mata (Guest): https://www.linkedin.com/in/kevinmata- Swimlane: https://www.linkedin.com/company/swimlane🎙️ More Simply Defensive- Full playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4- Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4- Apple Podcasts: https://podcasts.apple.com/il/podcast/simply-defensive/id1773806182👍 If you enjoyed this episode, don’t forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity leaders.=========================Sponsored by ThreatLocker - Free 30-day trial of ThreatLockerhttps://www.threatlocker.com/simplydefensive=========================All the ways to connect with Simply Cyberhttps://SimplyCyber.io/Socials=========================This podcast is presented by Simply Cyber Media Group
--------
32:50
--------
32:50
How a Detective Became the Ginger Hacker: SOC Life, Job Hunts & Blue Team Wisdom
From the streets to the SOC. 💻In this episode of Simply Defensive, Josh Mason and Wade Wells talk with Andrew Crotty — aka Ginger Hacker. A former detective turned Tier 3 SOC analyst and Army reservist, Andrew shares his journey into cyber, the struggles of breaking in, and the lessons he’s learned (including the rookie mistake that accidentally dosed the DMV 👀).What you’ll hear:🔹 Andrew’s pivot from law enforcement to cybersecurity🔹 SOC life, schedules, and fighting burnout🔹 Job hunting, recruiters, and landing that first role🔹 Why soft skills matter as much as technical skills🔹 Andrew’s advice for blue teamers: ask why, stay curious, fight alert fatigue📺 Check out Andrew’s channel, Ginger Hacker: https://www.youtube.com/@gingerhacker🎙️ More episodes of Simply Defensive: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4&si=TqefAfDjdR1AYt1c👥 Connect with Us on LinkedIn:- Josh Mason (Co-Host): https://www.linkedin.com/in/joshuacmason- Wade Wells (Co-Host): https://www.linkedin.com/in/wadingthrulogs/- Kevin Mata (Guest): https://www.linkedin.com/in/kevinmata- Swimlane: https://www.linkedin.com/company/swimlane🎙️ More Simply Defensive- Full playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4- Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4- Apple Podcasts: https://podcasts.apple.com/il/podcast/simply-defensive/id1773806182👍 If you enjoyed this episode, don’t forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity leaders.=========================Sponsored by ThreatLocker - Free 30-day trial of ThreatLockerhttps://www.threatlocker.com/simplydefensive=========================All the ways to connect with Simply Cyberhttps://SimplyCyber.io/Socials=========================This podcast is presented by Simply Cyber Media Group
--------
36:02
--------
36:02
Automating the Blue Team | Kevin Mata (Swimlane) on SOAR & AI in Cybersecurity
Automation is changing the way defenders work. In this episode of Simply Defensive, we sit down with Kevin Mata, Director of Cloud Operations at Swimlane, to talk about his journey from flipping burgers at In-N-Out to flipping SOC alerts with automation, SOAR, and AI.Kevin shares how he got started in cybersecurity, how Swimlane helps Blue Teams save time and reduce alert fatigue, and where AI is already making a difference in the SOC. Along the way, he and Wade swap stories about early career struggles, Python hacks, and the future of automation in security operations.If you’ve ever wondered how much you can trust automation, what SOAR really does in a SOC, or how AI will shape the future of defenders—this episode is for you.👉 What You’ll Learn in This Episode:- Kevin’s unique career journey: In-N-Out → SOC → Swimlane leadership- How to use automation to supercharge Blue Team efficiency- The role of SOAR platforms in ticketing, response, and orchestration- Where AI fits into SOC operations (and where it doesn’t…yet)- Tips for defenders at any stage of their career🔗 Links & References from the Episode:- Swimlane: https://swimlane.com- Recorded Future: https://www.recordedfuture.com- VirusTotal: https://www.virustotal.com- Mistral AI: https://mistral.ai👥 Connect with Us on LinkedIn:- Josh Mason (Co-Host): https://www.linkedin.com/in/joshuacmason- Wade Wells (Co-Host): https://www.linkedin.com/in/wadingthrulogs/- Kevin Mata (Guest): https://www.linkedin.com/in/kevinmata- Swimlane: https://www.linkedin.com/company/swimlane🎙️ More Simply Defensive- Full playlist: https://youtube.com/playlist?list=PL4Q-ttyNIRAr6DVrsASx1-Fv-TsooJ3M4- Spotify: https://open.spotify.com/show/72QTocT5FSTSPV7o1UcMS4- Apple Podcasts: https://podcasts.apple.com/il/podcast/simply-defensive/id1773806182👍 If you enjoyed this episode, don’t forget to like, subscribe, and share with your fellow defenders. Every week, Josh Mason and Wade Wells bring you practical, no-fluff conversations with cybersecurity leaders.=========================Sponsored by ThreatLocker - Free 30-day trial of ThreatLockerhttps://www.threatlocker.com/simplydefensive=========================All the ways to connect with Simply Cyberhttps://SimplyCyber.io/Socials=========================This podcast is presented by Simply Cyber Media Group
Join us for Simply Defensive, a podcast dedicated to exploring the world of defensive cybersecurity through the lens of real-world experts. In each episode, we'll interview leading professionals from the cybersecurity industry, delving into their experiences, challenges, and innovative solutions.
Whether you're a seasoned cybersecurity veteran or just starting to learn about the field, Simply Defensive offers valuable insights and practical advice to help you stay ahead of the curve. Tune in as we discuss the latest threats, emerging technologies, and best practices for protecting your organization from cyberattacks.
=========================
Connect with your hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason
Wade Wells: https://www.linkedin.com/in/wadingthrulogs
=========================
Simply Cyber empowers people who want a rewarding cybersecurity career 💪
=========================
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
New Zealand