In this episode of Simply Defensive, Josh Mason and Wade Wells sit down with Markus Schober, founder of Blue Cape Security, to talk all things digital forensics, incident response (DFIR), and why hands-on training beats theory every time.

We dig into:
🔹 The hidden value of building your own cyber range
🔹 How IR pros train using real attacks (and why they need red team skills)
🔹 Eric Zimmerman's forensics tools and practical lab setups
🔹 Ransomware war stories from Fortune 100 response
🔹 The role (and limitations) of AI in forensics
🔹 How to break into DFIR as a practitioner — not just a paper tiger

Whether you’re building detections, teaching DFIR, or just figuring out where to start, this one’s for you.

👇 Timestamps https://www.bluecapesecurity.com/& Resources
0:00 Intro & ThreatLocker sponsorship
2:00 Markus' journey from responder to trainer
5:00 What makes a good DFIR workshop?
7:00 Building a cyber range that doesn’t suck
10:00 Favorite open-source tools (hint: Zimmerman)
14:00 Consulting vs. in-house IR
19:00 APT10, ransomware, and real-world incidents
24:00 Can AI replace forensic analysts?
27:00 Where to find Markus' courses
29:00 Parting wisdom for aspiring defenders

📚 Check out Blue Cape Security:
→ https://www.bluecapesecurity.com/
→ Hands-on IR & Forensics Labs
→ Certification (coming soon!)

🔗 Follow the hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason/
Wade Wells: https://www.linkedin.com/in/wadingthrulogs/

💡 Brought to you by ThreatLocker – Secure your business with zero trust application control.