We Ask InfoSec Professionals How They Started Their Career And How They Became A Digital Forensics Professional


These interviews are designed to help you because you'll learn exactly how these professionals started their careers in Cybersecurity.


Dauda Sule

Dauda's LinkedIn Profile/ Personal Bio

Certified Information Systems Auditor (CISA) with an M.Sc. in Computer Security. Currently Marketing Executive of GGL Risk and Strategic Conulting - a training and consulting firm that is into organizing trainings and seminars pertaining to information and physical management, security, assurance and control; finance; fraud prevention and detection; and anti-money laundering. I have a passion for Information Security, Assurance and Control and seek a career in the field. I am also an author for eForensics Magazine and have written articles for the magazine as well as ISACA Journal. I delivered a workshop on eDiscovery for eForensics Magazine.

How did you start your career in Cybersecurity, have you always been involved with Computer Forensics?
Started with managing computer systems and network in an internet cafe, carrying out malware scans, updating security software, physical cleaning of systems to ensure efficiency, reviewing billing client and performing print audits to ensure staff accountability. Became interested in digital forensics after doing a module on it during my masters.

Can you tell us a little about your role and what is required when working with Digital Forensics, i.e. a typical day or project?
I'm currently mainly into teaching and training so mostly advise and do demonstrations of forensic acquisition and analysis.

What's the number #1 bit of advice you could give to someone just starting their career in Cybersecurity?
If you make up your mind and are sure you want to venture into this field then just go for it. Don't be discouraged by the many drawbacks and disappointments you will encounter; for example when I was starting out I go into contact with Concise to do a presentation on Forensic readiness, sent the video, and then didn't hear from them; would have expected some feedback at to improve on the presentation, but nothing and that was darn right disheartening, could have even at least just told me to get lost and that would have been polite and encouraging. That almost made me give up hope, but I didn't subsequently I got other platforms that were interested and some of work were included in their top rankings. That example is not nearly the tip of the iceberg of what you would run into. Don't feel you can only progress in your career by getting a job, before that you can build yourself and experience by doing things on your own to help improve your employability; and who knows, you may even become the employer and build your own empire.

Lastly, how important is it to get certified and which certs do you recommend for Digital Forensics?
The most important thing is know-how then experience. Certifications are very good and important, but should not be seen as the goal or endpoint. They are useless on their own with experience and knowledge. There are good digital forensics certifications from EC Council, SANS and (ISC)2.



Deepak Kumar

Deepak's LinkedIn Profile/ Personal Bio

Deepak is a Chair Member of Technical Committee at National Cyber Defence Research Centre with over 5+ Experience in Digital Forensics & IT-Security.

How did you start your career in Cybersecurity, have you always been involved with Computer Forensics?
I started my career almost more 6 years ago; Cyber Crime and Computer Forensic Training and then I moved into VAPT as well as Forensic Investigation.

Can you tell us a little about your role and what is required when working with Digital Forensics, i.e. a typical day or project?
Regarding my role: as a Forensic Team lead, a lot depends on the nature of work scope. Team planning and delegating the team work, (like a procurement team) is often required to asses the forensic evidence, analysis etc. This is all done to find all artefacts and technical assets that must be articulated on paper and within reporting. HR then need to draft the forensic report as per legal and standard formats that would then be accepted by any court of law. Sometimes I have to do the entire job but it always depends 'case by case'. Mobile Forensics can take between 2 - 3 days, Email/ USB forensic 3-5 days, Data Forensic (1 -3 HDD) 7-10 Days - it all depends. Forensic tools are very much instrumental to accomplish any forensic work.

What's the number #1 bit of advice you could give to someone just starting their career in Cybersecurity?
At the start of your career I would suggest that you spend time understanding the Networking, OS, Basic Programming, Tools, Cyber Law, IT/ Evidence Act, Hacking modules and more for additional skills. Try to use all opensource, shareware's tools and benchmark as per efficiency and learning purposes. Read blogs and white papers resources, videos webinars from vendors. Forensics and Cyber security professionals need deep experience and classified information and in this domain no one is an expert.

Lastly, how important is it to get certified and which certs do you recommend for Digital Forensics?
Certifications are standard. HR and recruiters tend to prefer certified Digital Forensic Professionals, and, as we know most professionals, even though they have certifications they don't know about the subject matter. Reputable companies tend to focus on certifications. CHFI by EC Council is a good certification for Digital Forensics because it covers all modules and gives a very good introduction to each and every module that you will later be tested on. SANS, ISC2 as well product based certification from Encase, FTK, Teeltech etc are also very good.



Derek Ellington

Derek's LinkedIn Profile/ Personal Bio

Derek Ellington is a Certified Forensic Examiner with over twenty years of IT Experience and over ten years of Forensic Experience. He is a court-recognized expert witness and regularly testifies in varying courts and jurisdictions. He conducts seminars and trainings, and is a regular contributor to family law and legal publications on the subject of digital forensics.

How did you start your career in Cybersecurity, have you always been involved with Computer Forensics?
I got started back in the early 1990's and I transitioned into Forensics in the early 2000's because I was providing IT services to attorneys.

Can you tell us a little about your role and what is required when working with Digital Forensics, i.e. a typical day or project?
Project management, collection of data, understanding the goals and objectives of a case. Being able to read and understand orders and subpoenas. Attention to detail. I also managing technicians.

What's the number #1 bit of advice you could give to someone just starting their career in Cybersecurity?
Be well rounded and like computers. You need to like tech and be prepared to immerse yourself in tech not just at work. You also need to have an investigative personality and like solving puzzles.

Lastly, how important is it to get certified and which certs do you recommend for Digital Forensics?
I don't think cybersecurity/ digital forensics certs are a substitute for OJT. If you get the opportunity to get one, go for it, but 40 hours on a real world project is just as good as a a bootcamp in my opinion. All a cert does is separate you from the people who didn't get one; having one is great, having a dozen means you don't work for yourself...



Ronak Gajendrabhai Patel

Ronak's LinkedIn Profile/ Personal Bio

I have 'hands-on' past experience with regards to network security. I also have customer handling skills including managing, motivating, and guiding team at Sophos as a Senior Network & Security Engineer and currently working as a freelancer for digital forensics investigation company.

How did you start your career in Cybersecurity, have you always been involved with Computer Forensics?
After Completing Bachelor's Degree in Engineering, I started my career as a Network & Security engineer at Sophos and worked there for 4 years. During this period i started self study related to the Computer Forensics and Later I switched to Computer Forensics.

Can you tell us a little about your role and what is required when working with Digital Forensics, i.e. a typical day or project?
As a Digital Forensic Examiner, it is crucial to follow the proper forensic procedure step by step beginning from the Data Collection to the Reporting for any project. Forensic Tools are always helpful for speeding up the examination but Core analytical skill and technical understanding related to project helps the successfully completion of the Project.

What's the number #1 bit of advice you could give to someone just starting their career in Cybersecurity?
I would always suggest to start for the basic to advance for any stream relate to Cyber security instead of just learning Tools, i.e. Computer Forensic, Penetration Testing, Malware Analysis, Security Analyst etc. Learning basics or fundamentals gives you a strong foundation and then moving to the tools and practicing these will help you with 'real life' scenarios.

Lastly, how important is it to get certified and which certs do you recommend for Digital Forensics?
Getting Certified in Cyber Security is crucial as it reflects that you are sound with a particular skill; for Digital Forensics, I would suggest certification to begin with CCE or GCFE since those contain Forensic Processes. Also take a look at vendor specific certifications like Ence and the advanced level of GCFA.



Antonio Fernandes

Antonio's LinkedIn Profile/ Personal Bio

Antonio is a Legal Forensic at Spanish National DIgital Forensics Association.

How did you start your career in Cybersecurity, have you always been involved with Computer Forensics?
Since 1998 aprox.

Can you tell us a little about your role and what is required when working with Digital Forensics, i.e. a typical day or project?
I use a lot of technical expertise and follow processes step by step which are vital and the result of constant study about new techologies

What's the number #1 bit of advice you could give to someone just starting their career in Cybersecurity?
Get your hands dirty!

Lastly, how important is it to get certified and which certs do you recommend for Digital Forensics?
Nowadays, it seems that certifications are required by hiring : if you have time and money, knowledge is always welcome!



Simon Crawley

Simon's LinkedIn Profile/ Personal Bio

I hold excellent organisational, management and leadership skills, with a compelling record of working well in high pressure, demanding and sensitive environments as demonstrated in the sensitive and often high profile roles I have held. I am an effective communicator with an ability to build resilient interpersonal relationships in a diversity of settings. Throughout my career, I have demonstrated a commitment to delivering the highest level of integrity, professionalism and personal responsibility. I am a confident decision maker and problem solver; able to motivate and engage significantly.

How did you start your career in Cybersecurity, have you always been involved with Computer Forensics?
Started in the Metropolitan Police - many years before home PC's were a thing - but have always had an interest, so did programming and software engineering courses with Open University during the 90's - for my own interest. Joined a specialist unit within the MPS in 2007 and saw that there was a need for an enhanced digital forensics unit - and persuaded my bosses to invest in the area and in my team, now my unit leads the country in our very specialised area.

Can you tell us a little about your role and what is required when working with Digital Forensics, i.e. a typical day or project?
We use a power in the Terrorism Act 2000 to examine subjects when they enter or leave the UK. Amongst other things the power allows us to examine the subjects phone or any other electronic media they have - although we have very limited time in which to do this. The power is for gathering Intelligence, to be used by others, however, we still have to gather this Intelligence in a Forensically sound way - as you never know when Intel is going to become evidence!

There for we must ensure we follow the ACPO principles, we have to give the subject their device back - so we can't use destructive techniques - such as 'chip off' or JTAG or eMMc reading. We only have 6 hours max - so the data volumes held on devices is an issue - as is the type and version of OS on the device, as is the move by the OS manufacturer to try to restrict access and the app developers also trying to hide the data, but these things are what makes daily life interesting.

What's the number #1 bit of advice you could give to someone just starting their career in Cybersecurity?
Go for it, if you have an interest in a subject, keep persuing it - it took me 24 years to finally get into the role - although, to be fair, for a large part of that time the role didn't exist.

Lastly, how important is it to get certified and which certs do you recommend for Digital Forensics?
Not sure - I'm not certified, as in CISSP or anything similar, but I can see that is these things employers are looking for - although, in my opinion those employers are missing out.



Rishabh Bhardwaj

Rishabh's LinkedIn Profile/ Personal Bio

Rishabh is a an Information Security Analyst at Cyborg Cyber Forensics and Information Security (CCFIS).

How did you start your career in Cybersecurity, have you always been involved with Computer Forensics?
I completed my master in Cyber Law and Information Security then joined Linux Solution as a network Security Engineer. I am currently working with Cyborg Cyber Forensics and Information Security Pvt. Ltd. as Information Security Analyst. I have Approximately 2 years of experience in Malware Analyses, SOC, Wireless Security, Network Security, Linux, Honeypots etc.

Can you tell us a little about your role and what is required when working with Digital Forensics, i.e. a typical day or project?
Completed two month internship in cyber crime and forensic in Cyber & Hitech Crime Police Station, bhopal.

What's the number #1 bit of advice you could give to someone just starting their career in Cybersecurity?
To enhance your career in cyber security, you have to work for increase your skills, think about the technology, update yourself from time to time, start with CEH and CHFI courses also for the basic skill set in this domain and practical closer is much required.

Lastly, how important is it to get certified and which certs do you recommend for Digital Forensics?
Certification is good to develop your skills, but it is not required. Practical work is this domain will give you more exposure and update your skill.



John Irvine

John's LinkedIn Profile/ Personal Bio

A managerial and technical professional, John J. Irvine offers an extensive background in the direction, management, and performance of sensitive and complex computer forensic analysis and security investigation cases for both Federal Government and commercial customers. With over twenty years of experience in the Federal Law Enforcement and Intelligence communities, John is an accomplished cyber security leader, forensic analyst, digital investigator, software product/project manager, and university professor.

As CTO of CyTech Services, John currently directs the development of CyFIR Enterprise, an enterprise-level software product for endpoint digital forensics, incident response, insider threat, and malcode hunting that is known for locating malicious code at the Office of Personnel Management during a live product demonstration. John has led multi-site divisions of over forty digital forensic examiners, network intrusion specialists, forensic application developers, digital investigators, and malicious code reverse engineers in support of our nation's most critical Federal organizations and commercial enterprises.

John's managerial skills focus on team cohesion and cooperation, employee retention and development, and effective recruiting. His forensic specialties include cyber profiling and counterterrorism forensics, and he is experienced in incident response, counterintelligence, insider threat, and eDiscovery forensic casework. His software product and project management experience is in the design and development of enterprise systems and business/consumer mobile applications.

Additionally, John is an Adjunct Professor of Digital Forensics Ethics and Law at George Mason University in its Masters of Computer Forensics program.

How did you start your career in Cybersecurity, have you always been involved with Computer Forensics?
Since I was a kid, I had career aspirations to be an FBI Agent. In the late 1990s, I called and asked for the recruitment information. They sent a packet that detailed the requirements for being a Special Agent; my poor uncorrected eyesight immediately disqualified me. Sadly, I flipped through the rest of the information, and they had included what looked to be a 17th generation photocopy of a Computer Specialist job posting. I sent a resume and a cover letter—assuming I'd apply to fix computers—and because of some keywords in my cover letter, my resume was routed to their Computer Forensics group. That was the start of a long career in the field.

Can you tell us a little about your role and what is required when working with Digital Forensics, i.e. a typical day or project?
As I currently manage the development of computer forensic software for enterprise-level organizations, my days are more geared toward defining, refining, and reviewing features for inclusion in the product with a practitioner's eye. Before that, each one of my computer forensic jobs was very different depending on the agency for which I was working. One great thing about computer forensics is that, at the higher levels, there are very few "typical" days.

What's the number #1 bit of advice you could give to someone just starting their career in Cybersecurity?
Don't ignore the "people" side of computer forensics because it's in a technology field. To do the job really well, you need to understand people as much as you understand the technology, because if you don't, you won't know the right "questions" to ask of the computer you're examining. My education and training in sociology, psychology, and investigation is just as relevant to my skill as a computer forensic examiner as my education in IT.

Lastly, how important is it to get certified and which certs do you recommend for Digital Forensics?
Certifications can be important, but as a hiring manager, I want to see one or two—not a plethora. The CCE or the CFCE shows me that you understand how to run a case, if even just at a basic level. I find certs like those—more general in nature and tool agnostic—to be a better barometer of basic forensic knowledge than a tool-specific certification offered by the tool vendor.