Digital Forensics -- Career Tips from Rob Lee of SANS Institute

Credit EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

Increasingly, digital forensics is an important element of an information security program for organizations of all types and sizes.

But where can security leaders find qualified forensics professionals? How can these professionals obtain the skills and expertise they need to be successful?

Rob Lee of Mandiant and SANS Institute discusses forensics careers, focusing on:

Lee, a director with Mandiant and curriculum lead for digital forensic training at SANS Institute, has more than 13 years experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on Information Operations. Later, he was a member of the Air Force Office of Special Investigations where he conducted computer crime investigations, incident response, and computer forensics. Prior to joining

MANDIANT, he directly worked with a variety of government agencies in the law enforcement, Dept. of Defense, and intelligence communities where he was the technical lead for a vulnerability discovery and exploit development team, lead for a cyber forensics branch, and led a computer forensic and security software development team. Rob also coauthored the bestselling book, Know Your Enemy, 2nd Edition. Rob earned his MBA from Georgetown University. Finally, Rob was awarded the "Digital Forensic Examiner of the Year" from the Forensic 4Cast 2009 Awards.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Healthcare Enews General Healthcare Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

TOM FIELD: What are the career opportunities for forensics professionals in 2010? Hi, this is Tom Field, Editorial Director with Information Security Media Group. I'm catching up with one of our old friends today, Rob Lee. He's a director with Mandiant. He's a faculty fellow with the SANS Institute. Rob, good to talk to you again.

ROB LEE: Hey, thanks for having me on here again.

FIELD: Rob, why don't you just give people an update on what you're doing these days. As you've told me, you sort of have two hats that you wear.

LEE: Yes, I'm working at Mandiant. I'm one of the directors there, and we've been quite busy over the past six months, especially considering some of the things that are currently going on that are really relevant to current events. We just released a report -- I was one of the authors of this report - called M-Trends. It really details some of the more sophisticated attacks and threats that are coming from overseas from Asia, specifically China, hitting law firms, hitting commercial companies, and since then, industrial branch and other organizations. It's a really -- I had a really fascinating time putting that report together, but it really details at a technical level how these attacks are successful and what we're seeing on the ground when responding to them.

FIELD: Well, Rob, we talked about forensics back in September. A lot has happened since then. What are some of the trends that you're specifically looking at now in 2010?

LEE: Well, one of the things that we're definitely seeing when it comes to the average forensics professional, what they need to know, is the complexity of the cases is growing exponentially. We're no longer just relying on recovering pictures, recovering email in order to solve a case. The cases that we're now experiencing require forensic professionals to be able to be comfortable with doing forensics across multiple machines, across different environments and give different case types all the way up to where you could be investigating advanced hackers that are moving within your organization. Many companies today are caught in situations where they do not have trained professionals working on their staff that are able to respond specifically to a variety of threats.

FIELD: Well, Rob, we've hammered it home to organizations that, they need to have a forensics competency. So, for someone looking to hire forensics professionals, what do they have to be looking for?