How analysts use cognitive reasoning in investigations with Chris Sanders

limacharlie logo
LimaCharlie
May 21, 2026
LimaCharlie

Join us for this week's Defender Fridays as Chris Sanders, Founder at Applied Network Defense and the Rural Technology Fund, breaks down how analysts actually think through investigations and what separates high performers from the rest.

At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

What We'll Discuss

In this episode, Chris Sanders draws on his background in security operations and cognitive psychology to explore how metacognition shapes investigative performance, and why understanding how you think is one of the most underleveraged skills in the SOC.

Key Topics:

  • Why high-performing analysts ask better questions instead of starting with large chunks of data
  • How diagnostic inquiry (DINQ) was developed by studying senior analysts in action
  • What separates one year of experience repeated twenty times from genuinely diverse experience
  • Why tacit knowledge makes it hard to train new analysts and what to do about it
  • How AI fits into the investigative process and where humans still need to be in the loop
  • Why cybersecurity education has a transfer problem and what other fields like medicine get right
  • What good SOCs have in common and why it comes down to metacognitive awareness

About Our Guest

Chris Sanders is the Founder of Applied Network Defense, a training company focused on analyst and investigative roles, and the Rural Technology Fund, an organization that supports technology education in rural and underserved communities. He holds a doctorate in education and has spent his career at the intersection of cybersecurity and cognitive psychology, including time at school districts, the federal government, and Mandiant.

Register for Live Sessions

Join us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you, our audience.

Register here: https://limacharlie.io/defender-fridays

Subscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes on our website!

Sponsored by LimaCharlie

This episode is brought to you by LimaCharlie, the Agentic SecOps Workspace (ASW), where AI agents operate security infrastructure using the same controls and authority as human analysts, with every action visible, governed, and auditable.

Why LimaCharlie?

  • Eliminate vendor sprawl and tool complexity
  • Deploy and scale effortlessly on native multi-tenant architecture
  • Reduce costs with intelligent data routing and free 1-year retention
  • Build custom solutions with 100+ security capabilities on-demand
  • Accelerate response with agentic AI that acts directly within predefined workflows

Try the Agentic SecOps Workspace free: https://limacharlie.io
Learn more: https://docs.limacharlie.io

Follow LimaCharlie

Sign up for free: https://limacharlie.io
LinkedIn: / limacharlieio
X: https://x.com/limacharlieio
Community Discourse: https://community.limacharlie.com/

Host: Maxime Lamothe-Brassard - Founder at LimaCharlie
Guest: Chris Sanders - Founder at Applied Network Defense & Rural Technology Fund

#defenderfridays #limacharlie #cybersecurity #infosec #securityoperations #detectionengineering

Copyright © 2026 OpsMatters™. All rights reserved.