The Next Generation & Core Competencies for DFIR Analysts

This week I had the privilege of speaking with a group of Network Security students from ECPI University in Greenville, SC on the topic of what employers look for in hiring graduates into the information security field.

When I first outlined what I thought I wanted to share, I realized I focused too much on technology and not enough core competencies in the area of critical thinking and personal qualities.

As a result, I balanced my presentation and landed on what I hope to be a discussion on why competencies in these key areas (as well as basic skills) is the most important component of what employers seek when hiring new talent. My thought process here is that a great attitude combined with a good aptitude will compensate for a lack of hard technical skills and “real-world” experience.

While I have been involved in hiring several dozen people during my 26 years in the information technology / DFIR field, I still rely on the intangible “x-factor” in making those decisions.

Below is more narrow list of core competencies I presented to the students, it was derived from a compilation of books and information I’ve read over the years including Type Talk and other leadership authors.  Stay with me as I tie this all back to DFIR work.

Critical Thinking

  • Inquisitive
  • Creative Thinker
  • Reasoning
  • Decision Making
  • Problem Solving
  • Organizing and Planing

Decision making and reasoning involve gathering information, evaluating various solutions, and selecting the best option. Sounding like qualities a DFIR analyst needs?

Planning and organizing are also critical thinking skills. The ability to plan and organize means you will get tasks done and done correctly (with high efficiency too.)  A person who is well organized is prepared to do the job correctly the first time.

Creative thinkers come up with new ways of doing things that add value and serve customers/clients more efficiently. They offer new perspectives about the job at-hand. Again, I think these are key components in DFIR because no two DFIR situations are the same so having creative approaches to problems is an absolute necessity.

Finally, a lifelong learner will always be valued in the marketplace and to their clients because you become a linchpin when you continually evolve and educate yourself on new ways of tackling a “problem.”  The person who is receptive to learning new things and techniques will be more successful than the person who is afraid of learning new things.

Personal Qualities

  • Inquisitive ** (yes I think it’s that important)
  • Responsible and Accountable
  • Self Confidence
  • Self Control
  • Honesty and Integrity
  • Adaptable and Flexible
  • Well Groomed
  • Self Directed
  • Self Motivated

Among the Personal Qualities I would like to highlight include for current and up-and-comming DFIR analyst include:  Self-management or self control is the ability to manage your personal feelings and reactions to challenges on the job and in life.

Likewise having a strong value system with a reputation for honesty and personal integrity is key because a DFIR analyst may inadvertently discover information about others they rather not know or wish they had not seen.  The analyst must be beyond repute and trusted to not share that information. For that reason, I subscribe to the need stronger ethics reviews from the major certifying bodies.

Self Confidence is another key for the new DFIR analyst because one day they will be faced with defending their opinion or findings to their client, employer or Court of law. In those cases, the decision maker will likely read the body language of the analyst more than the written/spoken words. As we know some organizations train their agents on how to present information, findings and opinions to most effectively support their case. The private-hire examiner does not have this luxury and must seek “experience” through non-traditional methods. I took it upon myself to be coached by a couple of local attorneys (one civil; one criminal) on how to best present the relevant pieces of information to a court. I found this exercise eye-opening and used a recent opportunity to watch a couple of cases tried on In Session. (Boring?  Yes, perhaps, but for those non-legal type it is a good way to understand the flow of cases.)  Remember experience can come from any source; it is all about what you derive from the content you consume.

It might be argued that personal qualities of well groomed and self control are too obvious for this list; however, does any attorney want to see an unkept, unfiltered witness on the stand?  Likewise, I do not think an employer would desire such a personality for fear of the unknown potential harm to the organization.  It is not my intent to rationalize discrimination in any form or fashion, rather state the obvious. If someone wants to be taken seriously, they should present themselves in a serious manner.

I could write about each of the other core competencies I have put forward, however, I think you see where I was headed — DFIR analyst need more in their “bag” other than technology, tools and techniques; DFIR professionals must have the soft skills (that I suggest are core) to solving any DFIR problem.

Keep sharing….

Leave a Reply

Your email address will not be published. Required fields are marked *