What do you do?
I use tools and knowledge to prove (with Windows artifacts/evidence) how someone got onto a network, what they did while they were there, and if they took any data off the network. As an IR Analyst, I help decrypt networks, shut attackers out, restore operations and propose security improvements for clients. My main focus is on small to medium sized government units as their internal capacity for security and incident remediation is normally limited.
Why did you choose this field?
Having worked in local government for most of my career, I realized after the 2016 elections that we faced a capacity crisis. As I studied Network Security, I fell down the Digital Forensics rabbit hole. The more I learned about how our computers track activity, the more interested I became.
What do you look at and think, "I wish younger me would have known this was possible"?
With the proliferation of online training (like Metasploit Unleashed) and free virtualization software, one can take discarded computers, turn them into a Linux box and virtualize complete environments for testing/lab work.
Why do you love working in STEM?
There are new discoveries every day. The learning never stops, and neither does the fascination.
Best advice for next generation?
Find your passion and pursue it relentlessly.
Inspo quote / fun fact / role model
"Wherever he steps, whatever he touches, whatever he leaves, even unconsciously, will serve as a silent witness against him. Not only his fingerprints or his footprints, but his hair, the fibers from his clothes, the glass he breaks, the tool mark he leaves, the paint he scratches . . . All of these and more, bear mute witness against him. This is evidence that does not forget. It is not confused by the excitement of the moment. It is not absent because human witnesses are. It is factual evidence. Physical evidence cannot be wrong, it cannot perjure itself, it cannot be wholly absent. Only human failure to find it, study and understand it, can diminish its value."