Andrew Kirch on Hacker Mindset, Insider Threats, and AI’s Impact on Cybersecurity

In this Cyber Security Recruiter podcast episode, Thomas chats with Andrew Kirch, Director of Technical Operations at Stoic Cybersecurity, who describes his wide-ranging background across IT, red and blue team work, tabletop exercises, and early experience running a major DNS blacklist that helped him understand how attackers think.

Andrew argues hacker mindset is learnable through experience, stresses reputational and insider threats, and explains prioritizing vulnerabilities based on real exploitability. He shares stories involving Anonymous, Occupy Wall Street amplification, and law-enforcement work culminating in Operation Cyber Slam. The discussion covers increasing criminal organization, AI-driven risks (voice cloning, fake candidates, faster exploit development, and corporate secrets leaking via public AI), the need for continuous learning, and sources he follows such as YouTube, Ground News, CISA updates, and The Register.

00:00 Podcast Welcome

00:55 Andrew’s Background

04:55 Hacker Mindset Tips

06:51 Prioritizing Real Threats

08:56 Anonymous Storytime

12:00 Operation Cyber Slam

15:24 Cybercrime As Business

17:25 How To Level Up

21:01 AI And IP Risks

24:04 Generalist Security Skills

24:41 AI Voice Fraud Threat

26:17 Fake Candidates Remote Hiring

27:39 AI Widens Attack Surface

29:28 Breach Costs and Insurance

31:01 Writing Reports With AI

34:10 Tone and Social Engineering

36:10 Cyber News Sources

39:22 Geopolitics and Ransomware

41:18 Utilities and SCADA Risks

42:53 Zero Trust and Passkeys

45:32 AI for SOC Defense

47:25 Wrap Up and Farewell