From One Defense to Another
Never thought a career in IT would be one for you? Think again. That’s what happened to Kevin Ripa. Kevin stumbled upon cyber forensics by chance. He had a military background, serving in the Canadian Armed Forces, and then started a private security company to provide physical protection services to individuals. After an intrusion and threat to one of his client’s safety was solved by utilizing cyber techniques and tracking, he was introduced to another, more intriguing measure of security. Grasping that threats come in all shapes, sizes, and bytes, his curiosity drove him deeper into this dynamic field.
With the rapid-rise of the internet in the mid-90s, a growing use of personal computers and laptops created a breeding ground for information breaches, bugs, malware, and malicious theft of personal information. This was a paradigm shift in personal computing, balancing speed and rapid development of internet-based applications with threats that were introduced in a newly connected world. Kevin came to the realization that there needed to be better ways to protect people’s information.
Kevin built his own digital forensics lab in the early days. There was a need to resolve computer issues and recover lost data. It was a different time from what IT and cybersecurity are nowadays.
“Operating systems came on floppy disks. There was one browser. Google hadn't been invented yet. Datasets were small. There was no RAM collection/analysis. There were no smartphones. Cloud was a very esoteric concept,” Kevin said. Today's internet is a different beast than how it started. Who remembers Ask Jeeves?
When Kevin pivoted to Cyber & Forensics, there were many technical and user-error issues arising from the use of personal computing on the internet with few viable solutions. This new era of information and data still needed time and discovery to understand what it all meant to the average user. As people began to look for a service to recover deleted files or lost data, Kevin’s forensics lab services started to grow in demand. His business transformed. This was during a time when it – the internet and technology – was starting to get faster. Ripa started to speak at conferences across North America. As word spread, legal services also wanted to partner, especially in civil and criminal matters. The Digital Forensics and Incident Response (DFIR) space was rapidly evolving into a science, and information security was a top priority. It has gotten even more important in the years that followed.
Beyond the Age Barrier
Curiosity is key, regardless of where one is in their professional journey. The beauty of cybersecurity, especially DFIR, is that it allows individuals to leverage their non-technical experience, and pivot into a new career. People of all ages can relate to the risks associated with the use of end-user computing (EUC) devices including laptops, tablets, and smartphones that connect to digital environments. Protecting data is paramount to ensuring user experience and a safer digital environment to navigate. In fact, when an attack, or incident, is detected, the next step is to take actions to protect, while preserving the evidence that may be needed by law enforcement to prosecute criminals, or threat actors who are responsible.
Like Kevin, a career shift into DFIR can happen at any time. Sometimes not having a structured roadmap is okay and spurs innovative brainstorming and problem solving; both skills are essential for getting into any field. Learning by experience has its value, it uses another part of the hippocampus to create that memory. Getting started is the first step.
Start at the Basics When Choosing a Niche
Thinking of getting into cyber and not sure where to start? While figuring out the basics of infosec (information security), a specialty or niche may call to you and pique your interest more than other areas. For beginners, DFIR specializes in analyzing, resolving, and investigating cyber security incidents and mitigating digital threats. This sets up a foundation of knowledge to deploy safeguards in everyday situations, such as data loss and recovery. This is a unique and versatile place to start in cybersecurity, learning applicable use-case scenarios and applying solutions in everyday situations.
Kevin didn’t pick DFIR, DFIR picked him. There were not many specializations when he started out in digital forensics. When beginning in the DFIR field, take the time to research everything - EVERYTHING. Stay current with what’s happening in tech news. Find thought leaders in the industry, listen to their seminars, read their blogs, stay in the network with likeminded individuals and social groups. Then, when ready take an intro course, see what is out there. “Don’t be afraid to fail,” Kevin said. Just keep learning and asking questions. Kevin tells his students to keep their chin up, continue to be curious, and ask questions. He suggests that to truly understand, one may need to go back to the basics of breaking down the physical components of a computer.
Now that information is so easily at our fingertips, literally, it's even more important to secure that information and data. Be a catalyst, dig deeper. If you are a curious person, a problem solver, a true born detective, then DFIR may be the field for you. A focus area may be on preserving a safe digital experience where data is always being transferred, back and forth, through cyberspace. Personal data. Personal identifying, “secure” data. But how secure is it? By being in a DFIR career there are so many doors open to investigate, remediate, and protect.
Sometimes the best way to learn is to teach. Near the end of Kevin’s military term, he became a boot camp instructor and his love for teaching was sparked. His passion continued into teaching as he moved his physical security career into a digital one. Today, Kevin Ripa has taught many SANS courses ( FOR308, FOR498, FOR500, FOR578, SEC301, SEC401) and has a very active YouTube series: 3 MIN MAX, where you can find him giving away bite-sized chunks of his SANS courses in Digital Forensics and Incident Response. His curiosity for DFIR shows in his cheerful energy while teaching, and he doesn’t mind dissecting topics further. To this day, Kevin’s drive has motivated him to continue learning in cybersecurity, teaching students, and protecting them from cyber threats.
Brilliant ideas must start somewhere, but with today’s capabilities and wealth of information, a career in DFIR is limitless.