A wealth of opportunities in digital forensics and incident response careers
Digital forensics and incident response skills are interlinked and increasingly in demand, offering the right candidates varied and interesting careers.
This is according to Veronica Schmitt, co-founder of the DFIRLABS Digital Forensics and Incident Response practice, Assistant Professor at Noroff University in Norway, and a designated professional member of the Institute of Information Technology Professionals South Africa (IITPSA).
Schmitt was speaking during a webinar hosted by the Institute of Information Technology Professionals South Africa (IITPSA) Women in IT Chapter.
Schmitt, who is currently researching security vulnerabilities in IoT medical devices, said digital forensics and incident response skills would be needed across industries as the world moved increasingly to digital. “The Covid-19 pandemic forced everything online, and now everything and everyone must move fast – and when we move fast we make mistakes. We have a constantly evolving cybercrime landscape, so the risk to organisations now is greater than ransomware.” Digital forensics and incident response are needed to help organisations recover from breaches and mitigate losses and reputational damage, she explained.
She noted that digital forensics is a multi-faceted field, with career opportunities in both public sector law enforcement and the private sector. Both areas had pros and cons, she noted: “Digital forensics and incident response isn’t just one thing – for example, you could look at doing intelligence work; or if you are passionate about social media and privacy there are elements in digital forensics that pursue those. If it’s digital, and has a storage component, digital forensics can become involved. There are good and bad elements in every direction you choose. In public sector law enforcement, digital forensics investigators look into cases that aren’t psychologically safe – such as human trafficking, or child porn. In the private sector, there might be fraud, divorce cases or cyber bullying.”
To enter a career in digital forensics, Schmitt recommended starting with free introductory courses online, and SANS certification courses, followed by internships at a recognised cyber forensics and incident response firms.
“I think of myself as a digital detective – or a digital snoop,” she said. She said digital forensics and incident response professionals such as herself typically enjoyed solving puzzles and had a range of soft skills in addition to their technical skills. “We suffer from a ‘crusader complex’, wanting to make a difference and help people,” she said.
She explained that there was also an element of psychology involved: “You need to understand the user to be able to uncover their file naming conventions and build a digital fingerprint or profile. And when an organisation is compromised, people are often upset and panicky, so it is our responsibility to help calm things down.”
Schmitt added that digital forensics and incident response professionals also needed skills to manage court appearances. “In court cases, emotion needs to be taken out of it, so I remind myself to breathe, think, then answer. Often the defence will question your credentials and integrity as an expert witness, so it is important to make sure your resume is impressive, with all the right credentials.”
She noted that the legal system is not yet robust in terms of understanding digital crimes, so digital forensics professionals needed to be able to clearly convey the terms they used and how they uncovered evidence.
Schmitt likened digital forensics to a ‘wizard in the castle’. “They make amazing things happen by pulling things together. Then you also have the cavalry – that’s incident response. They can’t be separated and are fluid in terms of flowing into each other,” she said.
Veronica Schmidt is among the highly qualified practitioners holding the IITPSA Professional Member designation. An IITPSA Professional membership designation demonstrates that the member has extensive IT experience backed by significant academic achievements, to the extent that they can truly claim to be recognised as IT professionals. The Professional Member designation is also SAQA registered. For more information on becoming a member visit www.iitpsa.org.za