Welcome to the inaugural Forensic Femmes blog post! As I wrote many months ago, the purpose of this series is to highlight the many contributions women are making to the DF/IR community, whether we know them or not.
My first guest is Alissa Torres, who recently joined Mandiant’s team as an incident handler along with being a SANS Mentor and instructor. Here, Alissa talks about why she thinks crosstraining is important, what led her to SANS, what women should never do when entering a STEM profession, and the successes that keep her going.
Christa: Your lecture topic at the SANS DFIR Summit garnered a lot of very positive tweets. What experiences in your career led you to want to talk about crosstraining?
Alissa: Speaking at the SANS DFIR Summit was an honor – probably the best presenter experience I have had to date due to the support of the community and the attendees in the room. The Summit is unique in that everyone who is there is passionate about DFIR – it actually took someone pointing out to me that most of our after-hours conversations were geek speak – I didn’t notice honestly!
So, why did I talk about crosstraining? I have had the opportunity to work at some very different jobs, to include being a forensics examiner on a security operations team and more recently, playing a key role on an offensive skills team. Looking at network compromises and being able to understand both the attacker’s perspective and that of the responder offers great advantages in unraveling what happened on a compromised system.
My own realizations that I hoped to have shared were 1.) you have to know what a normal system looks like to identify anomalies and 2.) familiarity with other disciplines of security, be it pentesting or system administration, enhances your depth of knowledge and skill as an incident responder.
Christa: How did you get into DFIR to begin with?
Alissa: I first became interested in forensics when I was an instructor at DCITA (Defense Cyber Investigations Training Academy). Although I was teaching the introduction to hardware & networking course (INCH), I was surrounded by forensics and IR professionals who knew so much more than me. During this time, I was able to pelt my co-workers with daily questions – I can’t say enough about the camaraderie of the instructor staff there at the time. While I was at DCITA, I obtained my EnCE and moved from there to a job at a defense contractor performing internal employee investigations.
Christa: What drove you to become a SANS mentor?
Alissa: When I took FOR508 with Hal Pomeranz in Baltimore, I was a work-study facilitator, paying for the training out of my own pocket. My company had denied additional training for me and it was truly the only way I had to attend this advanced forensics course.
To say the course was life-changing sounds pretty ridiculous, but it is true – I realized on Day 5 of that course that I could become an active researcher in the forensics community instead of looking everything up online, I could contribute with my own knowledge and experience that not everyone has. The field of forensics/incident response is so young and expansive that not everyone can know everything, the perfect environment for collaboration and freedom to follow your interests.
So, considering what a great impact FOR508 had on me (and my previous experience as an instructor!), I decided to study my butt off and do well on the GCFA. If you score over 85 on the certification exam, you are invited to apply to the mentor program.
Christa: What one piece of advice would you give another woman seeking to get into DFIR (or any STEM profession)?
Alissa: My advice to other women just entering the field is to never self-deprecate. Someone may hear you and just might believe your humble assessment of yourself. You need to realize that everyone started off somewhere, even the “Old Man of Forensics” (whomever that may be) and it does no good to state that you are “inferior” because you are new/junior/inexperienced.
One of the women in my class recently said to me in front of the rest of her male classmates, “My mind doesn’t work that way. I am not as good as everyone else here.” She was one of 2 women in the room of 20 and although she never signed up to represent our gender, she indeed was doing just that.
Since there is such a small percentage of us in the security field, and even less as you delve into the more technical jobs, we must always acknowledge and bear the responsibility of this. I am a firm believer in the idea “No one knows what a woman isn’t capable of.” Other women may feel I am wrong on this, but I have run into this “women can’t do as much” mentality first hand.
After the presentation of the MMA Challenge that my co-worker and I presented at CEIC 2012, I was approached by two male attendees who exclaimed “We were surprised that a woman would know so much.” in reference to my ability to speak to both the forensics and offensive realms. It is this attitude that tells me that I still have a great deal left to accomplish.
Christa: What has been your greatest challenge in your career? What has been your greatest success?
Alissa: One of my biggest challenges in my career, as well as my life, has been to balance my desires to be the best at my job and to be the best Mom to my kids. While in the Marine Corps, I learned quickly that talking about one’s family can be seen as a sign of weakness. I still see negative ramifications for women who discuss their family and personal obligations (kids, mainly) in the workplace. So, yes, unfortunately, I am divided down the middle sometimes between “uber-driven cyber warrior” and “super soccer mom”, both completely ridiculous titles!
I am sure most working women feel this conflict, at some point, whether their personal lives include kids or marathon training or any other arduous, “soul-sucking” hobby. But, kids have a way of holding you accountable and my biggest and most constant challenge has been in being present for them when they need me.
My greatest professional success, as of yet, has been finding others who share a similar passion for information security. What a fantastic community we have! Finding folks who understand and share the drive to keep learning, keep asking questions, has been key to my progress. It is unique to our industry, that things change on a daily basis. Without surrounding myself with like-minded people, I would have burned out a long time ago.
Alissa, thanks so much for the thoughtful responses, for taking the time to write them, and for all your contributions to the DF/IR community!