S6E2: John Hammond on Security Research, Storytelling, Deception, and Getting Hired in Cybersecurity

John Hammond on Security Research, Storytelling, and Deception for DefendersIn this Simply Defensive episode, hosts Josh Mason and Wade Wells interview John Hammond, a Huntress security researcher, YouTuber, and educator, about his career path and defensive research. Hammond explains he has never worked as a penetration tester, SOC analyst, or detection engineer, instead “falling into” security research through hands-on Capture the Flag work and building cyber threat emulation course content, earning Offensive Security’s OSCE3 bundle recognition. He discusses why storytelling and communication are critical for translating attacker tradecraft into actionable defenses, emphasizing understanding the attack chain to identify places to break it. He recommends building a public portfolio of write-ups and notes, and says multiple creators covering the same topic can still provide value through different explanations. The conversation also highlights endpoint deception and honeypots, challenges of reversing compiled binaries versus script-based malware, and his advice to document thoroughly in shared organizational knowledge bases.00:00 S6E2: John Hammond on Security Research, Storytelling, Deception, and Getting Hired in Cybersecurity01:27 Meet John Hammond01:57 Security Researcher Life04:43 OffSec Certs Explained06:55 From CTF to Research08:47 Storytelling in Cyber12:10 Turning Attacks to Defense15:19 Getting Hired as Researcher16:48 Portfolio and Honeypots19:05 Make the Video Anyway21:40 Alternate Data Streams Nerdout23:36 CTFs Then and Now24:28 Life Shifts Priorities25:44 Beyond CTFs Next Trend26:52 Deception Meets Detection28:48 Honeypots and Program Maturity31:13 Malware Reversing Boss Fights35:09 Blue Team Advice Document Everything37:51 Where to Find John and Training38:49 Wrap Up and Farewell