Simply Defensive

Episode Show NotesS6:E3 - Tom Dejong - Inside the BHIS SOC: Triage, Curiosity, and Career GrowthEpisode SummaryIn this episode of Simply Defensive, hosts Josh Mason and Wade Wells sit down with Tom Dejong, Triage Lead at Black Hills Information Security (BHIS). Tom shares his unconventional path into cybersecurity — from a South Dakota apprenticeship scholarship to becoming one of the most detail-oriented analysts in the BHIS SOC. The conversation covers the realities of SOC triage, the importance of detailed documentation, mentoring new analysts, and how AI is reshaping (but not replacing) blue team work.Whether you're an aspiring SOC analyst, a seasoned defender, or someone curious about how to build a career in cyber without a traditional path, Tom's story and practical advice will resonate.What You'll LearnHow the Build Dakota Scholarship led Tom from apprenticeship to a cybersecurity careerWhat it's really like working triage at the BHIS SOCWhy detailed ticket notes are a force multiplier for SOC teamsThe hypothesis-driven approach to alert investigationHow to pivot off IPs, hashes, process names, and file pathsWhy curiosity is the #1 skill for SOC analystsHow AI is being used in modern SOCs (and why it's not taking your job)The challenge of building SOC training and webcastsAdvice for handling mistakes and learning from themEpisode HighlightsTom's Journey Into Cyber From discovering Darknet Diaries and hearing John Strand mention Spearfish, South Dakota — the same town Tom was living in — to landing his first day at Wild West Hacking Fest 2022 as a BHIS intern.The Triage Mindset Tom walks through his approach to investigating alerts: starting with detection logic, checking for prior tickets, and breaking down each piece of evidence in writing to make the logic click.Documentation as a Superpower Why Tom believes detailed notes aren't just nice-to-have — they're essential for the next analyst down the line and for his own thought process.AI in the SOC Tom's honest take on using AI for investigations, polishing client communications, and writing detection logic — plus why he's not worried about it taking his job.Advice for Blue Teamers You're going to make mistakes. Use them as learning experiences. Lean on your teammates. Stay curious.Timestamps00:00 Intro and Welcome01:00 Tom's Role at the BHIS SOC01:30 From Apprenticeship to Cybersecurity: The Build Dakota Story03:00 Discovering BHIS Through Darknet Diaries04:00 Wild West Hacking Fest as Day One04:30 Behind the Scenes of a SOC Webcast06:30 The Art of Alert Triage and Pivoting08:30 Building Conference Talks and Training Content10:30 Where Tom Sees His Career Going11:30 Why Curiosity Is the #1 SOC Skill12:30 Favorite Alert Types to Work14:00 Round Robin vs. Self-Assigned Tickets15:00 Note-Taking and Documentation Best Practices19:00 Building a Hypothesis When an Alert Comes In20:30 AI in the SOC: Hype, Reality, and Use Cases24:00 Will AI Replace SOC Analysts?26:00 Training Resources for New Analysts28:00 Advice for Aspiring Blue Teamers29:30 Closing ThoughtsResources MentionedBlack Hills Information Security: https://www.blackhillsinfosec.com/Antisyphon Training: https://www.antisyphontraining.com/Build Dakota Scholarship: https://www.builddakotascholarships.com/Darknet Diaries Podcast: https://darknetdiaries.com/Wild West Hacking Fest: https://wildwesthackinfest.com/Connect with TomLinkedIn: Tom Dejong at Black Hills Information SecurityBHIS Webcasts & Workshops: Available through Black Hills Information SecurityConnect with Your HostsJosh Mason: https://www.linkedin.com/in/joshuacmason/Wade Wells: https://www.linkedin.com/in/wadingthrulogs/