My Journey into DFIR

Prior to getting into IT, I held various positions such as office manager, accounts payable clerk, truck driver, and loss prevention agent. My father was a programmer for Sperry Univac and I loved going there with him on Take Your Kid to Work Day. In 1999, I started college as a Computer Science major but algorithms and subsequent calculus classes quickly changed that. Math was definitely not my strong point. I changed my major to Criminal Justice and planned on getting a CSI certificate as part of the degree. I liked investigating things. I was about six classes away from completing my degree when my financial aid ran out and I couldn’t afford to finish school.

My IT career began in 2010, a few months after I was laid off from my job providing computer-drawn floor plans of greeting card displays. There was a recession going on and I wasn’t having any luck finding another job. I was a single mother, and unemployment wasn’t going to hold us down for long. I found out that the unemployment office offered free career training. I jumped on that! I started attending classes at a technical school called TechSkills and earned my A+ and Network+ certifications.

I couldn’t let all the fun I was having at school during the A+ class come to an end though. I loved their break/fix lab. I wanted to continue to do that in my spare time, so I placed ads on Freecycle and Craigslist looking for broken/unwanted computers. This was the beginning of my home lab.

One day, a recruiter from a tax company came to TechSkills and was hiring for Seasonal Technical Support positions in their call center. I got the job!

The beginning of my lab (2009)

Let me talk about that shirt for a second. “I am the IT guy” (I miss Think Geek). There were maybe three other women working in IT in the call center out of over 100 people. I would get calls from people saying they thought they called the wrong number because they were expecting a guy to answer the phone. One person was even adamant that he speak to a man instead of me.

After the Technical Support position ended for the season, I was on the job hunt again. The experience I gained in tech support was incredible, but being an introvert with major social anxiety and selective mutism, working in a call center environment was extremely stressful and draining. Nevertheless, I ended up back on phones with a small company contacting military personnel about education options and doing data entry. This being a small company, there was no IT department. I became the go-to person for computer, printer, or cell phone issues. I loved it! In 2012, I was laid off once again and back on the job hunt.

The same temp agency who got me into the previous position at the small company contacted me about an Access Management position at a bank. The feedback I got after the interview was that they liked how passionate I was about IT. My home lab was brought up during the interview. I was hired as a temp for 8 months and was then brought on permanently. Working in Identity & Access Management wasn’t bad, it just wasn’t where I wanted to be. I continued to work on computers in my spare time.

I don’t remember exactly when I heard about DFIR, but I knew that was my end goal. I started studying everything I could about cybersecurity and digital forensics. In 2016, I got the Security+ certification. In 2017 I passed the CySA+ and SSCP exams. In 2018, I earned the CCNA Cyber Ops and CEH certifications. I also took a few IT classes at a local community college and played around with various DFIR tools in my home lab. By the end of 2018, I was getting discouraged. I enjoyed learning everything I could and studying for the certifications, but that didn’t seem to be getting me anywhere. I’d been applying for jobs since I got the Security+ and was only able to get two interviews. One where I was told I wasn’t technical enough, and the other where I was told they didn’t like the idea of a woman driving at night (I applied for a SOC Analyst role where they started everyone on 3rd shift). I figured I might have better luck if I got a degree in cybersecurity since most job postings I saw preferred it. I stopped applying for jobs to focus on trying to get back into school with maxed-out student loans.

I heard great things about WGU and saw that their Cybersecurity and Information Assurance Masters degree program included the Certified Hacking Forensics Investigator (CHFI) certification. I decided to finish my degree in Criminal Justice so I could attend WGU.

I was getting close to final exams for my Criminal Justice degree when I got an email from a recruiter at a temp agency about an Incident Response position. They saw my resume online. I was completely stressed out about finals and almost didn’t go to the interview because I figured it would just be another “no”.

After the interview, I was given a technical assignment to complete. It was something I’d never done before so I researched the heck out of it and sent it in. A week after that, I got the call that I WAS HIRED! It started out as a temp-to-hire position and six months later, I was offered the job permanently.

I completed my Bachelor’s in Criminal Justice in April of 2019 and graduated with my Master’s in Cybersecurity and Information Assurance in January of 2020. I liked that I was able to apply the skills I learned while studying for the CHFI immediately to my new position.

What are some of the things I need to know how to do as an Incident Response Analyst?

  • Log Analysis
  • PCAP Analysis
  • Digital Forensics
  • Malware Analysis
  • Email Analysis
  • Scripting
  • Report Writing

Although I have been scrambling to learn everything listed above, I am absolutely loving my job! My goal now is to be the best I can be at what I do, and hopefully help others by providing the free and affordable learning resources I use on this site.

For my advice on getting into the DFIR field, see Getting into the DFIR Field.

To find out more about home labs including where to get ideas and ask questions see: The Evolution of my Home Lab From Break-Fix to Forensics.