What makes a strong security team? With Andrew Cook from Recon InfoSec / Defender Fridays [#305]

Mar 27, 2026

Andrew Cook, CTO of Recon InfoSec and former Air Force officer, champions builders who create tooling and automation. He recounts inventing early defensive cyber systems, explains hiring and managing engineers-as-builders, and describes building a capability-driven SOC. Practical tips include scripting, home labs, and designing orgs and incentives that let builders thrive.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ANECDOTE

Praetorian Hired Engineers Not Ticket Takers

At Praetorian Andrew saw a hiring philosophy favoring engineers as builders rather than ticket-driven analysts.
Nathan Sportsman framed pen-testers as engineers, cementing Andrew's belief that "you can never go wrong hiring builders."

INSIGHT

Builders Turn One-Off Work Into Machines

Builders approach problems by asking if something should be a one-off or turned into a reusable machine.
That mindset converts repetitive tasks into automated capabilities that scale when multiple builders collaborate.

ADVICE

Practice Building Even For Quick Tasks

Work the "building muscle" by practicing automation even when quick manual fixes exist.
Andrew recommends experimenting now with AI, cloud code and small automations because they're faster and strengthen future build speed.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

This week on Defender Friday we are joined by Andrew Cook, CTO of Recon InfoSec, to talk about what it means to build a strong security team and why hiring builders is always a good bet.

As the CTO of Recon InfoSec, a leading provider of managed security operations, Andrew oversees the technical vision, strategy, and execution of their services and solutions. He has more than a decade of experience in threat hunting, digital forensics, network defense, and capability development.

Andrew's mission is to provide customers with the expertise they need to confidently and effectively respond to incidents, protect their organizations, and enhance their resilience. He has a proven track record of delivering high-quality results, leading and mentoring teams, and collaborating with partners across the industry and the government. Andrew is also a former Air Force officer, with national-level contributions and a passion for technical leadership.

Learn more at reconinfosec.com

Join us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience.

Subscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes!