S6:E3 - Tom Dejong - Inside the BHIS SOC: Triage, Curiosity, and Career Growth
Download MP3Episode Show Notes
S6:E3 - Tom Dejong - Inside the BHIS SOC: Triage, Curiosity, and Career Growth
Episode Summary
In this episode of Simply Defensive, hosts Josh Mason and Wade Wells sit down with Tom Dejong, Triage Lead at Black Hills Information Security (BHIS). Tom shares his unconventional path into cybersecurity — from a South Dakota apprenticeship scholarship to becoming one of the most detail-oriented analysts in the BHIS SOC. The conversation covers the realities of SOC triage, the importance of detailed documentation, mentoring new analysts, and how AI is reshaping (but not replacing) blue team work.
Whether you're an aspiring SOC analyst, a seasoned defender, or someone curious about how to build a career in cyber without a traditional path, Tom's story and practical advice will resonate.
What You'll Learn
- How the Build Dakota Scholarship led Tom from apprenticeship to a cybersecurity career
- What it's really like working triage at the BHIS SOC
- Why detailed ticket notes are a force multiplier for SOC teams
- The hypothesis-driven approach to alert investigation
- How to pivot off IPs, hashes, process names, and file paths
- Why curiosity is the #1 skill for SOC analysts
- How AI is being used in modern SOCs (and why it's not taking your job)
- The challenge of building SOC training and webcasts
- Advice for handling mistakes and learning from them
Episode Highlights
Tom's Journey Into Cyber From discovering Darknet Diaries and hearing John Strand mention Spearfish, South Dakota — the same town Tom was living in — to landing his first day at Wild West Hacking Fest 2022 as a BHIS intern.
The Triage Mindset Tom walks through his approach to investigating alerts: starting with detection logic, checking for prior tickets, and breaking down each piece of evidence in writing to make the logic click.
Documentation as a Superpower Why Tom believes detailed notes aren't just nice-to-have — they're essential for the next analyst down the line and for his own thought process.
AI in the SOC Tom's honest take on using AI for investigations, polishing client communications, and writing detection logic — plus why he's not worried about it taking his job.
Advice for Blue Teamers You're going to make mistakes. Use them as learning experiences. Lean on your teammates. Stay curious.
Timestamps
- 00:00 Intro and Welcome
- 01:00 Tom's Role at the BHIS SOC
- 01:30 From Apprenticeship to Cybersecurity: The Build Dakota Story
- 03:00 Discovering BHIS Through Darknet Diaries
- 04:00 Wild West Hacking Fest as Day One
- 04:30 Behind the Scenes of a SOC Webcast
- 06:30 The Art of Alert Triage and Pivoting
- 08:30 Building Conference Talks and Training Content
- 10:30 Where Tom Sees His Career Going
- 11:30 Why Curiosity Is the #1 SOC Skill
- 12:30 Favorite Alert Types to Work
- 14:00 Round Robin vs. Self-Assigned Tickets
- 15:00 Note-Taking and Documentation Best Practices
- 19:00 Building a Hypothesis When an Alert Comes In
- 20:30 AI in the SOC: Hype, Reality, and Use Cases
- 24:00 Will AI Replace SOC Analysts?
- 26:00 Training Resources for New Analysts
- 28:00 Advice for Aspiring Blue Teamers
- 29:30 Closing Thoughts
Resources Mentioned
- Black Hills Information Security: https://www.blackhillsinfosec.com/
- Antisyphon Training: https://www.antisyphontraining.com/
- Build Dakota Scholarship: https://www.builddakotascholarships.com/
- Darknet Diaries Podcast: https://darknetdiaries.com/
- Wild West Hacking Fest: https://wildwesthackinfest.com/
Connect with Tom
- LinkedIn: Tom Dejong at Black Hills Information Security
- BHIS Webcasts & Workshops: Available through Black Hills Information Security
Connect with Your Hosts
- Josh Mason: https://www.linkedin.com/in/joshuacmason/
- Wade Wells: https://www.linkedin.com/in/wadingthrulogs/
