The Authenticity in Failure

14189813404_69a7864ea5In my last post, I wrote a little bit about how impostor syndrome — the belief, most often seen among high achievers, that the only thing you’re good at is pulling the wool over people’s eyes at how big a fraud you are — had driven a hiatus from my blog as well as from other professional pursuits.

For me, impostor syndrome is both generalized and specific. In my head exists a general sense that no matter what I do, I’m probably screwing it up. Between marketing and parenting (and thanks to the latest health research, even sleeping and eating), there’s not a chance I’m getting much of it right — and I won’t even know it for many years to come.

There’s a certain freedom in realizing that everything you do is probably a mistake, but it only works to counteract that generalized fear. The more specific fears are harder to beat, because they go back to the times I’ve actually screwed up.

When you have impostor syndrome, specific mistakes “prove” that you are, in fact, a fraud. If you knew what you were doing, you’d never make them. And too many in a row will make your employers realize what a mistake they made in hiring you. It doesn’t matter if I keep my job that one day. That mistake piles on all the others, and someday it will be enough to bring the whole house down.

In the past, this uncertainty could paralyze me into inaction — a self-fulfilling prophecy. These days — since dietary changes blew away most of the cobwebs, an unintended consequence of fixing physical issues — it’s a lot easier to manage. Having had time and space to reflect, here’s what I’ve learned:

I’ve never felt this way when I wasn’t stretching.

Feeling incompetent doesn’t happen when 90 percent of my daily work consists of things I could do in my sleep. Instead, I’m bored. Given a choice between feeling incompetent and feeling bored, well, I’d definitely rather feel incompetent. It means I’m growing, that I have more things to learn. That I care enough to want to get it right. That other people respect me enough to challenge my intelligence.

There’s a fine line between stretching and self-sabotage.

Part of stretching is leaving your comfort zone. However, when you’re out of your comfort zone so often that you feel like you’re failing pretty much all the time, that’s a signal: you need to find a way to play to your strengths. Sometimes that’s a matter of having a heart-to-heart with your boss about how to be more successful. Other times, it could be a matter of finding a job that’s a better fit.

When mistakes aren’t OK, it’s time to get out.

It’s one thing for bosses to tell you that mistakes are OK to make, how you learn, whatever. It’s another to have the sense that they really aren’t OK. Seeing a colleague fired for a relatively easy-to-make mistake has a way of messing with your head, even many years and positions later.

Find the place that values mistake-making. To quote John Cleese, “I suggest that unless we have a tolerant attitude towards mistakes — I might almost say a positive attitude towards them — we shall be behaving irrationally, unscientifically, and unsuccessfully.”

Do your own thing.

Not at work, obviously. But make sure you’re making time for your own crazy projects. Otherwise, you risk putting too much of your time and energy into everyone else’s projects. Not only will they never have the same vision as you; your vision may also not be what the organization needs. You need an outlet for what you need, which can help you separate yourself from your work and lend better clarity to your professional life.


This is how we bust through impostor syndrome: by telling ourselves, every time we start thinking that what we have to say isn’t as good or isn’t as necessary as what others have already said, that out of all the humans ever to put words on paper, all the possible permutations and combinations and evolutions of the human brain rendering language usage so unpredictable, only one thing is true: it hasn’t been said YET. That’s why we need to say what we need to say.

Embrace humility.

I’ve learned the uncomfortable truth that impostor syndrome and pride are intimately linked. I feel incompetent when I realize I don’t know as much as I thought I did, and when I realize the answers aren’t as obvious as I want them to be. That’s a sure sign it’s time to ask for help — to humble myself, even to be vulnerable.

This is not an easy task in a world that values self-sufficiency above all: the ability to outsmart, outmaneuver, and outperform peers — we see it, pervasively, in reality television and politics, in our kids’ test scores and gleeful celebrity gossip. We’ve taken competition to an extreme, where we’re obsessed with being “better than,” and it’s making us lose our empathy.

The thing is, impostor syndrome and its big brother, perfectionism, make you focus on yourself even when you think you’re focusing on others — your kids, your workmates, your friends. Fear of screwing it all up can make you stop trying out of self-pity, and that can have the exact same effect as extreme competition.

I may not get much right in life. No one does. If that makes me an authentic impostor, then I’m okay (and probably a lot happier) with that.

photo credit: Find peace via photopin (license)

Hold tight and pretend it’s a plan

kayaker balancing in whitewaterIt’s been awhile since I blogged here; now that I think about it, since around the time I first discovered the “NuWho” Doctor Who reboot on Netflix. Thankfully, however, correlation does not imply causation, and Doctor Who was really part of a larger rebalancing, the start of a process of examining and processing and deciding.

Things I learned:

No matter how much you love something, it is possible to overdo it.

No, I am NOT talking about binge watching entire Who seasons on Netflix in a single day. Well, mostly not. Although it is hard to walk away from.

The fact is, I burned out on writing. I lost the soul of it because I let my ego get too wrapped up in topics and forms that other people at work weren’t as invested in. What I did do was get reinspired by watching incredibly well made TV shows and discovering new fiction.

I’m better now at recognizing when I’m doing too much of other people’s stuff, a signal that I need to pause and do something for myself. (I also don’t swim competitively for that same reason.)

Sometimes taking a break isn’t enough. Sometimes you have to quit altogether.

I learned this in 2006, also after a period of burnout, when I quit my part-time freelance job, also because I lost the soul of writing in too many PR pieces and not enough stories. I wrote fiction and raised my sons, but it wasn’t until a story I loved found me that I went back to trade journalism.

At that point, though, I quit fiction. I didn’t believe I had anything to say that stood out enough from the crowd. It took another five years, a depression, heartbreak, the abovementioned burnout, and various other tribulations for new stories to find me. I’m told it’s my best work yet; stay tuned.

In any case, quitting, I’ve found, is as much about things and activities as it is about people. It’s letting go, setting free… and if “it” — passion, stories, friendship — comes back to you, you aren’t yet through learning from it. Don’t sit around waiting, either; find other things to do with life:

quote about downtime by Anna Quindlen

You’re not an impostor if you’re doing your own thing

Not feeling I had much to say also figured into my hiatus from this blog. Rampant impostor syndrome had convinced me I wasn’t enough of a marketing expert to join the throng of voices from other, more experienced communications experts.

That still left #forensicfemmes, but with no forensication experience of my own, who was I to publish anything that real forensicators would find of value? As a person who places high value on informed opinion, to weigh in, for example, on IBM’s “Hack a Hair Dryer” would have nothing on Lesley Carhart’s excellent blog on the topic.

It would take another few months, a decision to drop my other blog, Cops 2.0, and use this space to focus on my personal-professional life, to work out how it all comes together. While there won’t be anything close to a regular blogging schedule with a solid editorial calendar, my intent for this space is:

  • Fiction talk. That includes stories I write and/or publish, authors and books I love, things I learn about the industry.
  • #ForensicFemmes. I see an intersection with finding and doing work that is personally fulfilling, that feels like contributing time and expertise to a valuable mission.
  • Personal lessons learned about career, marketing, life, etc. Expect lots of references to geek culture. And raccoons, the “hackers of the animal kingdom” I’ve learned to love through volunteering at a wildlife sanctuary.

As the 11th Doctor noted:


photo credit: Level Six 2009_0237 via photopin (license)

Forensic Femmes 4: Melissa Augustine

Melissa AugustineAt the end of September, Foundstone’s Melissa Augustine (you might know her as @sketchymoose on Twitter) announced the release of her script, Total Recall, for memory parsing. What caught my eye in her blog post wasn’t the content of the script itself, but rather, her willingness to release it even though it wasn’t yet “perfect.” I caught up with Melissa to talk with her a little more about how she got to that point of confidence.

Christa: You’ve been involved in digital forensics since before it was “cool.” 😉 How did you first become interested in the field? Was memory forensics always something that piqued your curiosity?

Melissa: I went to Hilbert College for Economic Crime Investigation, and did a dual in Computer Crime and Financial Crime. I found the Computer Crime side much more enjoyable and exciting so I decided that would be the route to try. I remember chaining together the FAT on a floppy to recover documents… I shudder to think about trying to do that manually now given the size of hard drives today!

I actually first remember memory forensics when working at the DoD and running strings against the page file…. I thought “well this is getting me nowhere” as I could not associate strings with an process, module, etc. I went to a DoD CyberCrime conference where I attended a talk about these guys from University of MD who were creating a memory parsing tool called “Volatility”… the rest is history really.

I find it amazing how much you can pull from a memory dump, and there have been people thinking about this since “way back when”. I also remember going to DFRWS in Pittsburgh and listening to the passion these guys have, and it gets you really excited!

Christa: You actually earned a DoD scholarship to GWU. How did that come about, and how did it help shape your career?

Melissa: How do most things come about at that age? Your mother tells to you do it! 🙂 I was not sure what I wanted to do really, and I had a few job offers for a  Criminal Investigator at a few agencies (again though with the White Collar Crime) but it didn’t really appeal to me at the time. My mother had found out about this scholarship and really pushed me to sign up.

The DoD scholarship was amazing, it allowed me to focus on my graduate program, provided me a job in the government when it was all said and done, and, most importantly, put me in the middle of it all in Washington DC. Networking was rampant. The program even got us business cards and hosted events so we could meet the movers and shakers currently in the government.

Now it’s my former classmates who are the movers and shakers, and they still take time to go back to the campus and meet the scholarship students to talk about their careers and help out where they can. I will always be grateful for that scholarship because it put me on the road to where I am today.

Christa: What advice would you give to aspiring female forensicators whose moms don’t take such an active interest in their careers — if not scholarships, what other options do you feel would afford women similar opportunities to network and learn?

Melissa: You hit the nail on the head — networking. It’s key. There are tons of meetups where forensics geeks can mingle with pen testers, reversers, etc to meet people in the industry.

Also, colleges and universities generally have sessions where talks are given on a certain topic and then there is a Q&A session afterwards. The George Washington University, where I got my Masters, was amazing at this. Even Hilbert College, where I went for undergrad, was offering us opportunities to refine our resumes, partake in mock interviews, and offer us job openings based on connections in the field.

If you are outside the academic realm now, there are tons of groups and seminars to go to. The big ones are of course Black Hat and DefCon in Las Vegas, however the are local DefCons which have monthly meetups and there is B-Sides as well… and they are FREE.

Get out there, have a beer, and go talk to some like minded people! These venues are also great places to give a talk/presentation, as they are smaller and there is a bit less stress in presenting. Everyone is good natured 🙂

Christa: I really love that you freely admit “Yes yes I know I am not a coder and my code sucks.” What made you push past that and decide to just share the code?

Melissa: It came down to helping out the community. As an analyst I always try and figure out ways to make life a bit easier. This script I hope will help myself in future investigations to pinpoint potential badness. I figure if it works for me, why not see if others can use it?

I think Harlan Carvey once blogged about contributing to the community, and it just makes sense. If you see an issue or a problem, figure out a way to address it and share it with the world. Chances are someone else has ran into the same problem and would really appreciate your tool/script/howto.

My fiance is a bit of a coder himself and when he saw my code I knew he was thinking “If I was her team lead….” and not in a good way! However, he and others really gave me some pointers on how to think more like a programmer, rather than just patching the problem. Also with open source someone else out there may have a suggestion or idea for the code, making it more efficient! It’s all about learning and sharing ideas.

Christa: What pointers did you receive from your fiance and others to think more like a programmer? How did that advice help you to improve this particular code, and your overall skills as a forensicator?

Melissa: I would encounter a problem and would be trying to modify the code to address the issue. He would ask, “Does that solve the underlying problem or just this problem?” It forces you to think about what you are really trying to fix and write code to account for it, rather than applying a quick band-aid.

It makes sense as in the forensics field, blocking a simple IP from beaconing out is a temporary solution, wouldn’t you rather plug the initial infection vector so you don’t have to worry about that attack again? He simply showed me I should expand that thought to coding as well.

Christa: What’s up with the name “sketchymoose”? I used to live in Maine and never thought of moose as sketchy… 🙂

Melissa: I honestly do not remember… I remember being fascinated by moose in high school and somehow ‘sketchy’ got thrown in there. It just sorta stuck. I also do not consider myself the most graceful of creatures and moose themselves always look awkward and ready to fall over. I have even gone on road trips to Algonquin in Canada to find moose– Maine may be the next place to look!

Want more? Check out a short video of Melissa recapping her presentation at CRESTCon & IISP Congress 2013: “Memory Forensics – Helping to find what isn’t there“:

Forensic Femmes 3: Sarah Edwards

Sarah Edwards Harris Corp.Having been part of the very first Forensic Femmes Slumber Party in Atlanta, GA in January 2012 (at which a midnight stroll around downtown may or may not have been involved), Sarah Edwards is one of those fun people who’s smart to be around. An intrusion analyst at Harris Corp., Sarah has a passion for Mac forensics, though she appreciates digital forensics analysis in all flavors: Mac, Windows, Linux, mobile and anything else that seems like it could be analyzed.

Sarah has lately presented some of her work at conferences and in white papers. Most recently, she won one of David Cowen’s “Sunday Funday” challenges regarding OSX/timemachines, and in 2014 she’ll be teaching the 6-day SANS FOR518 – Mac Forensic Analysis, covering OS X & iOS.

Christa: What’s the best and the worst of being the only woman in a DFIR lab?

Sarah: There really is not best and worst parts of being the only female in a DFIR lab. There are times where I miss being able to just talk to another female techie but that’s why I appreciate the Forensic Femmes Slumber parties! I been working with primarily males for a very long time, most days I don’t even notice a difference!

Christa: You published a few items last year. What are you researching this year, and why?

Sarah: I have a few ideas floating around. I hope to do something on reverse engineering Mac malware or maybe something on Mac memory analysis. I like to make presentations that are very technical and detailed. I always want to learn something new or add to my knowledge on a certain subject. I hope the DFIR community can learn from and use my presentations in their own casework.

Christa: What’s one thing you wish you could change about the DFIR industry?

Sarah: I wish that more people would be confident in their own work to put their research out to the community. I always hear folks saying they don’t know enough or presenting is too frightening. People know more than they think, and once they put their research into a presentation they’ll know more than most people in the room. I used to be terrified to present in front of a crowd of people, I still get queasy at the thought, but it gets easier every time I do it. Every time I present my research I have this sense of relief that accomplishment that I was able to give back to the community.

Christa: In the vein of encouraging others to present so that the community can learn from them, what are some examples of presentations you yourself have learned from and used in casework?

Sarah: I enjoy going to many of the security conferences and sitting in on topics that I know will be far, far beyond my technical skills of actually employing their techniques – but as an Intrusion Analyst I can get ideas on how to find artifacts of what the “hackers” are doing from a forensic perspective.

More specifically I recently went to my friend Cindy Murphy’s talk on damaged mobile phones this year at CEIC. I went in expecting use of proprietary tool and advanced techniques to recover data from damaged phones, I would have never known it would so easy (yet tedious) to just take apart a phone and clean it and in a few hours have a working device. While I don’t deal with damaged phones often, I’m prepared to take on by surprise…or at least find comfort in the fact that Cindy is a phone call away!

Also at CEIC, I found the presentation by David Cowen and Matthew Seyer to be helpful in introducing me to the NTFS Logfile. I always knew it was there but have always failed to look into it further. I appreciate the research these guys have done to help others understand its metadata contents, and even provided a tool to parse it, bonus!

Christa: Do you have any tips on presenting — preparing the research to be presented, and then tips on actually getting up and doing it?

Sarah: Know the research and presentation material front and back. I will often study my slides for days in advance, tweaking and changing the order of some slides to (hopefully) better present the material I have. Using the slide note feature can also help, while reviewing your material you can anticipate questions and put the answers in the notes.  90% of the time I’ll never get asked the question but I feel more prepared for the entire presentation.

When choosing a subject, create an outline of what you want to cover. Determine how much material you will need ahead of time and to limit what you need so you will not overdo it. I am probably the worst offender when it comes to too much material to cover – it kills me when I have to cut slides or topics out of a presentation to fit in the time slot allotted. I feel like my presentation is less thorough, incomplete, or just short-changing the audience. I have come to terms with uploading the entirely of my slide deck after the presentation, so those who are interested can have the information available to them.

Christa: Also, anything you have found about your audiences that makes presenting easier as time goes on?

Sarah: Everyone who comes up and says “thanks, that presentation is going to be very helpful” really encourages me to make more presentations or present at other conferences. I truly appreciate those folks who come up to me afterwards and say thanks or ask about a particular slide or section, it helps me explain things better the next time I give it. There are even folks who come up and say “hey, so I have this Mac back in the office…”, these questions help me come up with new presentation ideas – I’m always looking for content that would be helpful to the DFIR community.

Thanks Sarah! These are issues a lot of forensicators both male and female struggle with and I hope they will have found inspiration in your experience. Readers — questions for Sarah? Leave a comment!

Forensic Femmes at CEIC 2013

It wasn’t a big crowd, but it was certainly fun! Last week, a small group of us got together for the third or fourth Forensic Femmes Slumber Party. Although I still can’t contribute to discussions about timestamps, the MFT or “the worst of the worst” images and videos floating around in cyberspace, here’s a little bit of what else we did talk about:

Having a reputation as a bitch because you struggle with walking the exceedingly fine line between being as direct as the boys, but not as pleasant and “nurturing” as many of us were raised to be.

Sexual harassment. Yes, boys and girls, as tremendously supportive as the online DFIR community can be, harassment still happens — and sometimes it’s blatant. In this day and age, no woman should have to fear for her safety, much less worry about whether she’s more valued for her physique than for her brains.

By the way, if you’re at a conference and you’ve been drinking, and you’re in the same swimming pool where a woman or several women are hanging out in a group, don’t surface from the water like Swamp Thing looking to save Alice. You’re probably too drunk to save anyone (not that we needed saving to begin with) and we will forever remember you as Swamp Thing, no matter how smart a forensicator you are.

If you want to network, even while drunk, make it count. Ask what’s most important to us, what we’re researching, why we think it counts. A lot of guys in our community do this on a regular basis, and we’re all better for their support as they ask, challenge, push us past our comfort zones, and maybe even push themselves past their own comfort zones. We could not appreciate this more!

On the lighter side of things, we pondered whether you do or don’t need to have seen any of the Star Wars trilogies (especially the original) to validate your geek credentials. And in a sillier moment, we realized that you cannot pour wine from a bottle when the cap is still on.

Guess you had to be there. If you’re a female forensicator, join us next time! Meanwhile, the comments are open for debate. What have you experienced as a forensic femme, or as a man working with one or more of us?

Forensic Femmes 2: Stacey Edwards

Stacey Edwards has been a vocal member of Twitter’s #DFIR community (tweeting as @4n6woman) for at least two years, and was part of the original Forensic 4cast episode that started this blog series rolling. She’s contributed to the SANS Computer Forensics Blog, which was well received within the community. Until recently employed in the private sector, Stacey is now actively seeking new opportunities.

About her personal style, Stacey says, “I might be quiet, but I consider it observing my surroundings and then adding my ‘two cents’ if needed.” From what I understand, her input in classes and conference lectures is worth a lot more than that. Following is a little more about another female forensicator to watch.

Christa: You’ve been doing forensics for 4 or 5 years, right? What got you interested in the field to begin with?

Stacey: I have – just over 4 years. I became interested in the field first on the “blood and guts” side. CSI (the original one) was very popular when I realized that I could make a career out of forensics. It was within a few minutes in my first class that I knew that the show was NOTHING like the real world – shocking, right? In fact, I thought the real world version was much more entertaining and stuck with it. Before graduating with my Associate of Applied Science in Forensic Science, I learned that working in the computer side of forensics was an option. I graduated three years later with my Bachelor of Science in Computer Forensics.

Christa: What was your experience in Defiance’s computer forensics program?

Stacey: It was a brand new program, and I was in the first class to graduate with that particular degree.  Some of our courses were programming (Visual Basic), forensics, and networking.  We had a semester-long internship program, which I completed at the Defiance County Sheriff’s Office.  The computer forensics program was very challenging, but after the lessons finally “clicked” one day, it became a little easier.  I was even able to graduate at the top of my class!

Christa: What led you to become GIAC certified? Likewise, to learn Python scripting?

Stacey: My GIAC certification (GCFA) was actually a part of the required curriculum when I was in college. We took a mentored FOR508 program, studied the course material, and quizzed each other. We all passed our GCFA certifications, and I was even offered a mentor-ship through SANS for my high score.

(Since I was fresh out of college and with no forensics work experience, I did not take them up on the offer.  Now that I have more experience under my belt, I have thought more about becoming a mentor and helping others, but have not fully decided if I should.)

Python scripting was a little different. After attending the SANS conference in Austin, TX this summer, I saw a need in the field for more programmers. One of my favorite courses in college was programming, so I knew I could do it.

I recently signed up for an online college course taught through the University of Toronto but offered through Coursera. Even though we are only a couple weeks into the program, I have already learned so much. In the near future, I hope to be working on testing some of the Python scripting with the soon-to-be-released python version of log2timeline (per Kristinn Gudjonsson’s request).

Christa: What types of cases do you most enjoy working on?

Stacey: I most enjoy working on criminal, forensics cases – fraud and arson, in particular.  With my husband being a local police officer and hearing his stories, it helps drive my passion to get into the law enforcement side of forensics investigations.

Christa: Cindy [Murphy] says you’re a great student, that you have a knack for making connections even as you are sitting in a class, learning something new. This doesn’t come easily to everyone — what drives your passion for learning? And how are you not afraid of speaking up to ask or give feedback?

Stacey: I love learning new things. Every night before I go to bed, I read 10-15 pages in a personal development book. (The book right now is titled “The Slight Edge” and is written by Jeff Olson.) This small effort every night keeps me motivated to learn.

In reading these books, I have also realized that I should never be ashamed to ask for help. All successful people have asked for help at one time or another because they realize that no one can ever know everything there is to know. My advice to everyone would be to always ask for help. You won’t be the only person with the same question, but you might be the only person brave enough to ask!

Christa: What do you find most challenging in the best way?

Stacey: The most challenging part of forensics, for me, would have to be trying to stay ahead of the game.  The field is constantly changing, and there is always something new to learn.  Community support and collaboration has been fantastic to help us all advance so quickly, but we have a long way to go.  We will never know everything, but that’s part of what makes forensics fun and allows for growth.

Christa: As a forensicator going forward, what are your professional goals?

Stacey: My professional goals include, at the very least, future employment with an outstanding company. I would also like to contribute more to the forensics community through testing and helping to write new programs as my skills improve.

Stacey, thanks for sharing more about your experience and professional goals. It’s been an honor and pleasure to know you, and I look forward to seeing your continued contributions.

Forensic Femmes 1: Alissa Torres

Alissa Torres SANS mentor and instructorWelcome to the inaugural Forensic Femmes blog post! As I wrote many months ago, the purpose of this series is to highlight the many contributions women are making to the DF/IR community, whether we know them or not.

My first guest is Alissa Torres, who recently joined Mandiant’s team as an incident handler along with being a SANS Mentor and instructor. Here, Alissa talks about why she thinks crosstraining is important, what led her to SANS, what women should never do when entering a STEM profession, and the successes that keep her going.

Christa: Your lecture topic at the SANS DFIR Summit garnered a lot of very positive tweets. What experiences in your career led you to want to talk about crosstraining?

Alissa: Speaking at the SANS DFIR Summit was an honor – probably the best presenter experience I have had to date due to the support of the community and the attendees in the room.  The Summit is unique in that everyone who is there is passionate about DFIR – it actually took someone pointing out to me that most of our after-hours conversations were geek speak – I didn’t notice honestly!

So, why did I talk about crosstraining?  I have had the opportunity to work at some very different jobs, to include being a forensics examiner on a security operations team and more recently, playing a key role on an offensive skills team.  Looking at network compromises and being able to understand both the attacker’s perspective and that of the responder offers great advantages in unraveling what happened on a compromised system.

My own realizations that I hoped to have shared were 1.) you have to know what a normal system looks like to identify anomalies and 2.) familiarity with other disciplines of security, be it pentesting or system administration, enhances your depth of knowledge and skill as an incident responder.

Christa: How did you get into DFIR to begin with?

Alissa: I first became interested in forensics when I was an instructor at DCITA (Defense Cyber Investigations Training Academy).  Although I was teaching the introduction to hardware & networking course (INCH), I was surrounded by forensics and IR professionals who knew so much more than me.  During this time, I was able to pelt my co-workers with daily questions – I can’t say enough about the camaraderie of the instructor staff there at the time.  While I was at DCITA, I obtained my EnCE and moved from there to a job at a defense contractor performing internal employee investigations.

Christa: What drove you to become a SANS mentor?

Alissa: When I took FOR508 with Hal Pomeranz in Baltimore, I was a work-study facilitator, paying for the training out of my own pocket.  My company had denied additional training for me and it was truly the only way I had to attend this advanced forensics course.

To say the course was life-changing sounds pretty ridiculous, but it is true – I realized on Day 5 of that course that I could become an active researcher in the forensics community instead of looking everything up online, I could contribute with my own knowledge and experience that not everyone has.  The field of forensics/incident response is so young and expansive that not everyone can know everything, the perfect environment for collaboration and freedom to follow your interests.

So, considering what a great impact FOR508 had on me (and my previous experience as an instructor!), I decided to study my butt off and do well on the GCFA.  If you score over 85 on the certification exam, you are invited to apply to the mentor program.

Christa: What one piece of advice would you give another woman seeking to get into DFIR (or any STEM profession)?

Alissa: My advice to other women just entering the field is to never self-deprecate.  Someone may hear you and just might believe your humble assessment of yourself.  You need to realize that everyone started off somewhere, even the “Old Man of Forensics” (whomever that may be) and it does no good to state that you are “inferior” because you are new/junior/inexperienced.

One of the women in my class recently said  to me in front of the rest of her male classmates, “My mind doesn’t work that way.  I am not as good as everyone else here.”  She was one of 2 women in the room of 20 and although she never signed up to represent our gender, she indeed was doing just that.

Since there is such a small percentage of us in the security field, and even less as you delve into the more technical jobs, we must always acknowledge and bear the responsibility of this.  I am a firm believer in the idea “No one knows what a woman isn’t capable of.”  Other women may feel I am wrong on this, but I have run into this “women can’t do as much” mentality first hand.

After the presentation of the MMA Challenge that my co-worker and I presented at CEIC 2012, I was approached by two male attendees who exclaimed “We were surprised that a woman would know so much.” in reference to my ability to speak to both the forensics and offensive realms.  It is this attitude that tells me that I still have a great deal left to accomplish.

Christa: What has been your greatest challenge in your career?  What has been your greatest success?

Alissa: One of my biggest challenges in my career, as well as my life, has been to balance my desires to be the best at my job and to be the best Mom to my kids.  While in the Marine Corps, I learned quickly that talking about one’s family can be seen as a sign of weakness.  I still see negative ramifications for women who discuss their family and personal obligations (kids, mainly) in the workplace.  So, yes, unfortunately, I am divided down the middle sometimes between “uber-driven cyber warrior” and “super soccer mom”, both completely ridiculous titles!

I am sure most working women feel this conflict, at some point, whether their personal lives include kids or marathon training or any other arduous, “soul-sucking” hobby.  🙂 But, kids have a way of holding you accountable and my biggest and most constant challenge has been in being present for them when they need me.

My greatest professional success, as of yet, has been finding others who share a similar passion for information security. What a fantastic community we have! Finding folks who understand and share the drive to keep learning, keep asking questions, has been key to my progress.  It is unique to our industry, that things change on a daily basis. Without surrounding myself with like-minded people, I would have burned out a long time ago.

Alissa, thanks so much for the thoughtful responses, for taking the time to write them, and for all your contributions to the DF/IR community!

Writing for the community

If we’re connected on various other social media sites, especially LinkedIn, Twitter, or Facebook, you may have noticed that I have a new job. Although I haven’t shuttered Christa M. Miller Communications, I’ll be devoting time only to very limited projects.

At heart this blog has always been about how DF/IR businesses can better interact within the community. Rather than direct this toward vendors, however, I want to focus a little more on service providers — individual practitioners, small business owners, teachers, and researchers. Therefore, look for two things at Communications Forensics in the near term:

Women in Digital Forensics

I’m starting a new series highlighting the contributions of women in the DF/IR field. This isn’t to say that Melia Kelley, Sarah Edwards, Cindy Murphy, Erika Noerenberg, or others aren’t doing a great job of highlighting their own contributions. Rather, it’s for these two reasons:

  1. Lots of other women contribute without speaking up, either because they don’t have time or they don’t feel they’re on a par with Erika, Cindy, Sarah, or Melia. I know, I know — lots of guys don’t, either. Leading me to my second point:
  2. Women are underrepresented in the STEM professions as a whole. I’m looking to help reverse that trend at least a little by showing the really cool things the DF/IR women are doing, whether it’s research or investigation or even something related like writing (after all, I’m not a forensic examiner, either).

If you’re a woman working in DF/IR or you know one who deserves to be highlighted, send her my way! (And don’t forget to let her know there’s a LinkedIn group, too.)

It’s your community — what do you want to read?

In the last few months I’ve blogged about how to connect after a conference, contributing to the community with content, and the process of creation, among other things. They added to existing conversations and generated their own discussion, which I really appreciated.

But they were easy to write because the conversation was already happening. Other times, it’s not as easy to know what to say that will be valuable to a community that focuses on process. Heck, I don’t even know what a well-constructed DF/IR report looks like!

So tell me: what do you need a writer’s or PR pro’s perspective on? How do you as a DF/IR practitioner, business owner, or student want to use content to connect with your community? Leave me a comment, email me, or connect with me on Twitter or LinkedIn. And thanks!

Authenticating your content: The power of voice

there's a red house over yonderWhen I was regularly writing fiction, one of the most talked-about topics on the listservs and message boards was: How do you establish your voice?

The reason it was discussed so much is that voice is incredibly difficult to define. It’s the thing that makes writers sound uniquely different, what distinguishes Dennis Lehane from George Pelecanos in crime fiction, or Stephen King from Shirley Jackson in horror.

And it’s every bit as important in business writing as it is in fiction.

Last year I worked with an author on using articles to promote his book. Between some material in the book, emails we traded, and his blog, I’d pulled together what I thought was a pretty good piece. It was technically accurate and flowed well, and covered what I’d pitched the editors.

The problem? It didn’t sound enough like him, and he told me so. And he was right. He’s a prolific blogger as well as a book author, and has his own distinctive voice.

Why does it matter if voice is distinct?

Because everyone recognizes impersonal “corporate speak.” It’s usually filled with buzzwords like “leading,” “synergy,” “paradigm shift,” and so on. It’s lazy, safe, predictable. People use it because no one wants to inject their own personality into it.

This is a legitimate branding concern. Too many distinct personal voices can dilute a brand and confuse its customers. On the other hand, a brand that sounds just like every other brand is also pretty diluted. It also, and I see this in social media, misses opportunities to show its unique strengths.

So where’s the balance? How can you sound distinct, without losing your voice when your best communicator leaves or your company (and PR department) suddenly grows?

Know your company’s mission, vision, and values

The people who communicate on behalf of your company need a strong command of its mission, vision, and values. This isn’t as simple as making them memorize the company’s mission statement (many of which are useless anyway).

It’s not even as simple as inviting them to strategic planning or goal-setting meetings. A company’s values come through in every interaction with their publics, from sales to customer service to employee relations. Communications people, like everyone else, observe and listen. Pushy sales, lazy or rude customer service, and indifferent employee relations communicate a company’s values far more than a few sit-down meetings with the C-suite.

A communications staff using indistinct language may, in fact, be afraid to rock the boat — or at the very least, afraid of the potential consequences, from the boss if not the public. So:

If you’re the boss:

  • Start by asking yourself what you stand for. Integrity, truth-telling, the best service in your market, and so on. Outline what that means for your customers. While you’re at it, think about whether you need to redefine your business.
  • Review company content: website, press materials, videos, etc. Do their words match your vision?
  • If the answer is “no,” find out why. Be open to the answers.
  • Work with your communications team to figure out how and where you can make changes.

If you’re the communicator:

  • Assess the language you use in your current content; separately, assess what you believe your company’s brand to be. Do they match?
  • If not, challenge your boss to do better. Find out how and where to change your assumptions and align your ideas with your boss’s.
  • Start experimenting with language and visuals. Use words that advance the newly aligned understanding of mission, vision, and values. Don’t back down from committing to a different way of communicating!

In an industry like digital forensics, where thought leaders are easily recognizable, a blog or article that doesn’t “sound like” them can mean trouble. Whether they own a business or are contributing something else — research or training — a diluted brand can be as bad as making readers wonder whether they can trust what they’ve just read.

This is all the more important as more business-to-business firms — 89 percent, as of last year — embrace social media. It can be scary to show how you’re different from the competition. But companies are made up of individuals and their interactions with one another. If you have to think about authenticity, you probably aren’t authentic; but if you focus on developing your best values, and your voice along with them, you’ll differentiate in a way no competitor can match.

Would you add anything to the lists of what to do to find your voice? How do you communicate?

Creative Commons License photo credit: foto3116

The process of social content creation

Work In Progress - Go SlowThose of us who use Twitter on a regular basis often find ourselves fascinated by the speed of our streams. New content gets shared, retweeted, discussed on an hourly basis; it’s impossible to read and digest it all, so we filter it, judging an entire blog post by its headline or the hashtags used to promote the tweet.

Twitter streams so quickly that it’s easy to think you have to go faster, too. A blog post leads to a Twitter conversation that leads to more blog posts and more conversation… who wants to miss the opportunity to contribute (and be recognized for contributing)?

In watching the activity, it can be difficult to remember two key points:

  1. Everyone goes at their own speed.
  2. In failing to go at our own speed, we miss things… sometimes important things that might make the difference in how we differentiate our thinking from others’.

As social media and communications expert Amber Naslund wrote not long ago:

Reflection itself has a few benefits, from cool-off time to the ability to let thing sit and process for a while, like steeping tea leaves. Sometimes I notice something I didn’t before. I notice that didn’t say something or make myself clear enough, something that might have made the conversation easier, and I know to be more articulate and specific next time.

How I create social content

An example: to get to the post I wrote about contributing to the DFIR community, things sat in the back of my mind for a few days. I had seen Twitter conversations among Harlan, Ken, Erika and others; I’d read their blog posts. I knew there was something I could add… I just wasn’t sure what. I didn’t want to rehash what everyone else was saying, and I didn’t want to let the opportunity pass.

At the same time, two totally unrelated articles sat in my browser tabs. As with the DFIR conversation, I’d read them, knew I wanted to do “something” with them (bookmark them? Use them in a blog? Did I have a client who needed their wisdom?) but wasn’t sure what… until I began to see how they related to the DFIR discussion. What if, I asked myself, the writing itself might be the problem? And so my take on the “contribution” topic became about my own specialty: content.

Like Amber, I need time to process things. I’ve found this outside of Twitter too, in the last few months especially, whether in an email thread or in-person meetings or at trade shows.

  • It might take me two or more days to respond to email, not because I’m consciously stewing about something, but because I’ve read the thoughts and want to be sure I’m getting the issues and requirements right.
  • In person or on the phone, it’s not unusual for me to come back to meeting-mates a day or two later with more information, clarifying things I said and usually in relation to what I heard. (I sometimes struggle to articulate myself verbally.)
  • At DC3, on the last day of the trade show I came to the expo hall floor early and spent half an hour with the notes I had taken, connecting the dots between people and the thoughts they’d shared.

Among the connections I make is where good content lies. That’s why I don’t blog more than weekly on any blog I maintain.

Learning from the researchers

It’s hard to remember, amid the constant stream of content, that everyone has their own pace. This is true of fiction writers as well: some writers are just naturally more prolific than others (and may even suffer from hypergraphia). But it is also true that the more you write, well, the more you write. You learn to see the ideas in the everyday, to splice them together with other ideas.

And then there are the DFIR researchers.

It’s sometimes difficult for me, as a PR pro and content marketer, to see clients’ best minds working so slowly. Months can pass between good articles that support, say, a client’s training course, or that review a client’s forensic product.

Of course, all that means is that the writer is taking time with the research. Day jobs take precedence, and good research deserves thoroughness. It’s the only way to provide content that will be meaningful to the reader.

Back to Amber’s point: there is power in slow thinking, and perhaps what we owe most to our readers and followers is not the ability to keep up… but the ability to filter, connect, distill, and purify according to our own unique experiences and perspectives.

Are there times when you could have thought slower, or where you chose to think slower? Tell us about it below!

Creative Commons License photo credit: KarolGajda