To The Point - Cybersecurity

Episode: Coaching the US Cyber Team: Building Cybersecurity Talent, Hands-On Forensics, and Global Competition Insights with Dr. Josh Brunty (Part 2)

Date: October 28, 2025
Host: Rachael Lyon
Co-host: Jonathan Knepher
Guest: Dr. Josh Brunty (Professor of Cyber Forensics and Cybersecurity, Head Coach of the US Cyber Team)

Episode Overview

This episode continues the conversation with Dr. Josh Brunty, focusing on the increasing importance of digital forensics in incident response, strategies for building the next generation of cybersecurity talent, real-world lessons from global incidents, and insights from coaching the US Cyber Team. The discussion highlights practical forensic strategies, gaps in cybersecurity education, the value of hands-on experience, industry engagement, and the promise of young talent for the future of cyber defense.

Key Discussion Points & Insights

1. The Evolving Role of Digital Forensics in Incident Response

Growth and Scope (01:28–04:00):
Dr. Brunty reflects on how digital forensics has expanded from a primarily law enforcement function to a broader discipline essential across industries. He emphasizes that modern digital forensics now always includes incident response components, referring to the combined field as DFIR (Digital Forensics and Incident Response).
- Quote:
  
  "Incident response is essentially a big component of forensics... We're kind of like the fire marshals after a fire has happened." (02:10, Dr. Josh Brunty)
From Reactive to Proactive (04:54–08:42):
Using the recent F5 breach as an example, Dr. Brunty outlines the need for a mature incident response playbook and continual threat hunting, beyond solely relying on automated tools.
- Quote:
  
  “A lot of companies... plug these blinky light boxes in and they think... they're going to block all threats and we're good to go. Well, F5 is a prime example that that doesn't happen.” (06:17, Dr. Josh Brunty)
- He stresses that effective security teams need human threat hunters, proactive investigations, and information sharing to harden defenses for the future.

2. Lessons from Real-World Breaches

F5 Breach Case Study (04:46–09:57):
- Dr. Brunty discusses lessons from a long-standing compromise in F5’s network, drawing parallels to APT (Advanced Persistent Threat) campaigns and using fire analogies to explain the need for early detection and rapid response.
- The importance of not assigning blame after breaches but rather focusing on recovery and learning is highlighted.
- Quote:
  
  “If a house catches on fire, there could be a number of different factors that cause that... not necessarily blame on a person. That happens in cyber as well.” (11:12, Dr. Josh Brunty)
Culture of Recovery vs. Blame (09:57–13:56):
- The cybersecurity community is moving away from public shaming toward a recovery-first mindset, focusing on patching and collective resilience.
- Quote:
  
  “The best teams and CISOs out there are the ones you never read about." (12:44, Dr. Josh Brunty)

3. Gaps and Opportunities in Cybersecurity Education

Challenges in Academia (14:10–18:10):
- Dr. Brunty explains the gaps in academic preparation, partially due to legacy skill sets among faculty and rapidly evolving curriculums.
- The need for integrating hands-on, practical skills with theoretical knowledge is key to producing job-ready graduates.
- Quote:
  
  “The balance for us in academia is finding that hands-on skill coupled with that theoretical skill.” (16:50, Dr. Josh Brunty)
Start Earlier: K12 Engagement (18:10–19:00):
- Dr. Brunty advocates starting cybersecurity and foundational mathematics education earlier, especially in high school.
- Stresses that progress in K12 education is essential, but must be supported with curriculum and teacher assistance.
Role of Industry and Government (19:00–21:23):
- Industry engagement is crucial – not just from Fortune 10, but across the Fortune 500 – in supporting educational initiatives, mentorship, and hands-on experience (e.g. NSA’s GenCyber camps).
- Quote:
  
  “For every dollar... you spend towards like a competitive college team or high school... you’re going to have grassroots efforts to produce the employees that you’re wanting.” (20:06, Dr. Josh Brunty)

4. Building the Cybersecurity Workforce Pipeline

Internships, Co-ops, and University Programs (22:00–23:38):
- Early student involvement in real-world security operations (e.g. via Microsoft, Google, Intuit fellowships) benefits both the students and the companies hiring them.
- Modern business and tech education should integrate cybersecurity to keep up with new board-level responsibilities.
Talent Development and Global Competition (24:00–27:14):
- Dr. Brunty describes the immense potential seen in the US Cyber Team, including high school students, proprietary tools developed in-house for competitions, and the benefits of team-based problem-solving.
- Quote:
  
  “If I could just start a company with all of this talent... and here is the best talent that this country has to offer. Man, how awesome would that be...” (24:00, Dr. Josh Brunty)
Early and Diverse Talent (27:14–28:36):
- Highlight on a 17-year-old team member illustrating the importance of supporting and nurturing young raw talent with both technical and soft skills.
- Quote:
  
  “You want to start pairing up this raw, technical talent that still needs to learn how to... talk to a boardroom, how these boardrooms react and teach them those soft skills and give them mentorship throughout that process.” (27:41, Dr. Josh Brunty)

5. Future Outlook & Encouragement

Optimism for the Industry (29:06–29:56):
- Dr. Brunty is hopeful about the future, citing motivated young talent and the ongoing evolution of education and industry engagement.
- Quote:
  
  “The future is bright for us, I think... Post-quantum, all the encryption’s gonna be broken. We have some young talent coming in through the door that... wants to really... be valuable to society.” (29:06, Dr. Josh Brunty)
Team USA’s International Aspirations (30:07–30:37):
- Anticipation and pride for Team USA preparing for Tokyo, emphasizing hard work, dedication, and hopes for a winning performance.

Notable Quotes & Memorable Moments

“We’re kind of like the fire marshals, if I call it that, after a fire has happened, to go in and investigate that and say, okay, well, this is the cause of the fire. Right?”
— Dr. Josh Brunty, 02:10
“A lot of companies, you know, they plug these blinky light boxes in, and they think... they're going to find all threats... F5 is a prime example that that doesn't happen.”
— Dr. Josh Brunty, 06:17
“If a house catches on fire, there could be a number of different factors that cause that house to catch on fire that you can't necessarily blame on a person. So with that understanding, that happens in cyber as well.”
— Dr. Josh Brunty, 11:12
“The best teams and CISOs out there are the ones you never read about.”
— Dr. Josh Brunty, 12:44
“The balance for us in academia is finding that hands-on skill coupled with that theoretical skill.”
— Dr. Josh Brunty, 16:50
“For every dollar... you spend towards like a competitive college team or high school, to get these initiatives off the ground, you're going to have grassroots efforts to produce the employees that you're wanting.”
— Dr. Josh Brunty, 20:06
“If I could just start a company with all of this talent and just reach out to them... how awesome would that be...”
— Dr. Josh Brunty, 24:00
“You want to start pairing up this raw, technical talent... teach them those soft skills and give them mentorship throughout that process.”
— Dr. Josh Brunty, 27:41

Timestamps for Important Segments

01:28 — Rise of digital forensics and incident response (DFIR)
04:46 — Forensic response to F5 breach: playbooks, threat hunting, proactive defense
09:57 — Avoiding blame culture; learning from incidents collectively
12:44 — The anonymous success of great security teams
14:30 — Cybersecurity education gaps; academic challenges
18:10 — Necessity of K12 involvement in cybersecurity fundamentals
20:06 — Industry investment in education and workforce pipeline
22:00 — Value of real-world engagement, internships, and modernizing business curricula
24:00 — Insights from global cyber competitions, team-building, and tooling
27:14 — Nurturing young talent and soft skills
29:06 — Optimism about the future and the role of new generations
30:07 — Team USA aspirations for international competitions

Conclusion

This episode provides a comprehensive look at the interplay between forensics and incident response, underscores the urgent need to address gaps in cybersecurity education, and celebrates the talent pipeline developing through academic, industry, and global competition. Dr. Brunty’s candid, analogy-rich insights offer valuable lessons for practitioners, educators, and business leaders alike—all centered on the importance of proactive defense, community learning, and equipping the next generation of cyber defenders.

To The Point - Cybersecurity

Episode: Coaching the US Cyber Team: Building Cybersecurity Talent, Hands-On Forensics, and Global Competition Insights with Dr. Josh Brunty (Part 2)

Date: October 28, 2025
Host: Rachael Lyon
Co-host: Jonathan Knepher
Guest: Dr. Josh Brunty (Professor of Cyber Forensics and Cybersecurity, Head Coach of the US Cyber Team)

Episode Overview

Key Discussion Points & Insights

1. The Evolving Role of Digital Forensics in Incident Response

Growth and Scope (01:28–04:00):
Dr. Brunty reflects on how digital forensics has expanded from a primarily law enforcement function to a broader discipline essential across industries. He emphasizes that modern digital forensics now always includes incident response components, referring to the combined field as DFIR (Digital Forensics and Incident Response).
- Quote:
  
  "Incident response is essentially a big component of forensics... We're kind of like the fire marshals after a fire has happened." (02:10, Dr. Josh Brunty)
From Reactive to Proactive (04:54–08:42):
Using the recent F5 breach as an example, Dr. Brunty outlines the need for a mature incident response playbook and continual threat hunting, beyond solely relying on automated tools.
- Quote:
  
  “A lot of companies... plug these blinky light boxes in and they think... they're going to block all threats and we're good to go. Well, F5 is a prime example that that doesn't happen.” (06:17, Dr. Josh Brunty)
- He stresses that effective security teams need human threat hunters, proactive investigations, and information sharing to harden defenses for the future.

2. Lessons from Real-World Breaches

F5 Breach Case Study (04:46–09:57):
- Dr. Brunty discusses lessons from a long-standing compromise in F5’s network, drawing parallels to APT (Advanced Persistent Threat) campaigns and using fire analogies to explain the need for early detection and rapid response.
- The importance of not assigning blame after breaches but rather focusing on recovery and learning is highlighted.
- Quote:
  
  “If a house catches on fire, there could be a number of different factors that cause that... not necessarily blame on a person. That happens in cyber as well.” (11:12, Dr. Josh Brunty)
Culture of Recovery vs. Blame (09:57–13:56):
- The cybersecurity community is moving away from public shaming toward a recovery-first mindset, focusing on patching and collective resilience.
- Quote:
  
  “The best teams and CISOs out there are the ones you never read about." (12:44, Dr. Josh Brunty)

3. Gaps and Opportunities in Cybersecurity Education

Challenges in Academia (14:10–18:10):
- Dr. Brunty explains the gaps in academic preparation, partially due to legacy skill sets among faculty and rapidly evolving curriculums.
- The need for integrating hands-on, practical skills with theoretical knowledge is key to producing job-ready graduates.
- Quote:
  
  “The balance for us in academia is finding that hands-on skill coupled with that theoretical skill.” (16:50, Dr. Josh Brunty)
Start Earlier: K12 Engagement (18:10–19:00):
- Dr. Brunty advocates starting cybersecurity and foundational mathematics education earlier, especially in high school.
- Stresses that progress in K12 education is essential, but must be supported with curriculum and teacher assistance.
Role of Industry and Government (19:00–21:23):
- Industry engagement is crucial – not just from Fortune 10, but across the Fortune 500 – in supporting educational initiatives, mentorship, and hands-on experience (e.g. NSA’s GenCyber camps).
- Quote:
  
  “For every dollar... you spend towards like a competitive college team or high school... you’re going to have grassroots efforts to produce the employees that you’re wanting.” (20:06, Dr. Josh Brunty)

4. Building the Cybersecurity Workforce Pipeline

Internships, Co-ops, and University Programs (22:00–23:38):
- Early student involvement in real-world security operations (e.g. via Microsoft, Google, Intuit fellowships) benefits both the students and the companies hiring them.
- Modern business and tech education should integrate cybersecurity to keep up with new board-level responsibilities.
Talent Development and Global Competition (24:00–27:14):
- Dr. Brunty describes the immense potential seen in the US Cyber Team, including high school students, proprietary tools developed in-house for competitions, and the benefits of team-based problem-solving.
- Quote:
  
  “If I could just start a company with all of this talent... and here is the best talent that this country has to offer. Man, how awesome would that be...” (24:00, Dr. Josh Brunty)
Early and Diverse Talent (27:14–28:36):
- Highlight on a 17-year-old team member illustrating the importance of supporting and nurturing young raw talent with both technical and soft skills.
- Quote:
  
  “You want to start pairing up this raw, technical talent that still needs to learn how to... talk to a boardroom, how these boardrooms react and teach them those soft skills and give them mentorship throughout that process.” (27:41, Dr. Josh Brunty)

5. Future Outlook & Encouragement

Optimism for the Industry (29:06–29:56):
- Dr. Brunty is hopeful about the future, citing motivated young talent and the ongoing evolution of education and industry engagement.
- Quote:
  
  “The future is bright for us, I think... Post-quantum, all the encryption’s gonna be broken. We have some young talent coming in through the door that... wants to really... be valuable to society.” (29:06, Dr. Josh Brunty)
Team USA’s International Aspirations (30:07–30:37):
- Anticipation and pride for Team USA preparing for Tokyo, emphasizing hard work, dedication, and hopes for a winning performance.

Notable Quotes & Memorable Moments

“We’re kind of like the fire marshals, if I call it that, after a fire has happened, to go in and investigate that and say, okay, well, this is the cause of the fire. Right?”
— Dr. Josh Brunty, 02:10
“A lot of companies, you know, they plug these blinky light boxes in, and they think... they're going to find all threats... F5 is a prime example that that doesn't happen.”
— Dr. Josh Brunty, 06:17
“If a house catches on fire, there could be a number of different factors that cause that house to catch on fire that you can't necessarily blame on a person. So with that understanding, that happens in cyber as well.”
— Dr. Josh Brunty, 11:12
“The best teams and CISOs out there are the ones you never read about.”
— Dr. Josh Brunty, 12:44
“The balance for us in academia is finding that hands-on skill coupled with that theoretical skill.”
— Dr. Josh Brunty, 16:50
“For every dollar... you spend towards like a competitive college team or high school, to get these initiatives off the ground, you're going to have grassroots efforts to produce the employees that you're wanting.”
— Dr. Josh Brunty, 20:06
“If I could just start a company with all of this talent and just reach out to them... how awesome would that be...”
— Dr. Josh Brunty, 24:00
“You want to start pairing up this raw, technical talent... teach them those soft skills and give them mentorship throughout that process.”
— Dr. Josh Brunty, 27:41

Timestamps for Important Segments

01:28 — Rise of digital forensics and incident response (DFIR)
04:46 — Forensic response to F5 breach: playbooks, threat hunting, proactive defense
09:57 — Avoiding blame culture; learning from incidents collectively
12:44 — The anonymous success of great security teams
14:30 — Cybersecurity education gaps; academic challenges
18:10 — Necessity of K12 involvement in cybersecurity fundamentals
20:06 — Industry investment in education and workforce pipeline
22:00 — Value of real-world engagement, internships, and modernizing business curricula
24:00 — Insights from global cyber competitions, team-building, and tooling
27:14 — Nurturing young talent and soft skills
29:06 — Optimism about the future and the role of new generations
30:07 — Team USA aspirations for international competitions

wavePod

Coaching the US Cyber Team: Building Cybersecurity Talent, Hands-On Forensics, and Global Competition Insights with Dr. Josh Brunty Part 2

Powered by Wave AI

Summary

To The Point - Cybersecurity

Episode: Coaching the US Cyber Team: Building Cybersecurity Talent, Hands-On Forensics, and Global Competition Insights with Dr. Josh Brunty (Part 2)

Episode Overview

Key Discussion Points & Insights

1. The Evolving Role of Digital Forensics in Incident Response

2. Lessons from Real-World Breaches

3. Gaps and Opportunities in Cybersecurity Education

4. Building the Cybersecurity Workforce Pipeline

5. Future Outlook & Encouragement

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Conclusion

Summary

To The Point - Cybersecurity

Episode: Coaching the US Cyber Team: Building Cybersecurity Talent, Hands-On Forensics, and Global Competition Insights with Dr. Josh Brunty (Part 2)

Episode Overview

Key Discussion Points & Insights

1. The Evolving Role of Digital Forensics in Incident Response

2. Lessons from Real-World Breaches

3. Gaps and Opportunities in Cybersecurity Education

4. Building the Cybersecurity Workforce Pipeline

5. Future Outlook & Encouragement

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Conclusion