The Cybersecurity Defenders Podcast

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Since the onset of the conflict in the Gulf region, cybersecurity researchers have observed a noticeable rise in malicious cyber activity tied to geopolitical events.Unit 42 researchers are warning about an increased risk of destructive cyberattacks tied to the conflict involving Iran.The hacking group known as TeamPCP has expanded a large-scale supply chain campaign targeting widely used open source software ecosystems.In September 2025, Anthropic disclosed an incident in which a state-sponsored threat actor used an AI coding agent to conduct an autonomous cyber espionage campaign targeting 30 organizations worldwide.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

This week on Defender Friday we are joined by Andrew Cook, CTO of Recon InfoSec, to talk about what it means to build a strong security team and why hiring builders is always a good bet.As the CTO of Recon InfoSec, a leading provider of managed security operations, Andrew oversees the technical vision, strategy, and execution of their services and solutions. He has more than a decade of experience in threat hunting, digital forensics, network defense, and capability development.Andrew's mission is to provide customers with the expertise they need to confidently and effectively respond to incidents, protect their organizations, and enhance their resilience. He has a proven track record of delivering high-quality results, leading and mentoring teams, and collaborating with partners across the industry and the government. Andrew is also a former Air Force officer, with national-level contributions and a passion for technical leadership.Learn more at reconinfosec.comRegister for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, a cloud-native SecOps platform where AI agents operate security infrastructure directly. Founded in 2018, LimaCharlie provides complete API coverage across detection, response, automation, and telemetry, with multi-tenant architecture designed for MSSPs and MDR providers managing thousands of unique client environments.Why LimaCharlie?Transparency: Complete visibility into every action and decision. No black boxes, no vendor lock-in.Scalability: Security operations that scale like infrastructure, not like procurement cycles. Move at cloud speed.Unopinionated Design: Integrate the tools you need, not just those contracts allow. Build security on your terms.Agentic SecOps Workspace (ASW): AI agents that operate alongside your team with observable, auditable actions through the same APIs human analysts use.Security Primitives: Composable building blocks that endure as tools come and go. Build once, evolve continuously.Try the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.io/Follow LimaCharlieSign up for free: https://limacharlie.io/LinkedIn: / limacharlieio X: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - CEO / Co-founder at LimaCharlie

Justin Searle, Director of ICS Security at InGuardians, joins us today to talk about the challenges facing industrial control system security. With increased attack surface areas and maintaining and updating decades-old systems, Justin's dedication to informing and educating newcomers and experts alike is more important now than ever before.As the Director of ICS Security at InGuardians, Justin specializes in ICS security architecture design and penetration testing. He led the Smart Grid Security Architecture group in creating the NIST Interagency Report 7628 and has played key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP). Justin is the owner of ControlThings LLC, a member of the SANS faculty, and an instructor at BlackHat. He has authored and taught numerous courses such as ICS410: ICS/SCADA Security Essentials, Assessing and Exploiting Control Systems and IIoT, Assessing and Exploiting Web Applications with SamuraiWTF, and SEC542: Web App Penetration Testing and Ethical Hacking. Justin also presents on a range of cybersecurity topics at leading security conferences across the globe.Learn more at: controlthings.ioSupport our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io

David Burkett, Cloud Security Researcher at Corelight, is back on Defender Fridays this week to discuss thinking in pipelines for AI agents.As a dedicated and highly experienced Cloud Detection Engineer and Security Architect, David has the privilege of working at a Fortune 50 Company where he leverages his extensive background in cybersecurity to protect digital assets. With a proven track record of building three different Cyber Security Operations Centers for multiple MSSP/MDR providers.David's expertise is backed by a strong set of GIAC certifications, including GCTI, GCIA, GPYC, and GCED... among others. He's proud to have been part of a large overall security team that won the prestigious James S. Cogswell Outstanding Industrial Security Achievement Award from the Defense Counterintelligence and Security Agency. Our security operations center was recognized as being among the top 1% of cybersecurity programs for all cleared facilities.In addition to his hands-on experience, David has consulted for over 40 Fortune 500 Companies and Large Federal Organizations, helping them manage their SOAR platforms and playbooks. As a strong believer in knowledge sharing and collaboration, he's also an active contributor to the open-source detection security project known as Sigma. Learn more at https://corelight.com/Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, a cloud-native SecOps platform where AI agents operate security infrastructure directly. Founded in 2018, LimaCharlie provides complete API coverage across detection, response, automation, and telemetry, with multi-tenant architecture designed for MSSPs and MDR providers managing thousands of unique client environments.Why LimaCharlie?Transparency: Complete visibility into every action and decision. No black boxes, no vendor lock-in.Scalability: Security operations that scale like infrastructure, not like procurement cycles. Move at cloud speed.Unopinionated Design: Integrate the tools you need, not just those contracts allow. Build security on your terms.Agentic SecOps Workspace (ASW): AI agents that operate alongside your team with observable, auditable actions through the same APIs human analysts use.Security Primitives: Composable building blocks that endure as tools come and go. Build once, evolve continuously.Try the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.io/Follow LimaCharlieSign up for free: https://limacharlie.io/LinkedIn: / limacharlieio X: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - CEO / Co-founder at LimaCharlie