Please note: I do not know much about job roles outside of Digital Forensics & Incident Response (DFIR). If you know you want to be in Cybersecurity but aren’t sure what area you want to be in, or if you’re interested in a field other than DFIR, here are some resources.
The following is my advice for getting into the Digital Forensics & Incident Response (DFIR) field. I have also posted links to the advice other DFIR professionals have offered via blog posts and videos.
- There are different job roles that conduct digital forensics investigations. It helps to determine which role you want to be in. To learn more, see: What is DFIR, and How do Digital Forensics Roles Vary? by Hacks4Pancakes and Digital Forensics Investigator: A Road Few Have Traveled by Ian Barwise. Digital forensics jobs in the Public Sector such as law enforcement most likely have different requirements than DFIR jobs in the Private Sector such as working for a corporation. See Job Hunting in the DFIR Field by Jessica Hyde and How to Become a Digital Forensics Professional in 2021.
- Look at the job postings for the type of role you’re interested in to get a feel for the job requirements (certifications, prior experience, etc) and start working toward them. LinkedIn, Dice, Glassdoor, and Ninja Jobs are some suggestions. I listed certifications I’ve seen requested in various Digital Forensics and Incident Response job postings HERE. Certification requirements will differ based on the various roles within the DFIR field. I recently launched a job board called Get Your Start Careers for people living in the US and Canada. Jobs posted here don’t require prior experience in the role being posted.
- Tailor your resume for the type of position you want, and put your resume on job sites like the ones listed above so recruiters can see it. This is how I’ve found most of my jobs, including my current DFIR position.
- Build a home lab to become familiar with DFIR tools. It can be as simple as using VirtualBox or VMware on a computer along with DFIR related distros. Check out The Evolution of My Home Lab: From Break-Fix to Forensics and How to Incorporate Home Lab Experience Into Your Resume. For home lab ideas, and to ask questions, there is a home lab community on Reddit. They also have a Discord Server.
- It helps to learn a programming language. Python is used a lot in DFIR.
- Join the Digital Forensics Discord Server. This is a great place to meet others in the field, learn, and ask questions. See: A Beginners Guide to the Digital Forensics Discord Server. The Cyber Social Hub is another good community to join.
- If you’re not on Twitter, you might want to get on Twitter. There’s a large DFIR community on Twitter and an even larger Cybersecurity/Infosec community. Check out the Women of DFIR and the Men of DFIR for who to follow. You can also ask questions on Twitter (use the hashtags #DFIR and/or #AskInfosec). Many people are willing to jump in and offer advice.
- Attend virtual conferences. They often have a place to chat online with other professionals. I make a monthly blog post of virtual conferences and other events related to DFIR. Attend security events in your area such as BSides. Try Meetup.com to see if there are any local Cybersecurity meetups.
- Start a blog. Even if you don’t have experience, you can document what you’re doing and learning in a blog. See Tips for Starting a Blog on This Week in 4n6
- Never stop learning. Check out the Free Training site and Affordable Training site. A lot of it is what I’ve needed to learn (and still need to learn) as an Incident Response Analyst. The learning requirements are most likely different for someone in a strictly digital forensics role. As I come across new things I don’t know, I look for free training and add it to the list. I also created an Incident Response Training Plan using freely available online courses starting from complete beginner to IT. It covers networking, programming/scripting, linux, malware analysis, log analysis, PCAP analysis, digital forensics and more.
I also recommend watching the videos and reading the blog posts below to learn about the different roles within DFIR and how get started:
- Securing Your Future in DFIR (advice on how to get into the field w/Kathryn Hedley, Phill Moore, Jason Jordaan and Lee Whitfield).
- Getting Started in DFIR: Testing 1,2,3 by Phill Moore
- How to Become a Computer Forensics Investigator w/Amber Schroader
- Get Started in Computer Forensics: Entry-Level Tips, Skills and Career Paths w/Amber Schroader
- How to Start Your Career in Digital Forensics (Ways you can become successful in developing your career path in DFIR w/Heather Mahalik)
- Cache Up (learn how different people in the DFIR community got their start and their advice for getting into the field hosted by Jessica Hyde).
- Digital Forensics and Incident Response: Is it the Career for You? (What it’s like to be a DFIR professional and how to kickstart a career in DFIR w/Cindy Murphy)
- All Things Entry Level Digital Forensics and Incident Response Engineer DFIR (What the job looks like, the pros and cons of the job and what you can do to learn skills to start working toward a job in that field w/Brandon Poole)
- More videos can be found on my YouTube “Getting into the DFIR Field” Playlist
- Blog Posts
- How long does it take to get into the DFIR field? by Brett Shavers
- How to Make BANK in DFIR! by Brett Shavers
- Unlocking the DFIR Door (aka: getting a job in DFIR) on DFIR.Training
- Job Sites
- Get Your Start Careers (Jobs in the US and Canada requiring no prior experience in the same role – created by me)
- U.S. Government Jobs
- LinkedIn Jobs
- Job Postings on AboutDFIR
- Cyber Job Central
- Google – Yes, Google. If you search for something in Google like “Entry Level Digital Forensics Jobs”, you should get a listing of jobs. If you click on “Explore Jobs”, you can filter them by location and get email alerts for new jobs. You can set up alerts for different searches. Some other examples to search for are: “Entry Level Incident Response”, “SOC Analyst Level 1”, “Junior Security Analyst”.
Tip: “Security Analyst” and “Cybersecurity Analyst” are generic titles that can cover a number of different roles. For example, you might read a job description for a “Security Analyst” and realize it’s actually a SOC or Incident Response position, other times it could be more of a compliance role or other type of cybersecurity role.