So the first post after my soft reboot into DFIR could not have worked out any better, this is an interview with Elan Wright otherwise known as DFIR Diva.
Elan runs the site ‘DFIR Diva’ and if you haven’t seen it before and want to get into DFIR or are looking for a job, courses, resources on DFIR then you really should.
She also runs ‘Get Your Start in DFIR’ which is a non-profit with the goals of improving diversity in the DFIR field and providing training, certification, and book scholarships to those with limited financial resources.
Going through the site and she has EVERYTHING from places online like Discord, Slack etc and really goes point you in the right direction of any resource required so check it out.
How did you get into DFIR, was it a progression through IT jobs (like me), College and Uni or using courses that got you here?
I feel like it was mainly luck and possibly a mixture of all the above. It wasn’t an easy field for me to get into. I started college in 1999 as a Computer Science major and ended up changing my major to Criminal Justice. Computer Science was just way too much math for me, and there really weren’t any cybersecurity or forensics programs available yet.
After a while, I couldn’t afford school anymore and had to drop out. After being laid off, I got the opportunity to attend a technical school through the local unemployment office and earned my A+ and Network+ certifications.
My first IT job was a seasonal tech support position in 2010 that lasted about 6 months. Next was a data entry position at a small company where I ended up working on any office computer that had issues after the owner learned I used to work in tech support. After that, I went into a non-technical Identity & Access Management role, which was pretty much documenting employee access in spreadsheets and having management approve it. I did that for about 6 years. While I was working in IAM, I was tinkering with different tools and distros in my home lab that I attempted to set up like a SOC, taking courses at a community college, getting more certifications (Security+, CySA+, SSCP, CCNA Cyber Ops, CEH), going through all of the free and low-cost training I could find online, and actively applying for jobs.
After several years of trying, I gave up and figured it was because I didn’t have a degree. I stopped applying for jobs and decided to finish my BA in Criminal Justice, then get a Masters in Cybersecurity. I was almost done with the BA, when I got an email from a recruiter who saw my resume online about an Incident Response position. I got the job! I ended up completing the Masters in Cybersecurity after I started in DFIR.
With regards to Digital Forensics and Incident Response is there a skill or two that you wished you studied up on more in the early days?
Yes, a few actually. I wish I would have spent more time learning python, malware analysis, and Linux.
When did you know it was DFIR that you wanted to get into with the vast array of roles in IT/Cybersecurity?
There was a chapter in one of my Criminal Justice books in college that talked about digital forensics and my first thought was “that sounds awesome! I want to do that!”
I would say your website was one of the resources that aided me in learning more about DFIR and eventually getting a job in IR, how did the site come about with all resources and links etc, I will be purchasing a few things from your store to show support also btw?
Wow, that’s great to hear! I was getting questions on LinkedIn about what resources I used to learn from and how I got started, so my blog was basically a FAQ from LinkedIn.
My first blog posts were about how I got started in DFIR and what I did in my home lab. I also made a list of the resources I used. If there was something I needed to learn for work, I would find training or a resource for that and add it to the list. Then I started actively searching for more training courses and trying them out to see if they were any good or going through the course descriptions for the paid courses to see what they offered and either signing up for them myself or trying to find reviews.
The list went from a few resources on my main blog to over 400 resources on its own subdomain. More courses and training platforms keep coming out, so I try to keep up. I do my best to only list good quality resources.
Is it hard work to keep up to date along with day job?
It was. I was trying to do way too much. I had to shut down one of my websites (an entry level job board called Get Your Start Careers) and make some changes to my existing site so I could fit both training and maintaining the website in around work hours. It’s more manageable now.
Are you where you want to be career wise or is there plans for progression/promotion and learning new skills you want to explore?
Not yet. I’m still in the junior role I was hired into, but I’ve been told I’ll be able to do more investigations soon as my team merges with another so that will be exciting 🙂 I still need to work on my Python skills so I can start scripting.
Your site is a phenomenal resource for ANYONE wanting to get into DFIR but what were/are resources you use like websites, YouTube channels, podcasts, training sites like TryHackMe and Hack the Box etc?
Oh, my goodness, there are so many! Here are a few of them (the rest are listed on my site):
YouTube: 13Cubed, DFIR Science, Insane Forensics, SANS Digital Forensics & Incident Response, BlackPerl, Forensic Focus, Dr Josh Stroschein, Sam Bowne, Ali Hadi, bluecapesec, BlueMonkey 4n6
Podcasts: Forensics Reformatted, Arcpoint Forensics – Unallocated Space
Websites & Training Sites: CyberDefenders, Cyber 5W, Security Blue Team/Blue Team Labs Online, LetsDefend, RangeForce, Mossé Cyber Security Institute, TCM Security, Pluralsight, INE, the Digital Forensics Discord Server, Cyber Social Hub, AboutDFIR, DFIR Training, DFIR Science, Black Hills Information Security, Active Countermeasures, Antisyphon Training, This Week in 4n6, Stark4n6 http://start.me page.
Did you think the site would take off as much as it has?
Not at all. I was nervous about even starting a blog because I was new to the field and didn’t think I really had much to offer. I was thinking maybe a few people would be interested in it.
What are you currently learning skills wise?
I recently looked at all of my partially completed courses from jumping around trying to learn everything at once and decided to make a list and do them in order. Right now, I’m working on malware analysis. I’m going through TCM Security’s Practical Malware Analysis & Triage course, then completing the Malware Analysis Learning path on INE. After that, I’ll be taking the eLearnSecurity Certified Malware Analysis Professional (eCMAP) exam.
What is the plan for rest of 2022 and 2023?
After finishing the malware analysis courses and eCMAP, I have two more certifications I need to complete (BTL1 and MDFIR). I also have more forensics and python courses I need to take (DFIR Science’s RAM Analysis Course, Cyber 5W’s forensic courses, and Alexis Brignoni’s DFIR Python Study Group course).
Just now, Michael Taggart Tweeted about a Python for Defenders course he’s working on so I’m looking forward to learning from him as well. As far as my blog, it looks like there might be an exciting new partnership in the works ?
Please check her and the sites out at:-
- DFIR Diva Website = https://dfirdiva.com/
- DFIR Diva Twitter = https://twitter.com/DfirDiva
- Get Your Start in DFIR Website = https://getyourstartindfir.org/
- Get Your Start in DFIR Twitter = https://twitter.com/getyourstart