The Science Behind the Response: What It Really Takes to Combat Modern Cyber Threats with Devon Ackerman

Show Notes

Stepping behind the digital crime scene tape with Devon Ackerman, Global Head of Digital Forensics and Incident Response at Cyber Reason, reveals what it truly takes to excel in the high-stakes world of cybersecurity response. 

Drawing from his remarkable 15-year journey—from FBI Special Agent investigating national security threats to leading global incident response teams handling over 3,000 engagements annually—Devon shares rare insights into the evolution of cyber threats and the science of responding to them. "Every single investigation," he explains, "if you're not learning something, you're not paying attention."

The conversation explores how Devin maintains perspective during critical incidents, having witnessed both life-threatening FBI emergencies and corporate crises. This unique viewpoint shapes his leadership philosophy: "If we can figure out how a nation-state threat actor stayed in a client's network for six months undetected, I'm pretty sure we can handle someone's workload while they go take care of a family member."

For professionals in high-pressure roles, Devon's wellness strategies offer practical guidance—from finding moments to completely disconnect (including trips to remote areas without cell coverage) to protecting time on flights for mental decompression. His approach to work-life balance demonstrates how even those responding to the most severe digital emergencies can maintain equilibrium.

Whether you're considering a career in cybersecurity or seeking leadership insights from someone who's navigated both government and private-sector crisis response, Devon's story provides a compelling blueprint for excellence under pressure while preserving what matters most.

Please visit our website https://www.techexecwellness.com to stay up to date and subscribe to our newsletter!

Chapters

• 0:39: Meet Devin Ackerman: DFIR Expert
• 5:16: Personal Wellness and Music Preferences
• 10:20: FBI Career and Path to Digital Forensics
• 13:10: A Day in the Life of DFIR Leadership
• 21:56: Work-Life Balance and Leadership Philosophy
• 28:17: Threat Landscape and Career Advice
• 36:34: Building Cyber Reason's Consulting Business

Transcript

Speaker 1: 0:20

Hello and welcome back to another episode of the Tech Exec Wellness Podcast. This is your host, melissa Sanford, continuing on with our professionals and incident response. I am super stoked for this guest. I did not put it out on any of our socials because I wanted this to be a surprise, because I know this person, I worked with him and I certainly look up to him. I'm so delighted Drum roll.

Speaker 1: 0:43

Today we have Devin Ackerman. He is the Global Head of Digital Forensics and Incident Response DFIR at Cyber Reason, based in Raleigh, north Carolina. Devin leverages over 15 years of experience in cybersecurity, focused on digital forensics and incident response. Throughout his career, he's built and managed large-scale global incident response teams who've handled over 3,000 engagements annually. So prior to joining Cyber Reason, devin led the global DFIR team at Kroll, which is where we work together, a financial and risk advisory firm.

Speaker 1: 1:15

In this role, devin and his team investigated various types of cyber incidents, including some of the most complex incidents in the world, and I want to tell you, listeners, having someone like this gentleman here to help you when you're talking to a client, you're in good hands. That's all I can say, and we'll talk more about that. So these incident types included ransomware, corporate-based espionage, nation-state threats, network and cloud intrusion events and business email compromise we see a lot of those. In addition to providing rapid response, devin's team also provided preparedness services, including threat hunting, executive tabletop exercises, incident response planning and compromise assessments. He supported clients of all sizes, from small, medium-sized businesses to large enterprise accounts. He pays on closely with law firms, insurance carriers and brokers.

Speaker 1: 2:01

So before this, devin was a special agent in the FBI from 2018 to 2016. During his time in the FBI, devin had numerous positions, including certified digital forensics examiner, and was promoted to a supervisory special agent. So this is a cyber professional that's been in the ins and outs of cybersecurity and again, this is something that a lot of our listeners want to know is who are these people? Who are they behind the picture? He's been involved in some pretty big investigations related to cyber, foreign counterintelligence, national security and crime, criminal-related network intrusions, large-scale evidence collections and multi-agency incident response. He coordinated digital forensics-related field operations both within the US and in conjunction with foreign attache offices, and he's got a whole list of credentials that I it would probably take me all day to read Before we start. First, welcome to the show. I have to ask everybody this question your favorite music genre and if you have a memorable concert experience to share with our listeners, so welcome.

Speaker 2: 3:11

I love it, melissa. It's an absolute pleasure. It is hard to follow such an intro. I think, right there, we're going to wrap the podcast, right, no?

Speaker 1: 3:18

Yes, sir.

Speaker 2: 3:19

It's an absolute pleasure to be here and be on your show. So your question first, one out of the hopper. I have a fairly broad appreciation for music and probably most of your guests say something similar, but I enjoy almost everything from classical the country to rock and some pop here and again. I will say, when I'm working and I'm in the office I need to concentrate. I'm usually focused on instrumental, Typically violin, piano. Lindsey Stirling is a fan favorite of mine, all the way back to her early days, and something instrumental, without any voice For running exercise probably not unlike yourself Anything with a steady beat motivates, helps me run. I'm training for a 5K this year and I'll add that Tron Legacy had a pretty amusing music track back in the day and that might be a type of music that I gravitate towards.

Speaker 2: 4:06

So for concerts, I've certainly had an opportunity to attend quite a few concerts over the years and most recently I mentioned Lindsay Shirley. I've seen her in concert, actually in North Carolina where I live. I also most recently saw Jelly Roll, which kind of ups it into the spectrum there for musical talent. You know, if you've ever been to either. They both put on amazing performances. Lindsey is very active on stage. You know part of her whole shtick is is dancing and acrobatics while playing the violin and not missing a beat. It's, it's absolutely amazing. It's a awesome blend of dance and movement and her instrument, her craft, jelly roll kind of. On the other end, amazing stamina. For those of you that do or don't like his music, his range is one of the things I think that's most impressive right Country to rock, to hip hop, to rap, all in one show. It's pretty impressive to see on stage and in person.

Speaker 1: 4:57

I love it. Okay, you said something and I want to dig into that before we start talking about some other things. Okay, Tell me about that.

Speaker 2: 5:05

Yeah. So it's a little bit of a personal goal. So I have a close group of friends and a couple of them are very interested in, you know, kind of a longer distance running. I ran a lot in kind of during my law enforcement career which is part of my workout regimen. You know, moving into consulting post, you know FBI life Consulting's very busy, it's kind of a 24-7 life and not unlike FBI right, we're always on when we've got the badge and the gun.

Speaker 2: 5:29

But it's a little of a different life. It's more like anchored to the computer, non-stop, anchored to the phone. So taking time out to do something outside and unplugging, decompressing super important for life, work balance and running is part of that for me. It's very hard to run when the phone and the watches is constantly alerting me to emails and texts and clients. But I try to go into private mode and turn up the music and then when I'm running it helps me kind of clear my brain. So the 5k is just kind of a personal goal of mine. Want to be able to do that. Haven't quite picked the particular 5K yet, but there's a lot of options.

Speaker 1: 6:08

Okay, well, we're going to go back to that question about training, some other things here in the middle of our segment. But listeners out there, I met this gentleman back when I worked at Kroll and his energy, his demeanor, his professionalism and no question I had when I started incident response was never, never done. Devin took the time to talk with me, he was very patient and I learned a lot from him. It's truly an honor to have you here, but I think what our listeners would like to know is what is your favorite thing about incident response and why did you get into it?

Speaker 2: 6:41

If you had asked me that question a decade ago, I probably would have responded and said the investigation, the fact finding the true application of forensic science when you're responding to an incident is my favorite piece of incident response. It's still invigorating to find something new. You're working on an investigation, you discover a new technique. You tie the proverbial strings between a threat actor across different engagements, but the teams I work with now are experts in that and in any career there's a natural progression to where you are as you work through your life. My current focus now is in the refinement of the incident response process, the dependability or the repeatability of our approach as a team, as teams, as a business, as a global kind of IR team, the way we do our findings, the way we present our findings. My focus now is kind of on the refinement and the presentation layer. I'm passionate about the defensibility of instant response and specifically you could say that's my favorite thing. I'm passionate about when we portray, present, demonstrate findings, that when we get asked how do we know that, there's like an invigorating moment of excitement in me and maybe that's the nerd right. There's definitely some of that, but there's a passion because there's a lot of vocations out there where it's well, I just know there's a lot of vocations out there where it is similar to what we do, which is it's education, it's experience, it's I tested this. Therefore, I can repeat it right, the repeatability process, the forensic, the science of what we do, and digital forensics is in the underpinning of incident response. Right, incident response is simply responding to an incident. So a lot of individuals are incident responders, right, lawyers are incident responders, claims managers and insurance carriers they are helping respond to an incident, brokers even. But what we do on the consultancy side, or the investigative side, is the merging of digital forensics with that right. So there are so many individuals that have entered the field of DFIR in the past decade, and many will continue to do so, that in the coming years, as colleges and universities, they're all adding a growing focus on this DFIR career path that you know I enjoy. My website, even about DFIRcom, has a whole page devoted just to higher education four-year degrees, bachelor's degrees, master's degrees, even PhD programs focused on DFIR.

Speaker 2: 9:05

And in your original question, like what's the favorite thing for me about this response, with all of the advancement of our craft, of our careers, of digital forensics, frankly, even in the top of headlines even now. There was a recent show just released on Netflix where there a cyber attack happens and digital forensics is mentioned in that show. There's a generation of students who are exiting education with a degree now and they want that hands-on, real-world experience. They need the investigative piece.

Speaker 2: 9:33

That's my favorite thing about Instant Response it's taking someone who is new to the craft. They have kind of the science, they have the IT underpinnings. They need to learn how to be disciplined. They need to learn not to be over-reliant on tools and automations and not rely upon the easy button, because the easy button happens naturally. In our career we see very similar things over and over again and I want to move. I want to continue helping that next generation of examiners move beyond the easy button and more to the trust but verify side of the science of our craft. So that's what I'm passionate about. That's my favorite aspect of IR.

Speaker 1: 10:13

I love that. I love that, if we could take a step back, what led you to join the FBI? I'm always fascinated by people that serve.

Speaker 2: 10:20

So I'll get a little emotional with my answer here, please do I wrote about this actually in my book.

Speaker 2: 10:38

So if anyone's read my book Diving In An Instant Responder's Journey, there's a chapter at the very. I owned an IT company and I knew I didn't want to web design and IT you know building of computers forever and I was looking for that kind of the next thing. My mother had actually walked in. I was wrapping up a particular build for a client at the time and in my office my parents were able to come see me on a regular basis and my mom came in and she said I found this really cool article about a new degree program at a college called Champlain Champlain College in Burlington, vermont, and it was actually authored by a gentleman by the name of Gary Kessler. He was leading the digital forensics program at the time and he was talking about this whole new kind of degree that he had had launched and Champlain was certainly one of the leading colleges had had launched and Champlain was certainly one of the leading colleges.

Speaker 2: 11:26

The reason why I'm telling you this story is my mother was very integral into the next steps, which was me actually getting into that degree program and changing my major. What led as part of that was an internship. Something was very exciting was there was something called an honors internship for the FBI and you could apply and if you were successfully selected, you'd get a background check, you'd get a clearance and you could work in one of the regional computer forensics laboratories that the FBI sponsored across the United States. There were multiple at the time. I was fortunate enough to win one of those honors internship opportunities and I got to spend over a year in that internship program, first New Jersey RCFL and then in the Atlanta field office. All really because my mother found an article which led me to digital forensics, which led me to Champlain, which led me to an awesome opportunity for that. What followed after was an acceptance and an invitation to a class at Quantico and ultimately the graduation 24 or so weeks later, an agent of the FBI.

Speaker 1: 12:32

What an incredible story. That is just that's fate. That's definitely fate. Who would know that? That would just change your whole life trajectory. I think that's really awesome. What is a typical day look like for you? What that looks like If there's any routine best practices.

Speaker 2: 12:48

Yeah, so a typical day for me. I'm the generation, thankfully, I get to work from home. And so, you know, in the kind of post COVID era where a lot of people had to work in offices, you know, post your FBI career, I've always been able to work from home. So my typical day I joke with people that my commute is about 37 footsteps I wake up and do all the normal things everyone does, you know, put my pants on one leg at a time, but I get my coffee and I pretty much come straight up the office and of course there's family and there's kids, everything else that goes with that. But my typical day is getting right into it.

Speaker 2: 13:23

I don't really waste time. My typical day is getting right into it. I don't really waste time. I jump right into work and I have quite a nice home office set up away from kind of the rest of the house, and so I can kind of really focus. I don't have a lot of the distractions.

Speaker 2: 13:34

So normal day in consulting world is a lot of emails, a lot of phone calls. There's some days where I have anywhere between 15 and 20 phone calls, where I have anywhere between 15 and 20 phone calls, and that's typically a combination of clients, law firms, insurance, putting a lot of proposals together but also executing on the work. I do kind of a range of expert witness work, advisory work, as well as actual hands-on forensics still, and interwoven in there is leading teams. I'm, you know, in my, in my current role as global head of DFIR for cyber reason, my focus is on uh, qc processes, but also relying upon and, frankly, emboldening the teams that I have to execute because they're experts, right. So a little bit more of the the kind of, you know, working from the shadows with the teams, because shadows with the teams, because we have very good people that I get to work with every day. But my typical day is kind of all of those things and then go to sleep, wake up and rinse and repeat and do it all over again.

Speaker 1: 14:35

So that's a lot of activity during the day. How do you decompress from it? Because I know I get exhausted if I'm talking to people all day or doing Zooms.

Speaker 2: 14:50

How are you decompressing? How are you taking care of yourself? So I, you know we talked about music earlier. I love getting to unplug with concerts and music, but my real focus is, you know, once or twice a year getting a good trip, not unlike, I'm sure, many of your listeners and probably even yourself.

Speaker 2: 15:02

But there's a spot out west that I go, and when I had the opportunity I haven't unfortunately been the last year or two because a lot of things have happened in my life but for several years in a row I've been able to go out west and there's an area that I get to kind of unplug and there's no cell coverage and it's in the middle of 24, 25,000 acres and it's just, you know, proverbial. God's country is flat, is. There's not a lot of trees around, but you can walk all day and not even hit the edge of the property. For me, and kind of the nonstop digital, electronic overload of life with, you know, I've got six monitors on my desk and you know an iPad and this laptop and a phone and a watch it's not on my desk and you know an iPad and this laptop and a phone and a watch.

Speaker 2: 15:45

There's times when just unplugging and not even having the ability to be tempted by a digital connection is really nice and there's something really peaceful about it. There's something where it's just, it's very, very different. It gets me out of my element. So my decompression piece is really how do I kind of get away completely where I can't be distracted by it, and then when I come back I'm kind of fully rejuvenated. So that's kind of my, that's my one guilty pleasure that I allow myself.

Speaker 1: 16:15

That's not guilty at all. That's beautiful. I know we talked about the 5k. We're going to jump in a little bit about that, training and all that, but are you incorporating any wellness practices, meaning any meditation, any walking? Are you, are you getting out from behind those?

Speaker 2: 16:30

Yes, so I probably have kind of talked a lot about work, work, work, and maybe that's what the audience is hearing a little bit here. I do my best to have a healthy life, work balance. So, right, I've got four beautiful children and ultimately the family that kind of goes with that right, so part of my life is focused on a lot of water. I'll tell you right now, there's nothing better for kind of the body than balancing what goes in it. That's a big piece of it. But from a standpoint of unplugging and having time on the weekend where I don't have to be on, yes, sunday is a big day for me, right, and that's a big focus of that when I I'll give you one more piece.

Speaker 2: 17:13

When I travel and I had almost 90, I think I had 96 flights last year it was a very busy year. Every time I'm on a plane, I try my best not to work on the plane. There's times when I have to right, there's times I have to get on the internet, I have to get proposals or emails out. When I'm on a plane, I actually have shows downloaded on my iPad and I just disconnect a little bit. That's, that's a for me.

Speaker 2: 17:38

That's a little bit of a wellness practice because I can kind of I can watch catch up on some new show. I can catch up on something that's different, because I don't do that during the normal week, like I don't typically get to watch shows in the evening and really done on the weekends. My my time to finally catch up on some new show that everyone's talking about is on a flight where I have an hour of respite and I don't want to talk to anyone around me. Anyways, right, put the AirPods in, put the noise canceling on and then escape and do a couple episodes of a show, and I may not even get to watch that show for another couple of weeks till the next flight. But that's kind of my. That's my balance.

Speaker 1: 18:16

Now I'm curious to see what shows are you downloading and watching? Any of these cool series like Paradise, anything like that?

Speaker 2: 18:21

Oh, mercy. Well, I certainly I imagine I'm probably like much of your audience, watching Severance and very much that. That is an awesome show. I've definitely caught up on Prime Target a little bit is an awesome show. I've definitely caught up on Prime Target a little bit, which is also a show on Apple Plus, and it's kind of interesting. It's all about prime numbers and a little bit nerdy but very interesting show.

Speaker 2: 18:43

There was another show and it's escaping me, It'll come to me in a minute but there was another show that is, oh, it's called the Silo. I knew it would come to me. Also very, very interesting show. I've enjoyed that. And probably the last one I'll share is a show called Dark Matter. It's about a gentleman that figures out how to move between the multiverse, which not of the Marvel fame, but of a very interesting way that he shows how to move between versions or parallel universes, but in a non-nerdy way. It's actually. It's almost, I would argue, a little bit believable. It's a very realistic kind of show and the last season was quite an interesting season finale. So, yes, definitely try to catch up with some of those when I can.

Speaker 1: 19:24

That's cool. Yeah, I could probably have another episode where we talk about dark matter. I'm into that stuff as well. It's like I don't know if it's the field of being in cyber, but you're always looking to learn more and push the envelope when it comes to things like that. Yeah, that's really cool.

Speaker 2: 19:39

Yeah, exactly.

Speaker 1: 19:41

Okay, so when you're traveling, if we see you on the plane, you got your AirPods in. We're not talking right.

Speaker 2: 19:46

That is you know what. I'll never ignore someone too rudely, but I actually have one funny experience I'll share very briefly. No, go ahead too rudely, but I actually have one funny experience I'll share very briefly. I was on a flight it was cross country I was heading out for a speaking engagement and an elderly individual who, it was very obvious, was very uncomfortable flying was very nervous.

Speaker 2: 20:07

It was just. It was very obvious to me they're very nervous. They sat to my right at the window and, ironically, as I found out during this conversation, they were petrified of heights and I'm like, oh mercy, we should switch. But the reason why I'm telling this story is there are times, most assuredly, where I'm kind of aware of my surroundings and I could tell this individual this was not going to be a flight where I could just kind of disappear into my own world. I ended up having a really fun conversation with the individual and I think it helped distract them a little bit. But they were, you could just kind of tell they were very, very nervous.

Speaker 2: 20:38

It was definitely someone of a little bit of an older generation and they were by themselves, no one was traveling with them, and I definitely had fun talking with them on the flight. I got to kind of learn about their life. It was a very long flight. At some point you get a little worn out of talking about stories and listening and smiling, but it was still good. I think they needed it, I think it was a good distraction for them and they did not go to sleep or read a book the entire flight, so I was their entertainment, but it was still a. It was an enjoyable time.

Speaker 1: 21:08

You're such an awesome human being for that. I love that, because I would have done the same. It's like like if I see somebody that's kind of struggling, I'm definitely going to be there to help. I love that you shared that story. When you aren't traveling, or even if you are traveling, how's your nutrition? How's your sleep?

Speaker 2: 21:24

Yeah, I. So I will tell you right now I probably do not drink or eat as well as I should, and I think probably most people would say the same, unless you're a complete gym and health nut, which again I say that lovingly, people that take care of themselves I have extreme admiration for I wish I had the time. It's also extremely expensive, right In this day and age just to eat right Water. I mentioned that earlier. Like I'm a huge proponent of making sure, like I don't think a lot of us drink enough of water. It is in a balance that our kind of our body needs, and when you don't, you have a lot of health concerns, so I'm a huge proponent of that.

Speaker 2: 22:01

I have a large, I have an Amazon subscribe and save order that regularly is sending me that kind of stuff. But on the fun side and some people may cringe at this I enjoy Celsius drinks but there's a lot of caffeine in those and so I try to limit myself. But that's also kind of my, that's my, that's my one guilty pleasure. On the nutrition side, look, I, I definitely try to make sure the vegetables and the fruits. You know I almost sound like I'm I'm admitting something to my mother here a little bit, right, melissa? Please don't. Please don't tell me I can't have another donut, but I definitely try to make sure I typically do skip breakfast. It's usually one of the meals I skip every day, so I definitely rely upon the lunch, and then I try to make sure I have a pretty healthy dinner. So I'm not necessarily the best example of healthy food life balance, but I do try to pace myself.

Speaker 1: 22:50

Okay, so we got a few things to work on here. I pace myself Interesting. Okay, so we got a few things to work on here. The sustainability of wellness you know you mentioned earlier that you have a team that you lead and whatnot Do you ever talk to them about? Hey, you know what you need to take a break. How does that play into your leadership and wellness?

Speaker 2: 23:10

Yeah, no, it's a good question. So I hope all the team members or employees that I get to work with and work with would hopefully say the same thing, and it's that I always have advocated for family first when I've got employees, when I've got team members that need to take a break or they're burning them in the midnight oil because of some new engagement. We were, I think, a lot of us that are a personality and driven to accomplish these types of investigations and do incident response. We're wired a little bit differently, right, we like go, go, going. We like helping a client during a victim of a cyber attack. It's how we're wired.

Speaker 2: 23:50

But any person will hit a wall at some point. We all have different lengths that we can go before we hit that wall. Some people hit it after a couple of days of nonstop. Some people don't hit it until a couple of months, and I've worked with a lot of different personalities. So to your question, I very much try to keep fingers on the pulse of all of my team members and watch the ones that I know are very driven, very dedicated, always on, and I do try to make sure they are taking time for themselves A little bit of. It's a balance. We're all big boys, big girls, professionally, proverbially speaking. We're adults. I trust our people to make good decisions, but I do advocate for them. One kind of example that comes to mind I've had, and we all have had, right, we've all had situations in our lives where our family members need us and we need to unplug. And there will be times when I get that text message or that phone call hey, I've got X, y, z and I've never, ever once, done anything other than I've got you. You need to focus on that and I don't really care what's on your plate. We will figure it out because we will right, if we can figure out how a nation state threat actor stayed in a client's network for six months undetected, I'm pretty sure we can handle someone's workload while they go take care of a family member or take care of something that matters, right. So it's all about perspective, and I'll take that one step further.

Speaker 2: 25:16

A lot of us that, and maybe some of your listeners that, have worked in law enforcement or have worked in military careers. There's a different. I think there's perspective when you exit law enforcement and you look at what the private sector views as emergency, and I think that can really help in a positive way, that perspective, because there are times, there's times in my consulting career where I've been in a meeting room and someone's having a meltdown and it's their worst day, and I'm looking at the situation, I understand why it's important to them, why it's so major. But I'm looking, I look at it from a kind of a different perspective of I've gotten a call at two o'clock because a child's been kidnapped and we need to go find the child. I've gotten the call on a weekend when I'm sitting down to dinner or at church with my family and it's hey, we've just had a bomb threat called in and as FBI you go and that's the job you do, like there's perspective to what are real major events that really need kind of the adrenaline rush or the this is something we need to focus on kind of response. And then there's life, and then there's work.

Speaker 2: 26:24

Life, right, I think perspective is a big thing here, that there are times when what is big to someone, it's important to them, right, I'm not advocating for minimization of it or acting like it's not important, but there's that perspective that comes with having worked with really traumatic experiences and events. And then when other things happen in life. Even in, like, in consulting, I think I have an appreciation for what really is a big event and what really needs to have all hands on deck. You know, kind of five alarm, fire, sure, and what things. It's like we got this, we can deal with this, this is just another day, and that kind of slowing down, calming down, pacing oneself. It comes with time, it comes with wisdom, if you want to call it that. It comes with experience and.

Speaker 2: 27:13

And a lot of people I get to work with, I think, thankfully have that kind of perspective. So when you surround yourself with individuals who are less likely to be alarmist, it equally calms. On the inverse, it calms me down, and that's. I really rely upon my team just as much, as I hope they equally rely upon me as well.

Speaker 1: 27:30

I would say you and I know a lot of the same people in incident response and you definitely exemplify leadership people and incident response and you definitely exemplify leadership and other people I have known in this industry. They have this grace under pressure and everything that you stated. You're so calming, you're so you know. It's like the house could be burning down, but I've got Devin over here. That's like you know what. We're going to fix it, we're going to take care of it and I think that's what we need to see in leadership. I don't care if it's cyber or consulting or manufacturing. That's the kind of leadership we need, agreed. What advice would you give to someone that's listening we have listeners all over the world now, which I'm happy about, and somebody may be going. You know what I really want to check this out as a career. What advice would you give to someone that's contemplating doing incident response?

Speaker 2: 28:17

advice would you give to someone that's contemplating doing incident response? Ooh, good question Getting into a career of incident response, getting into a career, you know, digital forensics or DFIR is certainly not something to take lightly. One of the interesting things is I've seen I've seen a kind of younger generation that wants one to get into incident response because, you know, maybe they've read an article, it pays well or it's kind of a guaranteed job because there's a lot of opportunities to be hired still in this craft, in this industry, because there's so many more jobs than there are qualified individuals to fill those jobs. Instant response, with some exceptions, it's kind of an always-on role, especially in the consultancy life. Now, look, there's a lot of companies you can go to work for that you're in-house IR and outside of an actual all-hand-on-deck incident you're probably working kind of the normal 8 to 5, 9 to 5 job and I get that In consulting. Again, my perspective, because that's what I've done in my prior place, post-fbi, and my current place, cyber Reason, we sometimes go for 10, 14, 21 days at a time because that's just the nature of incident response. There will be a major incident and it will have a domino effect across different industry verticals, different clients and we're looked at humbly as the experts in that right and there's a lot of vendors that do what we do. So I'm not just saying it's just us, but we are looked at as that. So we get the phone calls, we get the engagements. The thing that I would tell those wanting to get instant response is be prepared to not necessarily have a normal nine to five life. Okay, if you want that, it's just be careful of who then you work for, because if you're in the consultancy world or the law enforcement world, you will have the kind of. You'll have a lot more of the five alarm hair on fire days than not, because that's just the nature of it. We're responding to incidents and instant response right. So and if you're not responding to incidents, you're probably really bored and you're probably not getting to practice your trade and your craft. So that's the one big thing I would say advice I'd give someone entering IR. Now that's kind of the hey. Just be prepared for what you're going to get into. Maybe the more the grass is green on the other side, be prepared to learn non-stop.

Speaker 2: 30:34

Digital forensics and response is truly a scientific field that is not only evolving. Every single investigation I have done in the 15 to 20 years of doing this type of work, right From the FBI to private sector and I would imagine many of your listeners would agree with this. Many people that I work with would agree with this. Every single investigation if you're not learning something, you're not paying attention. This is not like a lot of industries were like I went to school, I learned how to do the thing, I got the paper and now I do that for the next 30 years before I retire and there's no real more learning. Every case we do, there's a new type of code, there's a new type of malware, there's a new technique, there is something that ties the strings together, that ties this organized crime group or this e-crime group to this other intrusion, and you didn't know who the director was. It's a constant, ever-expanding web.

Speaker 2: 31:30

That goes back to an earlier question of what am I passionate about?

Speaker 2: 31:33

What do I enjoy?

Speaker 2: 31:34

A little bit of the advice that I would give to those wanting to come into IR is be ready to constantly be learning.

Speaker 2: 31:43

There are days I go to bed exhausted because it's like I woke up thinking one thing you know, I had a calendar of this and we got really nitty gritty into an investigation and all of a sudden it's like and we got really nitty gritty into an investigation and all of a sudden it's like it's a domino effect of learning and then trusting the verification. It's testing and repeatability. We see this, but is that truly what that forensic artifact means? Let's go set up a test instance, let's recreate this and, before you know it, the day's you know you're at nine o'clock at night. So that's kind of the last piece of advice I would give is be prepared to learn, be excited to learn. You need to be passionate about that in this industry, because there will be days where you will automatically just be drowning in new information and you'll be talking to someone who's been doing this for maybe another 10 years older than I have been doing it, and they'll probably tell you the same thing. Be prepared to learn, because every day is a new experience.

Speaker 1: 32:40

Well, you want to be mindful of your time, but I have two more questions. Are you seeing an uptake in breaches? And it was just dead. So are you seeing an uptake in breaches?

Speaker 2: 32:58

And is there anything unique? Because you say that you know it's a constant thing. New things are coming up. What are you seeing today? Yeah, so the threat actor landscape, to kind of ask you your question, threat actor landscape has evolved, but it is also, honestly, continued to increase. So threat actor landscape is broken into a couple of categories Organized need crime I mentioned that a minute ago and those are typically financially motivated threat actors. There is no end in sight for financially motivated threat actors who want to steal or misappropriate money that someone else has owned or, excuse me, so threat actors that are looking to get into a business email account, compromise and reroute an invoice. That's not going away anytime soon.

Speaker 2: 33:34

Ransomware threat actors right, it's for those. You know they're kind of not in this industry, not in the cybersecurity industry. They're your listeners. You know ransomware events where a threat actor breaks into a network, breaks into some type of data storage environment, whether it's online or inside of an on-prem network. Their goal as ransomware is to encrypt your data. Well, steal some data, encrypt the data they leave behind and then do something we call double extortion where they're hey, pay me to decrypt it, I'll give you the key. You don't want to pay me because maybe you have backups. Well, I'm going to extort you because I've stole this data and you really don't want me to show this to the world. Right? That whole double extortion crime.

Speaker 2: 34:17

There's a financial incentive for a bad guy potentially living in a third world country who doesn't have, maybe, good income opportunities, or maybe they do and they just want to be a criminal. There's a financial incentive to try to make hundreds and hundreds of thousands of US dollars, or millions of US dollars, by hacking. Right, it's the dark side of the black hat, white hat argument with hackers. So that's organized crime. And then you've got nation state. You've got these advanced, persistent threat actor groups, the nation state threat actors that are stealing research and development, or the advancement of some type of military apparatus, intelligence collection requirement of a host nation, of a host government. There is no end in sight for that. Every single government wants to figure out what some other government is doing and they're going to leverage cyber in this day and age for that. We're seeing that even right now in world conflicts. We saw that months ago with the pager gate incident I think I have that name right where all the pagers exploded in the Middle East and all of that incident that happened. It was the end step of a cyber-related attack and a supply chain attack. We are living in this kind of world where all of these threat actor groups it is so much easier to sit behind a keyboard than it is to you know potentially walk into another country and do things hands-on.

Speaker 2: 35:32

So cyber to your original question has absolutely continued to expand. It is very busy and I think that's also a testament to all of those that have come into this career path, that are now graduating college. They're entering the job scene and they're getting jobs because the skills that we have as investigators we don't respond to incidents, understand logs, understand artifacts. Respond to incidents, understand logs, understand artifacts, putting timelines together. It's a necessary skill, right. So there is no small amount of or lack of work at all in our industry and there's a lot of vendors that have entered the space. A lot of people have entered the employment market and they're all very busy.

Speaker 1: 36:12

Wow, that's fascinating. I would love to ask more as we wrap up here all the busy and amazing work that you're doing and continue to do. Are there any professional or personal goals you have mapped out for this year?

Speaker 2: 36:26

So I came to Cyber Reason middle to end of last year. Cyber Reason is about a 12-year-old company. They are largely known, kind of in, I think, the global sphere for being an EDR product company.

Speaker 1: 36:40

Yes.

Speaker 2: 36:41

Endpoint Detection and Response and they had a small internal IR team that was focused on helping MDR customers, their Managed Detection and Response customer base, with incidents, with flare-ups. The consulting space, for several reasons, as a company, is new and that's what I'm here to build. So when you ask about my goals, I was recruited and hired to help build the consulting business and we're doing that. So one of my goals for this year is to continue building and ramping this brand new part of an established brand, an established company to build a whole nother vertical within this brand as cyber-recent consulting, which, again, did not really exist before we got here. It didn't exist.

Speaker 2: 37:24

And so everything from proactive services and advisory and testing and off-site, but my bread and butter, which is the reactive side, the responsive, responding to an incident type consulting services and building the teams, hiring the right people that can do that and doing that globally right, even though I sit here in the US, I have my eye on Canada and Europe and Asia Pacific market and we have a team in Japan. So that's my both business but also personal goal is being successful. In that I want to. I've invested a lot of time and energy and I'm working with an amazing group of team members that I've gotten to work with for many years and we're here together to do this and build this and do it right and take care of our customers.

Speaker 1: 38:07

Well, there's no doubt, with you and some of those amazing people, that you're going to be ultra successful, and I'm so glad that you stopped by to take us a little bit deeper into what's going on in the world. I really thank you for your time today.

Speaker 2: 38:23

It's been my absolute pleasure. I would love to do this again.

Speaker 1: 38:27

We definitely will. We definitely will. I just want to say real quick thanks to the listeners that are subscribed from Belgium, india, austria, australia. Thank you very much for tuning into the show. Please remember to subscribe to our podcasts on various platforms, including Apple, spotify, iheartradio and many more. Thank you for tuning in and take care.