Explore
About

Roger Johnsen
I work as a Lead Security Architect with a strong focus on security operations, threat hunting, threat-informed defense, detection engineering, and practical blue team capability building.
My background sits somewhere between security operations, software development, analyst enablement, and hands-on investigation work. I have worked as a SOC analyst, threat hunter, penetration tester, developer, consultant, trainer, and security leader. That mix has shaped how I think about security: good security work needs structure, technical depth, operational realism, and people who understand why they are doing what they are doing.
This site is part notebook, part field manual, and part attempt to explain how I think about threat hunting and defensive security. The goal is not to make threat hunting sound mysterious. The goal is to make it practical.
I have also spent a fair amount of time in Capture The Flag environments such as the SANS Holiday Hack Challenge and Hack The Box. In the SANS Holiday Hack Challenge 2021 edition, I was runner-up for best “Technical Answer” and received a challenge coin for the write-up.
Career highlights
I started out with electronics, electrical engineering, programming, Linux, FreeBSD, and open source. I have been involved with open-source systems since the late 1990s and started my professional career in 2005.
Over time, my work moved from software development and systems work into vulnerability management, penetration testing, SOC operations, threat hunting, detection engineering, training, security leadership, and architecture.
| When | Title | Company | Focus |
|---|---|---|---|
| Jun 2025 - Cur | Lead Security Architect | Orkla IT | Threat-informed defense, threat hunting, resilience, security architecture |
| Mar 2024 - Jun 2025 | Head of Cyber Security Operations | Orkla IT | Leading cyber security operations |
| Oct 2023 - Jun 2025 | SOC Analyst | Orkla IT | SOC lead analyst, threat hunting, training |
| Sep 2020 - Sep 2023 | Senior Security Analyst / Head of Training | Defendable AS | SOC analysis, threat hunting, mentoring, education |
| Nov 2017 - Aug 2020 | Security Analyst MSS | Pedab Norge | SOC building, SOC analysis, threat hunting, mentoring |
| Sep 2015 - Nov 2017 | Information Security Consultant | Watchcom Security Group AS | SOC, vulnerability management, threat hunting |
| Feb 2015 - Aug 2015 | Senior Security Consultant | Protego AS | Penetration testing |
| Sep 2011 - Jan 2015 | Senior Systems Consultant | Making Waves | Software development, load testing, vulnerability management, penetration testing |
| Aug 2005 - Sep 2011 | Programmer | Various companies | Software development, team lead work, security, agile coaching |
Predefender
Predefender is my independent security brand and the home of the Huntbook by Predefender.
Huntbook by Predefender is a practical resource for threat hunters, SOC analysts, detection engineers, and blue team practitioners who want to understand how threat hunting actually works. It covers the thinking, methods, frameworks, tools, and tradecraft behind structured defensive investigation.
The focus is practical:
- how to think like a threat hunter
- how to move from alerts to hypotheses
- how to use frameworks without becoming a framework collector
- how to connect threat intelligence, telemetry, detection logic, and investigation
- how to turn hunting into better understanding, better detections, and better security operations
Predefender is not meant to be a generic cyber security blog. It is a place for structured notes, field experience, investigation logic, and blue team craft.