Forensic Femmes 1: Alissa Torres
Welcome to the inaugural Forensic Femmes blog post! As I wrote many months ago, the purpose of this series is to highlight the many contributions women are making to the DF/IR community, whether we know them or not.
My first guest is Alissa Torres, who recently joined Mandiant’s team as an incident handler along with being a SANS Mentor and instructor. Here, Alissa talks about why she thinks crosstraining is important, what led her to SANS, what women should never do when entering a STEM profession, and the successes that keep her going.
Christa: Your lecture topic at the SANS DFIR Summit garnered a lot of very positive tweets. What experiences in your career led you to want to talk about crosstraining?
Alissa: Speaking at the SANS DFIR Summit was an honor – probably the best presenter experience I have had to date due to the support of the community and the attendees in the room. The Summit is unique in that everyone who is there is passionate about DFIR – it actually took someone pointing out to me that most of our after-hours conversations were geek speak – I didn’t notice honestly!
So, why did I talk about crosstraining? I have had the opportunity to work at some very different jobs, to include being a forensics examiner on a security operations team and more recently, playing a key role on an offensive skills team. Looking at network compromises and being able to understand both the attacker’s perspective and that of the responder offers great advantages in unraveling what happened on a compromised system.
My own realizations that I hoped to have shared were 1.) you have to know what a normal system looks like to identify anomalies and 2.) familiarity with other disciplines of security, be it pentesting or system administration, enhances your depth of knowledge and skill as an incident responder.
Christa: How did you get into DFIR to begin with?
Alissa: I first became interested in forensics when I was an instructor at DCITA (Defense Cyber Investigations Training Academy). Although I was teaching the introduction to hardware & networking course (INCH), I was surrounded by forensics and IR professionals who knew so much more than me. During this time, I was able to pelt my co-workers with daily questions – I can’t say enough about the camaraderie of the instructor staff there at the time. While I was at DCITA, I obtained my EnCE and moved from there to a job at a defense contractor performing internal employee investigations.
Christa: What drove you to become a SANS mentor?
Alissa: When I took FOR508 with Hal Pomeranz in Baltimore, I was a work-study facilitator, paying for the training out of my own pocket. My company had denied additional training for me and it was truly the only way I had to attend this advanced forensics course.
To say the course was life-changing sounds pretty ridiculous, but it is true – I realized on Day 5 of that course that I could become an active researcher in the forensics community instead of looking everything up online, I could contribute with my own knowledge and experience that not everyone has. The field of forensics/incident response is so young and expansive that not everyone can know everything, the perfect environment for collaboration and freedom to follow your interests.
So, considering what a great impact FOR508 had on me (and my previous experience as an instructor!), I decided to study my butt off and do well on the GCFA. If you score over 85 on the certification exam, you are invited to apply to the mentor program.
Page 1 of 2 | Next page
