Predefender

Explore

About

Roger

Roger Johnsen

I work as a Lead Security Architect with a strong focus on security operations, threat hunting, threat-informed defense, detection engineering, and practical blue team capability building.

My background sits somewhere between security operations, software development, analyst enablement, and hands-on investigation work. I have worked as a SOC analyst, threat hunter, penetration tester, developer, consultant, trainer, and security leader. That mix has shaped how I think about security: good security work needs structure, technical depth, operational realism, and people who understand why they are doing what they are doing.

This site is part notebook, part field manual, and part attempt to explain how I think about threat hunting and defensive security. The goal is not to make threat hunting sound mysterious. The goal is to make it practical.

I have also spent a fair amount of time in Capture The Flag environments such as the SANS Holiday Hack Challenge and Hack The Box. In the SANS Holiday Hack Challenge 2021 edition, I was runner-up for best “Technical Answer” and received a challenge coin for the write-up.

Career highlights

I started out with electronics, electrical engineering, programming, Linux, FreeBSD, and open source. I have been involved with open-source systems since the late 1990s and started my professional career in 2005.

Over time, my work moved from software development and systems work into vulnerability management, penetration testing, SOC operations, threat hunting, detection engineering, training, security leadership, and architecture.

WhenTitleCompanyFocus
Jun 2025 - CurLead Security ArchitectOrkla ITThreat-informed defense, threat hunting, resilience, security architecture
Mar 2024 - Jun 2025Head of Cyber Security OperationsOrkla ITLeading cyber security operations
Oct 2023 - Jun 2025SOC AnalystOrkla ITSOC lead analyst, threat hunting, training
Sep 2020 - Sep 2023Senior Security Analyst / Head of TrainingDefendable ASSOC analysis, threat hunting, mentoring, education
Nov 2017 - Aug 2020Security Analyst MSSPedab NorgeSOC building, SOC analysis, threat hunting, mentoring
Sep 2015 - Nov 2017Information Security ConsultantWatchcom Security Group ASSOC, vulnerability management, threat hunting
Feb 2015 - Aug 2015Senior Security ConsultantProtego ASPenetration testing
Sep 2011 - Jan 2015Senior Systems ConsultantMaking WavesSoftware development, load testing, vulnerability management, penetration testing
Aug 2005 - Sep 2011ProgrammerVarious companiesSoftware development, team lead work, security, agile coaching

Predefender

Predefender is my independent security brand and the home of the Huntbook by Predefender.

Huntbook by Predefender is a practical resource for threat hunters, SOC analysts, detection engineers, and blue team practitioners who want to understand how threat hunting actually works. It covers the thinking, methods, frameworks, tools, and tradecraft behind structured defensive investigation.

The focus is practical:

  • how to think like a threat hunter
  • how to move from alerts to hypotheses
  • how to use frameworks without becoming a framework collector
  • how to connect threat intelligence, telemetry, detection logic, and investigation
  • how to turn hunting into better understanding, better detections, and better security operations

Predefender is not meant to be a generic cyber security blog. It is a place for structured notes, field experience, investigation logic, and blue team craft.

Disclaimer