SOC analysts, detection engineers, and pentesters—you’re not imagining it: software supply chain security is a dumpster fire 🔥. In this episode of Simply Defensive, we sit down with Kyle Kelly, engineering manager at GitHub and author of Crime Hacks, to unpack the chaos.

We cover:
- Why malicious packages are sneaking past defenders
- The truth about SBOMs (and what most orgs are doing wrong)
- How to spot typo-squatting and backdoored build scripts
- What defenders can do—even if you're not building the code
- Why “just NPM install” is more dangerous than you think

From transitive dependencies to the hidden power of private package repositories, this episode is packed with practical insights, hilarious stories, and advice every blue teamer needs.

Episode Links:
🔗 Kyle’s blog: https://crimehacks.com
👨‍💻 Kyle on LinkedIn: https://www.linkedin.com/in/kyle-m-kelly
📰 Crime Hacks on LinkedIn: https://www.linkedin.com/company/crimehacks

=========================
Sponsored by ThreatLocker - Free 30-day trial of ThreatLocker https://www.threatlocker.com/simplydefensive
=========================
Connect with your hosts:
Josh Mason: https://www.linkedin.com/in/joshuacmason
Wade Wells: https://www.linkedin.com/in/wadingthrulogs
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials
=========================
This podcast is presented by Simply Cyber Media Group