The Cybersecurity Defenders Podcast·Jun 12, 2026·32m·Episode #330

AI-assisted SOC training with Carlo Anez / Defender Fridays [#330]

Download audio Show notes Apple Podcasts

Show notes

At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

What We'll Discuss

In this episode, Carlo Anez draws on years of SOC operations, detection engineering, and cybersecurity instruction to make the case for hands-on, open-source training as the foundation for developing confident, capable defenders.

Key Topics:

Why cybersecurity training must move beyond passive learning and into real defender workflows
How the OpenSOC initiative uses open-source tools like Wazuh, MISP, The Hive, and TimeSketch to simulate a small-scale fusion center environment
How open-source stacks build transferable skills that translate to enterprise platforms like Splunk and LimaCharlie
Where AI fits in the SOC: summarizing noisy alerts, mapping activity to MITRE ATT&CK, drafting investigation questions, and improving report clarity
Why AI literacy means knowing how to validate AI output against evidence, not just knowing how to write prompts
Why the analyst owns the evidence, the decision, and the communication
How the DEF CON boot camp and online pilot program structure five days of scenario-based training around a final analyst report and CTF capstone

About Our Guest

Carlo Anez is the Founder and Lead Instructor at IgniteCyber Academy and a DEFCON Training Instructor. He spent five years at Rapid7 doing detection engineering, threat hunting, and DFIR workflows, and has supported SOC operations, government contractors, and projects with DARPA, the US Army, and the US Navy. He currently creates SOC-focused content with TCM Security and leads Blue Team Village at DEF CON, where he also presents and trains annually.

Join us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you, our audience.

Subscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes on our website!

Sponsored by LimaCharlie

This episode is brought to you by LimaCharlie, the Agentic SecOps Workspace (ASW), where AI agents operate security infrastructure using the same controls and authority as human analysts, with every action visible, governed, and auditable.

Why LimaCharlie?

Eliminate vendor sprawl and tool complexity
Deploy and scale effortlessly on native multi-tenant architecture
Reduce costs with intelligent data routing and free 1-year retention
Build custom solutions with 100+ security capabilities on-demand
Accelerate response with agentic AI that acts directly within predefined workflows

Try the Agentic SecOps Workspace free: https://limacharlie.io

Learn more: https://docs.limacharlie.io

Follow LimaCharlie

LinkedIn: / limacharlieio

X: https://x.com/limacharlieio

Community Discourse: https://community.limacharlie.com/

Host: Maxime Lamothe-Brassard - Founder at LimaCharlie

Guest: Carlo Anez - Founder & Lead Instructor at IgniteCyber Academy

← Previous

Building practical blue team skills using AI-assisted SOC training with Bobby Ford/ Defender Fridays [#329]

Join us for this week's Defender Fridays as Carlo Anez, Founder and Lead Instructor at IgniteCyber Academy and DEFCON Training Instructor, breaks down how to build practical blue team skills using open-source labs, MITRE ATTACK, and real-world defender workflows, and where AI fits into the picture without replacing the analyst. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands. What We'll Discuss In this episode, Carlo Anez draws on years of SOC operations, detection engineering, and cybersecurity instruction to make the case for hands-on, open-source training as the foundation for developing confident, capable defenders. Key Topics: Why cybersecurity training must move beyond passive learning and into real defender workflows How the OpenSOC initiative uses open-source tools like Wazuh, MISP, The Hive, and TimeSketch to simulate a small-scale fusion center environment How open-source stacks build transferable skills that translate to enterprise platforms like Splunk and LimaCharlie Where AI fits in the SOC: summarizing noisy alerts, mapping activity to MITRE ATT&CK, drafting investigation questions, and improving report clarity Why AI literacy means knowing how to validate AI output against evidence, not just knowing how to write prompts Why the analyst owns the evidence, the decision, and the communication How the DEF CON boot camp and online pilot program structure five days of scenario-based training around a final analyst report and CTF capstone About Our Guest Carlo Anez is the Founder and Lead Instructor at IgniteCyber Academy and a DEFCON Training Instructor. He spent five years at Rapid7 doing detection engineering, threat hunting, and DFIR workflows, and has supported SOC operations, government contractors, and projects with DARPA, the US Army, and the US Navy. He currently creates SOC-focused content with TCM Security and leads Blue Team Village at DEF CON, where he also presents and trains annually. Register for Live Sessions Join us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you, our audience. Register here: https://limacharlie.io/defender-fridays Subscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes on our website! Sponsored by LimaCharlie This episode is brought to you by LimaCharlie, the Agentic SecOps Workspace (ASW), where AI agents operate security infrastructure using the same controls and authority as human analysts, with every action visible, governed, and auditable. Why LimaCharlie? Eliminate vendor sprawl and tool complexity Deploy and scale effortlessly on native multi-tenant architecture Reduce costs with intelligent data routing and free 1-year retention Build custom solutions with 100+ security capabilities on-demand Accelerate response with agentic AI that acts directly within predefined workflows Try the Agentic SecOps Workspace free: https://limacharlie.io Learn more: https://docs.limacharlie.io Follow LimaCharlie Sign up for free: https://limacharlie.io LinkedIn: / limacharlieio X: https://x.com/limacharlieio Community Discourse: https://community.limacharlie.com/ Host: Maxime Lamothe-Brassard - Founder at LimaCharlie Guest: Carlo Anez - Founder & Lead Instructor at IgniteCyber Academy