Getting Into the DFIR Field

Please note: I do not know much about job roles outside of Digital Forensics & Incident Response (DFIR). If you know you want to be in Cybersecurity but aren’t sure what area you want to be in, or if you’re interested in a field other than DFIR, here are some resources.

The following is my advice for getting into the Digital Forensics & Incident Response (DFIR) field. I have also posted links to the advice more experienced DFIR professionals have offered via blog posts and webcasts.

  • Look at the job postings for the type of role you’re interested in to get a feel for the job requirements (certifications, prior experience, etc) and start working toward them. LinkedIn, Dice, Glassdoor, and Ninja Jobs are some suggestions. I listed certifications I’ve seen requested in various Digital Forensics and Incident Response job postings HERE. Certification requirements will differ based on the various roles within the DFIR field.
  • Tailor your resume for the type position you want, and put your resume on job sites like the ones listed above so recruiters can see it. This is how I’ve found most of my jobs, including my current DFIR position.
  • It helps to learn a programming language. Python is used a lot in DFIR.
  • If you’re not on Twitter, you might want to get on Twitter. There’s a large DFIR community on Twitter and an even larger Cybersecurity/Infosec community. Check out the Women of DFIR and the Men of DFIR for who to follow. You can also ask questions on Twitter (use the hashtags #DFIR and/or #AskInfosec). Many people are willing to jump in and offer advice.
  • Start a blog. Even if you don’t have experience, you can document what you’re doing and learning in a blog.
  • Never stop learning. Check out the Free Training site. A lot of it is what I’ve needed to learn (and still need to learn) as an Incident Response Analyst. The learning requirements are most likely different for someone in a strictly digital forensics role. As I come across new things I don’t know, I look for free training and add it to the list.

I also recommend watching the webcasts and reading the blog posts below to learn about the different roles within DFIR and how get started:

Tip: “Security Analyst” and “Cybersecurity Analyst” are generic titles that can cover a number of different roles. For example, you might read a job description for a “Security Analyst” and realize it’s actually a SOC or Incident Response position, other times it could be more of a compliance role or other type of cybersecurity role.