Have all you youts seen this 90s how about hackers? It is a riot of a tongue-in-cheek X-Files spinoff, but it's been sh*tcanned because it predicted 9/11 a few months prior to the event in the pilot :(
This is kind of weird advice but it’s important:
Don’t let the moment you show someone they’re professionally appreciated and you’re willing to help them do awesome new stuff be at their exit interview or early retirement. Even if you assume Everything Is Fine and never check in.
Then, when they have resolved to go? It is too late. They have made the difficult decision to go from your company or volunteer org or club. They are so very rarely going to rethink that decision or even be able to.
If you’re a manager or director you need to have candid conversations about what is causing your people to not succeed. If you’re like “hey, here is a cool thing this person could help with” the time is TODAY, because tomorrow they will assume you didn’t care enough to ask.
If you’re angry for no reason you’re burnt out,
If you’re sleepy for no reason you’re burnt out,
If you’re irrationally mad and your work suddenly looks bad,
Spontaneously apathetic you’re burnt out.
*This is not a clinical diagnosis, and please seek prompt and professional treatment for mental health concerns
But seriously, take a vacation, have an actual meal at a table, and reconsider your work life balance.
Lot of people asking how to gain forensics skills right off the street now. I got myself into this 🤷🏻♀️🍸. Best way to start to learn forensics is to *do it on your own Windows computer* (preferably physical). Start with basic sysinternals tools. @markrussinovich’s books are great.
You have a handy piece of evidence to examine right in front of you, and understanding how your own activity appears in memory, registry, caches, and MFT can often be much more memorable and educational than some VM lab. Lots of great free Windows forensics tools out there.
The tools we use day to day to do memory forensics are widely free, like Volatility. Disk forensics is still kind of controlled by a few expensive software powerhouses, but just learning how your own computer stores, processes, executes is a huge educational leap forward.
Hey, so I want to talk about something that riles up or disheartens a lot of jr cybersecurity people and raises questions about gatekeeping, my perspective, and why I don't think it's as catastrophic as it looks from the outside. It has to do with experience required to do IR.
There is this unwritten set of rules that are constantly bandied about by senior DFIR people, and they go something like this:
"To do IR, you need 1-2 years of experience in cybersecurity (usually SOC)"
&
"To lead IR engagements you need 1-2 years of experience in DFIR"
OK, so is this gatekeepy? If you make it a static part of your hiring process, probably. Is it a bad guideline? No, and that's not so bad.
Let's talk about what Digital Forensics and Incident Response (DFIR) entails.