Amy Moles is the CEO & Co-Founder of ArcPoint Forensics, where Amy has been since January 2020. Prior to that, Amy gained experience in various roles at ManTech from August 2012 to September 2022.
She also worked at SRA International as a Cyber Security Analyst and at the National Cyber Forensics and Training Alliance as a Research Analyst and holds a master’s degree in business administration with a focus on Project Management from Champlain College and a bachelor’s degree in cyber/computer Forensics and Counterterrorism from Utica University.
One of Amy’s standout traits is her dedication to sharing knowledge. She’s been involved in the DFIR community with initiatives like the “12 Days of DFIRmas” podcast series, which brought together experts to discuss everything from mobile forensics to new tools on the horizon.
At events like the 2024 eCrime Symposium, she presented on Evolving Standards with AI, sharing insights on how AI is reshaping forensic standards and advancing investigations.
Can you share your journey into the field of digital forensics and how you co-founded ArcPoint Forensics?
My journey into digital forensics wasn’t exactly a straight path. Growing up on a dairy farm in New York, I was surrounded by family members in the medical and agricultural fields, while I was always more interested in tech. That made me the oddball in my family. At a young age, I was always obsessed with figuring out how things worked or trying to figure out better ways to make my life easier with chores. Multiple times a year, I would bring up innovative ways to improve daily tasks on our farm to my Stepdad, Steve.
“Hey Steve! We should get an automatic barn cleaner! Those things look so cool, they clean the gutters for you and just blop it in the spreader!” And I was usually faced with the response “Do you know how expensive those things are? Why would I want that when you are shoveling sh*t for free?”
The list goes on of the ideas I would come up with to modernize the farm! I didn’t have access to the latest and greatest tech, but my parents did have a family computer that I tinkered with and would have to fix before my mom got home from work. This is where it started for me, breaking and fixing my mistakes, repeatedly.
Later in high school, I got into gaming, specifically World of Warcraft. Through the game, I met many people online and learned a lot about the world beyond the farm. This helped me as I started figuring out my college plans. I attended Utica College of Syracuse University locally, where I was an avid runner and earned a scholarship for their cross-country team. Initially, I planned to study criminology with the goal of becoming a police officer. The idea of combining my gaming experience with catching bad guys intrigued me.
A few weeks into my college courses, a cybersecurity advisor noticed my criminology major on my computer entry exam. He asked about my career plans and suggested I consider a similar role in cybersecurity, away from road patrol. I hadn’t thought about it, but after attending one of his lectures, I was hooked. The talk about digital forensics, takedowns, and cybercriminals opened up a new world of possibilities for me.
Before joining the cybersecurity program, I had zero experience in computer science and only minimal IT knowledge. I struggled with programming, late nights in the digital forensics lab, and challenging math courses. I was definitely out of my depth, but the advisor’s support kept me going. By the end of my junior year, I was helping students with EnCase and coding simple programs in C++, feeling like I finally belonged.
In my senior year, I completed three internships: at the Mohawk Valley Police Academy, McKesson Pharmaceuticals, and the National Cyber Forensics and Training Alliance (NCFTA) in Pittsburgh. At NCFTA, I discovered my passion for the community, working on major investigations involving money laundering and the dark web. My gaming experience proved valuable in virtual money laundering cases.
After that, I moved to DC for federal defense contracting. I worked at the National Science Foundation on tech policy and compliance, then at the FBI for incident response, and finally at the National Media Exploitation Center (NMEC) for digital forensics investigations and operations. I was deeply impressed by the mission and impact of NMEC, and I met incredible people along the way.
After over 10 years of being in the weeds, doing hands-on technical work and leading teams, I knew I wanted to make a greater impact. At that point, I founded ArcPoint Forensics with my business partner. What began as a conversation evolved into a prototype, then a business, and finally a product dedicated to advancing digital forensics and supporting the greater mission.
What inspired you to specialize in digital forensics and incident response?
For me it was the thrill of solving the puzzle. The rush of incident response in the beginning of my career was cool. We had limited time to figure out the problem, respond to it appropriately and build it back better, with stronger defenses. When I transitioned to NMEC it was the people aspect that inspired me. The impact, the mission, the same mentality we all shared as well as the overall problem sets, we were trying to solve in regards to national security. My inspiration wasn’t a singular moment but something that has continued to build and evolve for me over the years. I love being able to help people and give back. This was my way to give back to my community and my country.
How do you see the future of digital forensics evolving over the next few years?
I believe that the way we conduct behavioral analysis of individuals on their devices will evolve as generative AI tools become more prevalent. Analysts will need to examine actions on operating systems and devices with greater precision to distinguish between AI-generated activities and human interactions. On the flip side, AI can also help us predict actions based on behavioral analysis before they occur. For example, AI could identify digital footprint markers of an employee about to steal data from a corporation. This would allow analysts to take preemptive measures, such as reducing access, cutting off permissions, and applying other data protections before the theft happens.
What are your thoughts on the current state of digital forensics education and training?
We’re seeing more platforms emerge that offer better accessibility to training at affordable rates. However, escalating training costs are forcing employers to limit training budgets. This financial strain highlights a pressing issue: education and training should be more accessible to ensure that examiners can build a solid foundation for success. Whether through formal education or specialized training, mastering the fundamentals is crucial, especially as tools become increasingly expensive. With the abundance of open-source software and free tools available, what we truly need is a firm grasp of the foundational principles in digital forensics.
What are the biggest threats you see in the realm of cybersecurity today?
Right now, I think we are looking at Artificial Intelligence (AI) and Machine Learning (ML) as a double-edged sword in our industry. These tools and assistance provide us with efficiencies for a positive experience, but they also pose significant risks when misused for malicious purposes. These technologies can be leveraged to create more sophisticated attacks and automate cybercrime, making it difficult for traditional security measures to keep up.
For example, we are seeing a higher uptick in Phishing attacks. AI generated phishing emails are the culprit allowing attackers to analyze larger datasets to identify vulnerabilities and tailor those attacks accordingly.
Deepfakes are another threat that are on the rise. Recently, KnowBe4 revealed a case where a deepfake was used to hire a fake IT worker from North Korea. This individual posed as a software engineer, managed to bypass the company’s hiring process and gain access to their internal system. Deepfake technology allowed this individual to successfully social engineer his way into this position, get hired, and obtain company property and access to their networks. We normally think of deepfakes as disinformation or propaganda generation. Now we are seeing individuals like this one get creative and take the threat to the next level.
How do you see the role of artificial intelligence evolving in threat detection and respons
Well now that I just talked about the threat and negativity around AI, I like going into a more positive note. It’s not all bad. The increasing amount of data and traffic from devices and networks creates pain points for our industry so we as analysts have to evolve our cybersecurity strategies and practices to keep pace. In regard to threat detection, anomaly detection using AI algorithms is extremely beneficial. This is nothing novel. We have been doing this for years, but we are now using AI to work faster and smarter around these processes.
We are leveraging AI to identify unusual patterns in network traffic, user behavior, or system logs that could indicate malicious activity or an attack. If we pair that with rapid containment leveraging AI technologies, we now can isolate malicious activity, such as data exfiltration, and isolate compromised systems quickly reducing damage, data loss, and downtime. This goes back to the topic we already discussed, where do I see the future of digital forensics, simple evolving and adopting AI to work smarter and faster. As analyst we will still need to leverage these tools, validate the findings, investigate the problem set, etc. AI is not a replacement for the human aspect of our jobs but rather a tool to assist us in responding quickly, triaging data faster, and learning how to streamline our existing workflows to keep pace with the amount of data and resources we face day in and day out of our jobs in this industry. That problem is not going away.
What are some of your personal hobbies and interests outside of work?
I am an avid movie watcher with my significant other. He reminds me to take a break and enjoy the “show”…literally. We have a monthly movie pass and see a lot of movies. Even if they are terrible, we make good fun out of quoting or laughing about the experience afterwards. I would say the best movie we have seen this summer was Inside Out 2. I know… it’s a kid’s movie but there are some powerful life lessons about emotions that adults can take away! Plus, we turned that movie into a family outing and brought the little ones who I’m fairly certain were more interested in the snacks.
Outside of the movies, I’m a competitive bikini bodybuilder. I started that about two years ago and fell in love with the sport. I love how challenging it is and how mentally strong you must be every day. I track macros and weigh all my food; I work out using a program built by a professional coach, and I have to practice stage posing every day. Give me a follow-on IG @amysmidliftcrisis! It gives me that “time out” mentality that I need while lifting heavy things up and down at the gym. Right now, I’m in my bulk phase and preparing for prep which will be in Summer 2025. I’m enjoying all the snacks I can now before I have to start cutting weight! That is probably the hardest part for me.
Another hobby would be comic books. I’m a closet nerd for the most part or I like to think that I am. I’m probably just fooling myself. I love DC comics. The Batman, Poison Ivy, and Preacher series are some are my favorites. Recently my 5-year-old son showed an interest in Green Lantern. I almost cried! I was so happy I can share something near and dear to me, with him. Right now, he and I are working our way through Scoopy Doo Team Up, which is a Batman series and of course, the famous group of meddling kids! I’m still trying to hunt down some more age-appropriate Green Lantern series. I’m open to any recommendations!
How do you stay motivated and inspired in the ever-evolving field of digital forensics?
The community and the people that make up this community inspire me and keep me motivated. I’m not performing as much analysis on devices as I would like to in my current role, but I stay up to date with the latest trends, tech, and techniques in our industry by reading blogs, going to events, attending webinars and generally interacting with customers and industry partners. I love to listen to how passionate individuals are through their most recent discoveries. It motivates me to keep learning.
How do you stay updated with the latest trends and threats in cybersecurity?
I keep up with trends through social media, blogs, and conversations with my significant other, who also works in the field. These discussions help me stay informed about the latest developments.
What do you have planned for the rest of the year?
We’re busy at ArcPoint Forensics, enhancing our flagship product, ATRIO. We are continuously listening to customer feedback and have some exciting things coming down the pipeline such as new incident response tools. We’re so excited about the plans we have for 2025, and I can’t wait to see what’s next.
Please check Amy and Arcpoint out at the links below.
- Amy Twitter/X = https://x.com/schamoles
- Amy Tik Tok = https://www.tiktok.com/@amy_arcpoint_ceo
- Amy LinkedIn = https://www.linkedin.com/in/amy-moles
- Amy Instagram = https://www.instagram.com/amy_arcpoint
- ArcPoint Website = https://www.arcpointforensics.com/
- ArcPoint Twitter/X = https://x.com/Contact_APF
- ArcPoint Instagram = https://www.instagram.com/arcpoint_forensics
- ArcPoint YouTube = https://www.youtube.com/@arcpointforensics1404