Her current role as an Incident Response Manager at Cargill provides daily challenges "in the trenches" and demands constant technical growth. Alissa is also founder of her own firm, Sibertor Forensics, and has taught internationally in more than 10 countries.
Memory forensics is a bleeding-edge field of Digital Forensics & Incident Response (DFIR), and Alissa is the lead author as well as an instructor of FOR526: Memory Forensics In-Depth and co-author of the SANS Memory Forensics Poster. She also teaches FOR500: Windows Forensic Analysis; FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting; and SEC504: Hacker Tools, Techniques, Exploits and Incident Handling.
Alissa was introduced to digital forensics during her four years of service in the U.S. Marine Corps. She moved on to various technical roles at KEYW Corporation, Northrop Grumman Information Systems, and as part of Mandiant's computer incident response team (MCIRT). Alissa has worked as an instructor at the U.S. Cyber Challenge Camps and at the Defense Cyber Investigations Training Academy (DCITA), delivering incident response and network basics to security professionals entering the forensics community. She is passionate about sharing knowledge, presenting annually at regional and national industry conferences and encouraging women's participation in science, technology, engineering, and math through regional outreach programs.
As both an investigator and instructor, Alissa has a constant and infectious desire to always learn more and question everything, an ethos embodied in the SANS DFIR classes. "Our curriculum ensures students gain an understanding of why an artifact matters and how the tools interpret the data." Alissa explains. An inquisitive nature can be the determining factor in investigative success, as Alissa learned when she identified a critical error in one of her team's web proxy timeline procedures. This discovery allowed for the correction of contractual fraud investigations involving the U.S. government. Sharing personal success stories like this one gives students real-world applications for the material they are learning and inspires them to evaluate and optimize their own investigative processes, whether in incident response, digital forensic investigations, or internal offensive reconnaissance.
As attackers learn how forensic investigators work, they become increasingly more sophisticated at leaving fewer traces behind. "We are in an arms race where the key difference is training," says Alissa. Toward that end, she encourages her students to ask more questions, grow the common body of knowledge, and make a difference in the digital forensics community. Her teaching style is best described as a type of "exposure therapy" that introduces concepts but then pushes students to get behind the keyboard and apply these concepts themselves.
Alissa's true passion is memory forensics, a rapidly evolving area of expertise for both attackers and defenders. As malware strives for a minimal footprint on the host, the battlefield exists in system memory. Alissa's students take the skills taught in FOR526 and move their investigations forward, in some cases even uncovering new details in their cases before the week-long class ends.
Alissa has a B.S from the University of Virginia and a M.S. in information technology from the University of Maryland. She is a GIAC Certified Forensic Analyst (GCFA), and holds the GCFE, GCIH, GSEC, CISSP, and EnCE certifications. Alissa has served as a member of the GIAC Advisory Board since 2013 and was recognized by SC Magazine as one of its "2016 Women to Watch." Needless to say, she stays pretty busy. When not enmeshed in metadata and memory structures, Alissa catches every soccer game she can, cheering at her kids' games and scheming to attend matches of her favorite team, Everton. In what time she has left from constant cybersecurity vigilance, Alissa enjoys hiking in the Puerto Rican rain forest and scaling rocks at Big Sur.
- More than 15 years of experience in computer and network security
- Lead author of SANS FOR526: Memory Forensics In-Depth
- GIAC Advisory Board Member since January 2013
- Co-author of the Windows Memory Forensics Poster
- Listen to Alissa?s webcast at: Know Normal, Find Evil Windows 10 Memory Forensics Overview.
- Read Alissa's white papers on the SANS IR Survey and Building a World Class SOC
- GIAC Security Essentials Certification (GSEC), June 2015
- GIAC Certified Incident Handler (GCIH), June 2014
- GIAC Reverse Engineering Malware (GREM), July 2013
- GIAC Certified Forensic Examiner (GCFE), January 2013
- Certified Forensic Computer Examiner (CFCE), December 2012
- GIAC Certified Penetration Tester (GPEN), July 2012
- GIAC Certified Forensic Analyst (GCFA), November 2011
- Certified Information Systems Security Professional (CISSP), December 2010
- EnCase Certified Examiner (EnCE), July 2010 - July 2019