Finally Revealed : The Secrets To Growing, Staying Relevant, And Not Losing Your Luster.
Secrets only known by few, finally making it way to public view.
In a keynote for a new SANS series called Think DFIRently, Heather Mahalik ( Senior Director of Digital Intelligence at Cellebrite & SANS DFIR Curriculum Lead, SANS Faculty Fellow and Author ) reached out to some top guns in the field of Cybersecurity, especially in Digital Forensics and Incident Response ( DFIR ) for their thoughts on how to stay relevant and grow in the field of DFIR.
In her keynote titled; What makes a solid DFIR professional – How to keep growing in the field and not lose your luster, I found myself learning so much and said to myself...
This isn't for one niche alone! This can be applied to the lives of professionals from any niche in Infosec. She's done a great job at not changing the advice/quotes from the experts she reached out to and I'm hundred percent sure, I'm going to stick to it because...
It's that good!
The quotes are in three categories ranging from growth, staying relevant and keeping your luster in the field of DFIR
With that said, let's get onto the first topic of...
Growth
Heather Mahalik - "Take training and train yourself. It's never too late to learn something new. Be willing to learn"
Lesley Carhart - "Always be curious to learn something old or something new."
Ben Johnson - "When you're bored, keep learning. When you feel that you plateaued, keep learning. Learning can be technologies, adversarial techniques, presentation skills, management training and more. We cyber defenders in a world where there are still decades of work to get us to a safer place, so don't let a temporary valley discourage the fact that we're here with a purpose to serve, protect and educate."
Katie Nickels - "Threats are constantly changing so keeping up with that keeps things challenging and fresh! There are always new things to learn."
Lina Terrazas - "Go to one training a year that seems completely outside your skillset or intimidating and go into it with an open mind and willingness to ask questions. So what if some pieces might go over your head? You can Google that shit later. Embrace the suck!"
Alexis Brignoni - "Difference maker Be present - Try to keep up and read what's going on in DFIR Work on public speaking skills and submit to talks. Start presenting with someone, then alone. If you want to stay relevant people need to hear from you. A tree falls in the forest and there is no one there to hear it, does it make a sound?"
Eric Zimmerman - "If you think you know something, teach it!"
Ryan Chapman - "Join podcasts, host podcasts, present, work with others on projects and be involved at cons."
Jessica Hyde - "We also can't do it alone. We need to work with each other, share what we know, and build on each other in order to help those we are supporting with our work. This is what makes DFIR awesome."
Next on our list is...
Remaining relevant
But to whom? To your employers, colleagues, yourself? That's a question you've got to answer now.
Heather Mahalik - "Speak, write and share what you know or what you are passionate about! Don't allow yourself to be the smartest in the room. - Don't stay Surround yourself with people who Challenge me"
Lesley Carhart - "Understand you'll never know everything"
Kevin Ripa - "I am really lucky that my path sometimes has me flirting with relevancy when I hang around the right people. That is how I stay relevant."
Ryan Chapman - "Being relevant for me is about visibility and helping others learn as much as possible. Infosec celebrity is one thing, but stories about how your content has helped someone learn something new, overcome an obstacle, etc. makes you feel really damn good!"
Eric Zimmerman - "Try to solve problems no one has solved before - fill the gaps Tools Contents (video, blog, etc )"
Lisa Terrazas - "Participate in the local infosec community. I try to go to one conference a year I've never been to before, and I am at every monthly SecKC meetup we have in person. I always learn something, which fuels my curiosity."
Alexis Brignoni - "Fill the gaps - be the pontoon until the permanent bridge is made. This means to look for things that need solving and do something about it. Mentor. Help those just starting out. The only way to keep things fresh is to never forget that once we were white belts too."
Dave Kennedy - "Be cautious of burnout in DFIR even though DFIR is one of the most exciting fields in the industry. The biggest motivating thing for me is being there when it's a time of crisis."
Robert M. Lee - "Groups like SANS. Join a community that ensures you have your peer circles. Live stream and the free stuff"
For the final quotes on how to keep your ...
Luster
Heather Mahalik - "Be humble but not insecure. Do not let your ego outgrow your worth. When people call you out, ask why and if you're wrong. Admit it. Mentor - remember where you started and how you got to where you are now. "
Lesley Carhart - "Remember the mission of your work, to stop bad people"
Ryan Chapman - "Infosec celebrity is one thing but stories about how your content has helped someone learn something new, overcome an obstacle, etc makes you feel really damn good!"
Alexis Brignoni - "Be authentic. It's okay to emulate others you admire but find your own voice. Be confident in that voice. Listen and give credit to others. This field is a team game. Period. Be humble and have a healthy dose of self-doubt. Don't be a pushover though. Keep a healthy balance."
John Strand - "Get rid or Red vs Blue mentalities. At the end of the day, we all bleed purple."
Eric Zimmerman - "Love what you do Don't overdo it. The work will be there tomorrow (have some life balance) See the value in your work beyond an amount on an invoice."
Katie Nickels - "For IR in particular, think about what you're protecting. One time my team saved a hospital from being ransomed. The work we do have a big impact on people's lives."
Kevin Ripa - "Do it for passion and not for the money Never knowing what is going to happen next. Being able to respond to whatever happens because I have the knowledge (or more importantly know the right people to get it from), is gold! I never know what the day will bring, but it will always be interesting and challenging. We should all be so lucky to have a career like this."
Jessica Hyde - "Knowing that we are helping people on their word day with our skills, We owe it to those in their time of need to be able to tackle the next technical challenge."
Lina Terrazas - "Mentor those early in their career. It gives even the boring, annoying and frustrating parts meaning. Infosec Twitter, Reddit, Newsletters, blogs, etc. Read them! Someone may never open their mouth at a conference or in a classroom but will share their work online. Read it, learn from it, and ask questions about their thought process/methodology. "
InfosecSherpa - "What keeps me going is the concept in Judaism of "Tikkun Olam" which translates to "repair the world". I am not very religious, but this philosophy of repairing the world is what drives me and keeps me motivated to stay in InfoSec and keep learning as a professional."
Dave Kennedy- "DFIR specifically requires you to be at the top of your game. You must understand what adversaries are doing, their TTPs, as well as the best way to identify what occurred and how to stop it."
Wendi Whitmore - "It's important to take time off and disconnect. Take an actual vacation during it vs being available. There is ALWAYS an emergency to respond to."
Robert M. Lee - "The passion of helping folks - being the "helpers" as Mr. Rogers would say in a world of assholes and criminals. It's exciting to be there for people on their worst day and be the "helper"!"
Rob Lee - "Find your Chad!"
What Rob means here is finding a partner that will support and help you grow. The person he found is Chad Tilbury.
Chad Tilbury - "Memento Mori! We only get to spend a limited time working, so better make it count! We are so fortunate to work in a field that can provide so much impact to victims, justice and perpetrators."
And one final quote from Heather Mahalik; "It's not your job to determine how horrible someone is but it is your job to find the truth."
New to malware analysis? Check out my blog on how to set up your malware analysis lab for free.