For the past few years forensics has been a very strong field in which to develop an infosec career. The new curve though comes with the proliferation of “cloud.” As more and more organizations migrate services into the cloud, forensics in these challenging environments has created another “hot” specialization in which to ponder a potential career move.
For those that are interested in getting a foothold into this high-demand niche, I read a good interview with Rob Lee yesterday that stressed five skills you need to posses in order to help you become one of the chosen few.
- Upstream Intelligence: Understanding data from upstream providers (e.g., ISPs)
- Legal Skills: Knowing when data can and connot be requested
- Technical Background: Changing your perspective from static to dynamic data analysis
- Soft Skills: Knowing how to convince others that they need to help you
- Collaborative Skills: Working well with other groups in order to understand the big picture
The article concludes with a section on salary and career scope. Although the average forensic examiner brings in a measly $81K a year, those that focus in on specialties like cloud can command over six figures.
Not interested in forensics … regardless if it’s in the cloud or not? There’s always other opportunities to find hot jobs. And a 0% unemployment rate in our field really ups the odds of finding that satisfying position.
When it comes to collecting forensic evidence from cloud providers and determining whether a data breach has occurred, what used to take two weeks now takes a month for Greg Thompson, vice president of enterprise security services at Scotia Bank.
“Often we find it is a challenge to get sufficient forensic data from the cloud to prove the event or action did occur,” says Thompson, who oversees the forensics team at Scotia bank, the third largest bank in Canada.
Specifically, he finds the move to cloud services more challenging for forensic practitioners than the traditional methods of acquisition of evidence in pursuing an investigation. In addition to not having access to a full suite of forensic data, including net flows, log files and hard drive images in a cloud environment, now there also is a strong dependency on a third party whose system settings and administration may differ. “This often stretches the time-frame needed to make conclusions on a case, as we have to deal with legal implications and inconsistencies in how data is overall collected and maintained.”
Today’s post image is from LightHouseDT.com. See ya!