S6E2: John Hammond on Security Research, Storytelling, Deception, and Getting Hired in Cybersecurity
Download MP3John Hammond on Security Research, Storytelling, and Deception for Defenders
In this Simply Defensive episode, hosts Josh Mason and Wade Wells interview John Hammond, a Huntress security researcher, YouTuber, and educator, about his career path and defensive research. Hammond explains he has never worked as a penetration tester, SOC analyst, or detection engineer, instead “falling into” security research through hands-on Capture the Flag work and building cyber threat emulation course content, earning Offensive Security’s OSCE3 bundle recognition. He discusses why storytelling and communication are critical for translating attacker tradecraft into actionable defenses, emphasizing understanding the attack chain to identify places to break it. He recommends building a public portfolio of write-ups and notes, and says multiple creators covering the same topic can still provide value through different explanations. The conversation also highlights endpoint deception and honeypots, challenges of reversing compiled binaries versus script-based malware, and his advice to document thoroughly in shared organizational knowledge bases.
00:00 S6E2: John Hammond on Security Research, Storytelling, Deception, and Getting Hired in Cybersecurity
01:27 Meet John Hammond
01:57 Security Researcher Life
04:43 OffSec Certs Explained
06:55 From CTF to Research
08:47 Storytelling in Cyber
12:10 Turning Attacks to Defense
15:19 Getting Hired as Researcher
16:48 Portfolio and Honeypots
19:05 Make the Video Anyway
21:40 Alternate Data Streams Nerdout
23:36 CTFs Then and Now
24:28 Life Shifts Priorities
25:44 Beyond CTFs Next Trend
26:52 Deception Meets Detection
28:48 Honeypots and Program Maturity
31:13 Malware Reversing Boss Fights
35:09 Blue Team Advice Document Everything
37:51 Where to Find John and Training
38:49 Wrap Up and Farewell
In this Simply Defensive episode, hosts Josh Mason and Wade Wells interview John Hammond, a Huntress security researcher, YouTuber, and educator, about his career path and defensive research. Hammond explains he has never worked as a penetration tester, SOC analyst, or detection engineer, instead “falling into” security research through hands-on Capture the Flag work and building cyber threat emulation course content, earning Offensive Security’s OSCE3 bundle recognition. He discusses why storytelling and communication are critical for translating attacker tradecraft into actionable defenses, emphasizing understanding the attack chain to identify places to break it. He recommends building a public portfolio of write-ups and notes, and says multiple creators covering the same topic can still provide value through different explanations. The conversation also highlights endpoint deception and honeypots, challenges of reversing compiled binaries versus script-based malware, and his advice to document thoroughly in shared organizational knowledge bases.
00:00 S6E2: John Hammond on Security Research, Storytelling, Deception, and Getting Hired in Cybersecurity
01:27 Meet John Hammond
01:57 Security Researcher Life
04:43 OffSec Certs Explained
06:55 From CTF to Research
08:47 Storytelling in Cyber
12:10 Turning Attacks to Defense
15:19 Getting Hired as Researcher
16:48 Portfolio and Honeypots
19:05 Make the Video Anyway
21:40 Alternate Data Streams Nerdout
23:36 CTFs Then and Now
24:28 Life Shifts Priorities
25:44 Beyond CTFs Next Trend
26:52 Deception Meets Detection
28:48 Honeypots and Program Maturity
31:13 Malware Reversing Boss Fights
35:09 Blue Team Advice Document Everything
37:51 Where to Find John and Training
38:49 Wrap Up and Farewell
