Episode 2: THOR: Love and Thrunder Artwork

The Job Security Cybersecurity Podcast

The Job Security Cybersecurity Podcast, brought to you by Expel Security, explores the unique perspectives and stories of the people who make the cybersecurity industry what it is—whether they realize it or not. Hosts Dave Johnson and Tyler Zito recognize that we're living in an enlightenment period of cybersecurity, where the industry has stabilized with established education systems, compliance frameworks, and documented methodologies. But it took a lot to get here.

This podcast looks inward at our community and culture, sharing the stories of how we built this industry through DIY traditions, mythologies, and countless people figuring it out as they went. We explore not just the technical aspects of security, but the human elements—from current students and interns to seasoned professionals, and even those outside cybersecurity who offer valuable perspectives on risk, strategy, and innovation.

Expect conversations about where we've been, where we are now, and where we're headed next. We'll talk to adjunct professors, threat hunters, entertainers at hacker conventions, and professionals from adjacent industries who can teach us something new. This isn't another podcast about threats and threat actors—it's about the people doing the work and the lessons we can learn by looking in slightly different directions.

Join us for a mix of education, entertainment, and optimism as we celebrate how far cybersecurity has come while inspiring curiosity and innovation for the future. Whether you're taking a lunch break or winding down after incident response, we're here to help you relax with good stories and interesting discoveries.

All Episodes

The Job Security Cybersecurity Podcast

Episode 2: THOR: Love and Thrunder

October 16, 2025 • Expel MDR • Season 1 • Episode 2

Host Dave Johnson and co-host Tyler Zito sit down with Sydney Marrone and Lauren Proehl, co-founders of the THOR Collective, to explore the evolving world of threat hunting. This conversation covers the fundamentals of building a threat hunting program, how AI is transforming both offensive and defensive security, and the importance of community collaboration in advancing the practice of "thrunting."

Key topics & timestamps

What is the THOR Collective? (5:27 - 9:29)

Evolution of threat hunting (9:38 - 11:55)

Early days: Hypothesis-driven, minimal scope, "running queries and hoping for the best"
Today: Machine learning, advanced statistics, AI integration
Expanding beyond internal networks to cyber threat intelligence

AI's impact on threat hunting (12:07 - 15:44)

Threat side: Perfect phishing emails, AI-generated malware, reduced red flags
Defense side: Lower barrier to entry, query translation, threat intel summarization
Lauren: "Certified AI hater" but acknowledges augmentation potential
Sydney: Amazed by AI capabilities but warns against over-reliance

How to start a threat hunting program (15:44 - 21:15)

Start small, don't overcomplicate
Adopt a framework (PEAK, SQRRL, Tahiti, or custom)
Ensure the basics: Automate IOCs, focus on top of pyramid of pain
Critical requirement: Dedicated time (not "downtime hunting")
Essential tools + use what you have

Proving value and storytelling (24:05 - 28:14)

Every hunt should have an output—you can't fail at threat hunting
Findings include misconfigurations, missing logs, undocumented processes
Turn yourself into a marketer for your program
Use metrics, readouts, presentations tailored to executive preferences
Hunt relevancy factors: Focus on what matters to YOUR organization

Documentation and process (31:33 - 36:14)

Tyler's mountain rescue analogy: Document everything, even "negative" findings
Create maps of searched areas and techniques used
If it's not documented, it didn't happen
Another hunter should be able to replicate your work entirely
Baseline and map to frameworks like MITRE ATT&CK

Key quotes

"If you ask three people what threat hunting is, you'll get three different answers." - Dave Johnson

"The barrier to entry [to threat hunting] is going to be a lot lower, which is great, as long as people aren't relying on [AI] way too much." - Sydney Marrone

"Every single hunt should have an output... It's very hard to fail at threat hunting—you always find something." - Lauren Proehl

"If it isn't documented, it didn't happen." - Lauren Proehl

"The only way we win this is doing this together." - Lauren Proehl

Helpful links

THOR Collective
The Threat Hunters Cookbook by Sydney Marrone
Blue Team Village at DEF CON

Production Credits

Co-hosts: Dave Johnson and Tyler Zito
Producer: Ben Baker
Sponsor: Expel MDR

Connect

Follow Expel (follow us on LinkedIn, X, and YouTube)
Rate and review on your favorite podcast platform

The Job Security Podcast explores the unique perspectives and stories of the people who make the cybersecurity industry what it is, whether they realize it or not.