Developing a Digital Forensics Career

How to Take Advantage of Demand for Specialists
Developing a Digital Forensics Career

As high-profile data breaches, such as those that hit SuperValu, Home Depot and many others, continue to grab headlines, demand is growing for well-trained digital forensics experts who can conduct timely investigations to determine the cause of a security incident and help identify mitigation steps.

See Also: Live Webinar | Navigating the Security Maze of the Remote Worker with Splunk

While some organizations are beginning to hire full-time in-house forensics experts, most are still turning to outsourcers for help.

Digital forensics experts study networks, systems and data storage devices to probe into the nature and extent of an unauthorized network intrusion. As the level of sophistication and frequency of cybersecurity attacks increase, demand for skilled forensics experts will substantially grow, says Michael Bruemmer, vice president at Experian Data Breach Resolution Group.

Forensics experts say those interested in a career in this field should consider obtaining a specialized degree; gain technical training in networking various computer operating systems; have an understanding of how digital evidence is used in legal proceedings; and be able to write clear reports on their findings and communicate to senior-level executives.

A Booming Market

Rob Lee, a digital forensic trainer at the SANS Institute, says more companies are realizing they need to bring in full-time forensics professionals to work on incident detection and response as breaches become more common.

In-house experts, in particular, can play a critical role in quickly preserving accounting log data - or the scene of the crime, says attorney Ron Raether of Faruki Ireland & Cox LLP.

But even organizations that have their own forensics experts still may have to hire outside expertise in the event of a major breach "because you just can't staff enough folks," Lee says.

"When I was with Mandiant, we would have people call us to help, and we were totally booked," he says. "We would say, 'Okay here is our rate,' it would be something ridiculous like $800 an hour, and you would think, 'They're never going to agree to this.' They'd come back and say, 'Okay great, how many people can you send?'"


Bruemmer says that for the vast majority of organizations, outsourcing remains the dominant approach to gaining forensics expertise. "Given the specific skill level and the need to stay on the cutting edge of technology, most of our clients are outsourcing to the top five firms in the industry," he says.

Jessica Bair, a senior manager at Cisco Systems, says many companies lack the financial resources to assemble their own team of forensics experts.

Organizations are having problems "affording higher skilled staff and also the number of technologies that often are needed to handle incident response," she says. "If they're large enough, they will have a team; others are looking for outsourcing help."

Top Skills

To build a career in digital forensics - whether working as an in-house expert or an expert-for-hire - aspiring security professionals can now take advantage of education programs offering specialized degrees.

Wendi Rafferty, vice president at CrowdStrike, a provider of security technologies, says that degree programs in forensic analysis are now available at Rochester Institute of Technology, George Mason University and other institutions.

Those seeking a job in data forensics "need to have a strong computer science background with the necessary technical depth in areas such as networking; inside knowledge about different operating systems, such as Windows, MAC OS, Linux and Unix; and basic programming/scripting skills," says Jurgen Kutscher, head of professional services at Mandiant, which offers forensics services.

When hiring, CrowdStrike also looks for proficiency on a number of tools used in forensic analysis. "What you would ideally like to have is practical experience using those tools, whether that's performing internal investigations or criminal case analysis for someone coming from the government or law enforcement," Rafferty says.

Dan Ryan, forensics adviser at (ISC)², which offers a professional certification in this arena, says knowledge of the legal system is essential.

"You need to know a great deal about how evidence is used and collected and analyzed in the legal system," he says. "You need to understand the law of evidence because what we are talking about is using the content of information technology as evidence in some kind of legal proceeding."

Building a Track Record

When hiring forensics experts, companies look, first and foremost, for a solid track record of experience, says Bair of Cisco. Organizations want to see evidence that the candidate has worked on a large number of varied cases, handling business problems, she says.

"When I was training people in this field, a lot was focused on the ability to communicate and report writing," she says. "If they're unable to articulate and report what they've done, no one knows what they have found. [Companies want] someone who isn't just a data pusher, but can investigate as well."

The top three qualifications that Experian looks at when selecting forensics experts with which to work are functional and technical skills, time management and the ability to be a team player, Bruemmer says. He also notes the importance of project leaders who "have a vision for the outcome of the investigation and can get the whole team to stay on track to complete the engagement."

"We are often hunting for a grain of evidence in an ocean of sand," Raether says. "Having the right tools to sift through the sand and the experience of knowing what the bad guys typically do, and where, improves our chances."

As for how to get the necessary experience, Kutscher says junior consultants will gain most of the skills through on-the-job training. "There are obviously programs available where students will learn the basics on forensics, but it takes real-world experience to grow these skills."

Lee advises those building careers in digital forensics to develop specialized skill sets. All forensics experts will know about reverse malware engineering, network analysis and systems analysis, but they shouldn't claim to be an expert in all three, he notes.

"Just like in the NFL, there are not many people who can play every position. Wide receivers do not make the best running backs, even though both carry the ball."

Lifestyle Choices

When deciding whether to work for a consulting firm or as a corporate in-house specialist, forensics experts should take into account the lifestyle each option offers.

"If someone wants to know what they're going to be doing every day, that they're going to be coming home each night and be able to plan their life, than usually in-house is the way to go," Bair says.

The allure of consulting is that experts will investigate many different attacks, helping them to quickly build skills, Lee says. The downside, however, is that consultants spend a lot of time on the road. "The organization you are working for expects you to bleed for them. It's a game for the young, just like the NFL. You get beat up in that field, but then you walk out and you are really an expert."

About the Author

Megan Goldschmidt

Megan Goldschmidt

Associate Editor

Goldschmidt is the former Associate Editor for ISMG. A recent graduate of Ithaca College, she has worked for multiple publications in NJ and NY, including the Trentonian and the Rochester Business Journal, instilling a passion for writing, editing and social media.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.