Blog

Key Learnings from Hacks & Hops 2025

Pattern

A practitioner-focused recap from Minneapolis and Missoula

This year’s Hacks & Hops events in Minneapolis and Missoula brought together security practitioners, engineers, red teamers, and leaders for an afternoon of real-world insights—minus the fluff. Across sessions that Ostra team members were a part of, one message was clear:

Modern security is about strengthening fundamentals, sharpening collaboration, and applying new technologies with intention.

Here are the biggest takeaways from the conversations and panels that anchored this year’s events.

1. AI in the SOC: Strong assist, not a stand-in.

During his talk, “AI in the SOC: Promise, Pitfalls, and Practical Reality”, Ostra’s VP of IT Emad Bhatt explored how AI is reshaping security operations today. While AI tools are becoming more powerful, the hype often overshadows the truth:

AI enhances analysts; it doesn’t replace them.

AI excels at enrichment, summarization, correlation, and noise reduction—but human expertise still drives prioritization and decision-making.

Data quality determines AI quality.

Organizations benefiting most from AI have invested in clean telemetry, consistent logging, and analyst feedback loops.

Human-led, AI-assisted workflows work best.

The most resilient SOCs use AI to recommend actions—not to autonomously contain threats or make business-impacting decisions.

Attackers are using AI too.

Deepfakes, automated recon, and AI-driven phishing are accelerating. Defenders must improve identity verification and behavior-based detection.

Bottom line: AI meaningfully improves SOC efficiency, but only when paired with people, processes, and high-fidelity data.

2. Purple teaming turns theory into proven detection

The purple team discussion offered a strong reminder: effective detection isn’t built through one-off red team engagements—it’s built through continuous, collaborative validation.

Red teams expose real-world gaps.

By emulating attacker behavior, they uncover detection blind spots and workflow issues that don’t reveal themselves in controlled testing.

Blue teams get actionable feedback fast.

Instead of waiting for a post-engagement report, defenders can see in real time what triggers, what doesn’t, and why.

Shared frameworks matter.

Mapping activities to MITRE ATT&CK helps both sides align on capability gaps and remediation priorities.

It’s not red vs. blue. It’s red + blue.

When both sides focus on improving the program—not proving a point—everyone wins.

Purple teaming strengthens detection by validating whether your tools, processes, and people actually work together under pressure.

3. Incident response plans don’t matter until you practice them.

Another major theme was the gap between having an incident response plan and actually being ready to use it. Many organizations have documentation but haven’t validated whether it works.

Key insights included:

Practice beats theory.

When a real incident hits, teams fall back on what they’ve rehearsed—not what’s written in a binder.

Tabletop exercises reveal hidden gaps.

Even simple scenarios expose unclear decision authority, missing logs, communication challenges, or untested escalation paths.

Cross-functional coordination is everything.

Security, IT, legal, communications, and leadership all play critical roles. If they haven’t practiced together, the response will stall.

Communication is part of containment.

How you notify executives, users, regulators, and partners impacts the outcome—and your credibility. Good incident response comes from muscle memory—built through repetition, not documentation alone.

Shared themes across the event

Across all sessions, several consistent themes emerged:

  • Strong fundamentals still outperform new tooling.
  • High-quality telemetry fuels better detection and better AI.
  • Collaboration between teams is increasingly critical.
  • Real-world validation (purple teaming, tabletop exercises) is essential.
  • AI is a multiplier—not a magic wand.

Hacks & Hops showed that while security technology is evolving quickly, the practices that drive effective defense remain grounded in people, process, and disciplined execution.

For teams looking to apply the lessons from this year’s event:

  • Review how AI fits into your SOC workflows—and where it doesn’t.
  • Schedule a purple team or detection validation exercise to test assumptions.
  • Run a tabletop incident response exercise with your cross-functional stakeholders.
  • Audit your telemetry quality to understand how it impacts detection and automation.

If you’d like help exploring any of these areas—or want to continue the conversation sparked at Hacks & Hops—our team is always here to connect.

Featured Blog Articles

Stay ahead of emerging cybersecurity threats with expert tips, protection strategies, and industry insights from the Ostra team—helping businesses safeguard their data and operations.

25 Ways to Avoid Becoming a Victim of Ransomware in 2025

To safeguard your business and avoid falling victim to ransomware attacks and data breaches, it is necessary to adopt proactive measures and stay well-informed. In this post, we list 25 effective ways to protect yourself from ransomware and preserve the security of your valuable data:

Data Privacy Isn’t a Luxury; It’s a Necessity

Data privacy isn’t some abstract tech buzzword. It’s your *life*, packaged into ones and zeros, sold to the highest bidder, or worse, left exposed for hackers to grab. And it all starts with understanding how your personal information is being used, shared, and sometimes abused.

AI-Driven Cyber Attacks: A Guide for Users

This guide explores how AI is being weaponized, the specific threats businesses face, and essential cybersecurity strategies to protect your organization.
View all

Protect More Than Data:  
Safeguard Your Future

Transform your security from a silent expense into a proven engine for risk reduction, compliance confidence, and long-term business resilience.

Get StartedLearn More