Getting Into the DFIR Field

If you know you want to be in Cybersecurity but aren’t sure what area you want to be in, or if you’re interested in a field other than DFIR, here are some resources.

The following is my advice for getting into the DFIR field. I have also posted links to the advice more experienced DFIR professionals have offered via blog posts and webcasts.

Look at the job postings you’re interested in to get a feel for the job requirements (certifications, prior experience, etc) and start working toward them. LinkedIn, Dice, Glassdoor, and Ninja Jobs are some suggestions.

Tailor your resume for the type position you want, and put your resume on job sites like the ones listed above so recruiters can see it. This is how I’ve found most of my jobs, including the DFIR position.

Build a home lab to become familiar with DFIR tools. It can be as simple as using VirtualBox or VMware on a computer along with DFIR related distros. Check out The Evolution of My Home Lab: From Break-Fix to Forensics and How to Incorporate Home Lab Experience Into Your Resume. For home lab ideas, and to ask questions, there is a home lab community on Reddit. They also have a Discord Server.

It helps to learn a programming language. Python is used a lot in DFIR.

Join the Digital Forensics Discord Server. This is a great place to meet others in the field, learn, and ask questions. See: A Beginners Guide to the Digital Forensics Discord Server

If you’re not on Twitter, get on Twitter. There’s a large DFIR community on Twitter and an even larger Cybersecurity/Infosec community. Check out the Women of DFIR and the Men of DFIR for who to follow. You can also ask questions on Twitter. Many people are willing to jump in and offer advice.

Attend virtual conferences. They often have a place to chat online with other professionals. Attend security events in your area such as BSides. Try Meetup.com to see if there are any local Cybersecurity meetups.

Start a blog. Even if you don’t have experience, you can document what you’re doing and learning in a blog.

Never stop learning. Check out the Free Training list. A lot of it is what I’ve needed to learn (and still need to learn) as an Incident Response Analyst. As I come across new things I don’t know, I look for free training and add it to the list.

I also recommend watching the webcasts and reading the blog posts and articles below:

Webcasts
- Securing Your Future in DFIR (advice on how to get into the field).
- How to Start Your Career in Digital Forensics (Ways you can become successful in developing your career path in DFIR)
- Cache Up (learn how different people in the DFIR community got their start and their advice for getting into the field).
- Digital Forensics and Incident Response: Is it the Career for You? (What it’s like to be a DFIR professional and how to kickstart a career in DFIR)
- All Things Entry Level Digital Forensics and Incident Response Engineer DFIR (What the job looks like, the pros and cons of the job and what you can do to learn skills to start working toward a job in that field.)