Job Hunting in the Digital World

In 2018, I authored a blog post, Job Hunting in the DFIR Field. While a lot of the content in that post holds true – there are several new resources, and I wanted to take a moment to share that information.

This post covers information that is useful for the seasoned professional, the career switcher, and those trying to get their first Digital Forensic/Incident Response (DFIR) role right out of school. There have been quite a lot of posts about getting started in the field, the goal here is more specific to job hunting in DFIR.

Where to Search

Did you know there are job sites that are specific to DFIR and Information Security? This is probably the largest change since that initial post. Here is a list of some sites that specify in job hunting in Digital Forensics.

• About DFIR has a jobs page focused on DFIR jobs
• Digital Forensics Careers focuses on digital forensic opportunities in the government sector
• Ninja Jobs specializes in roles related to information security
• USAJobs is the source for opportunities in the US federal government
• #DFIRJobs on Twitter
• #DFIRJobs on LinkedIn
• Get Your Start Careers from Elan Wright is a job board for folks looking for Cybersecurity and DFIR roles that require no prior work experience – great for those starting out and career switchers

Resume

A resume and/or Curriculum Vitae (CV) is critical. I recommend treating these as living documents. The same with your LinkedIn profile. Besides, if you update your profile regularly with each training you attend, publication you put out, and skill you learn, you will be ahead of the curve. Additionally, it won’t look suspect to your current employer that you are updating your profile in preparation for a potential career move. There are sometimes resume reviews/workshops as part of infosec conferences. Seek these opportunities out and have your resume reviewed by someone who has worked as a hiring manager in the field. Make sure your resume includes all your infosec / DFIR related side projects – blogs, github, CTFs, etc. These will help you stand out. Additionally, include training you have received and anything you have done to continue your education. While I am not going to dive into certifications in this post, please make sure to include them on your resume/Curriculum Vitae (CV). I recommend updating your CV and LinkedIn profile monthly. We are constantly learning, so a new skill, tool, training, or shared content is bound to have happened in that period.

What is the difference between the CV and the Resume? The CV will list everything you have done related to the field – not only your formal job and education experience, but also training, skills, software you are familiar or proficient with, Operating Systems you are comfortable with, courses you have taken, certifications you have earned, volunteer work pertaining to the field, DFIR related projects, CTFs you have competed in, courses you have authored, presentations, panels, articles, etc. Your resume, however, will be a shorter document that is focused on what you are submitting for a specific purpose. If your CV is updated regularly, you should be able to pull the specific relative content over to a resume you are submitting for a specific role or opportunity making each resume and CV unique.

As a working examiner, you will likely need keep your CV current to show your qualifications. Your CV is useful even when you are not actively looking for a new opportunity. This can be potentially to submit for proposals a contractor or consultant or to be accepted as an expert witness by a court. I have had to submit my CV to join some professional organizations. As you continue to grow, speak, publish, learn, read, attend conferences, earn certifications, participate in CTF’s etc.; continue to update your CV. Every month you can add to your longer CV. 

If you are a career switcher, remember that your resume can list relevant cross-industry skills. This can include technical skills such as networking or it can include soft skills such as briefing executives. As the field is new, there weren’t always university programs and training specific to the industry. DFIR personnel came from a variety of backgrounds including computer science, engineering, and traditional law enforcement and investigations. Now there are a variety of university programs and training specific to the industry. You may consider pursuing higher education in the field or additional certifications. That said, it is still a great opportunity to seek positions while you are pursuing that more formal education or certification. Then once you have the degree or desired certification in hand, you will have experience on top of that and can pursue a new position armed with those new skills.

Networking in the Digital Age

Since 2020, many conferences like the Magnet User Summit, DFRWS, and SANS DFIR Summit have gone virtual or hybrid. These events typically still include a social element such as a Discord, Slack, or other virtual element. It is a great opportunity to chat with other folks in the industry, team for research, and network in general.  Make sure to find ways to carry the connection past that particular event by connecting on more permanent social media sites such as Twitter, the Digital Forensics Discord Server, or LinkedIn.

While there are a variety of global and national conferences, if you are looking to keep expenses low and meet and network with folks in your region, I recommend BSides and the High Tech Crime Investigation Association (HTCIA). BSides are local, small conferences that tend to be low cost or free for attendees. A great way to network, and to add a little occupation related social action to your resume is to volunteer to help with these events. HTCIA has regional chapters and each chapter has approximately four meetings per year. Since 2020, these meetings have been virtual – so with 30 chapters and 4 meetings per year, members have access to 100+ presentations available virtually. The great thing about both Bsides and HTCIA is that you will learn something! Often these meetings and events have a lineup of great speakers and content. A multitude of other associations and organizations are listed on DFIR.training.

Whatever the local meetup you can find, be sure to be prepared to share your contact information. I recommend carrying cards for in-person networking. Handing someone a card can make a big difference in being remembered, even if the card has your name and your blog or git repository, pertinent social media handles, along with your contact info. There are now even digital cards that you can use to share your contact info with a QR code or other wireless digital sharing.

Social Media

Not all networking takes place at conferences. You can develop some great relationships as well as a reputation on social media. Now the key to reputations as they can be positive or negative. It is great to talk both technical and soft skills and follow different things such as the #DFIR on Twitter, the Computer Forensics sub-reddit, the Digital Forensics Discord Server, or participate in Forums like Forensic Focus or listservs. There is even an article to on using Twitter for #DFIR Professionals.

When communicating on social media sites, try to keep it positive. Bashing another examiner, tool, company, may just be the kind of action a potential employer may be leery about having associated with them. That said, sharing and participating in technical social media forums is a great way to network with others in the field and increase your brand.

Find a Mentor

Mentors can be inside your organization or outside. Mentorship relationships can be formal or informal. At every stage in your career in DFIR you will be able to mentor others (yes, even if you are a student or a career switcher!). One of the keys to networking; be it at a conference, social media, the Digital Forensics Discord Server, or in person meet ups, is to find a mentor. You can also seek out mentorship events like the one Magnet Forensics hosted at MVS2021 or mentorship pairing groups like the Women in Cybersecurity (WiCyS) Mentor/Mentee Program. You don’t need a formal group to find a mentor – what is critical is that you find someone who can help guide you as you move through your career. It is important to have multiple mentors including both near-peer mentors, who have recently accomplished goals you are currently working on, and career mentors who are where you hope to be in the future.

Other Blogs on This Topic

There are quite a few other great posts and resources on this topic including the ones below:

• Getting into DFIR from DFIR Diva
• Unlocking the DFIR Door (aka: getting a job in DFIR) from Brett Shavers
• Level Up Your #DFIR Career Panel with Brett Shavers, Cindy Murphy, Stephen Boyce, and Jessica Hyde

Summary

Hopefully, this post has helped you with some useful skills in finding your next DFIR opportunity and potentially inspired you to apply for a position that you weren’t sure if you should. What are your tips for job hunting in DFIR? Any questions or comments, feel free to reach out to me at jessica.hyde@magnetforensics.com or on Twitter @B1N2H3X.

Good luck and happy job hunting!