Digital Forensics Expert and Cyber Security Investigator


By Jennifer L. Hay

“Ransomware as a Service”(RaaS) is now a profitable business model that uses marketing campaigns and websites with videos and white papers to attract buyers. If you simply don’t have the time or skills to develop your own ransomware variant, you can make your way to the dark web. You will find a plethora of ads for all sorts of illicit goods and services.

The rise of ransomware continues to be a growing threat and it is no longer just about large businesses paying a hefty fee to regain access to their systems and data.  Ransomware attacks can have grave consequences. Consider the Colonial oil pipeline cyber attack where the pipeline was shut down. There were initial concerns about compromised systems. There was the potential that hackers had accessed the pipeline’s operational technology network, which controlled the actual flow of gasoline.

Ransomware is but one type of malware, and malware is only one example among a wide variety of cybersecurity attacks. In recent years, there has been an avalanche of cyber crime incidents with real-world implications as cyber crime gangs become increasingly aggressive. Every technology advancement creates security vulnerabilities and opportunities for cyber crimes.

For those who are up to the challenge, forensics is a fascinating career across a constantly evolving threat landscape. Now, let’s look at what it takes to excel in the field.

What skills and characteristics make a good Digital Forensics Expert and Cyber Security Investigator?

Digital forensics is the use of investigation, analysis, and problem solving techniques to identify, preserve, and present evidence in cyber crime investigations. It can also be part of a forensic process, such as to recover data.  No matter the purpose, the goal of forensics is to perform a disciplined investigative process. Forensics is used to maintain a documented chain of evidence to understand what happened and if relevant, who was responsible.

Success in this role requires many of the same skills as a data analyst.  An individual who is naturally curious, persistent, and skilled in root cause analysis and problem solving is a natural fit to work as an investigator. Intrusion investigations can be long, circuitous, and many times frustrating. Tenacity blended with analytical thinking and critical thinking skills is critical to understanding incident dynamics.

While horses wear blinders to reduce their field of vision, block out distractions, and stay focused on their tasks, an investigator often doesn’t have that luxury. Investigations rapidly evolve over time and may lead down many rabbit holes. An investigator needs to formulate multiple hypothesizes based on the evidence, then objectively test each hypothesis.  When evidence or circumstances change, they must be able to pivot away from a favored hypothesis. They need to reexamine the situation, retest promising hypotheses, and perhaps develop new hypotheses. Adaptability and persistence are important investigator qualities, especially when the pace of an investigation is slow.

A key aspect of digital forensics is a documented chain of evidence. It is critical that an investigator has good communication skills and is passionate about securing and validating evidence. They must take a rigorous approach to collecting and documenting evidence such that it can withstand the scrutiny of exhaustive legal processes.  They need to be skilled at establishing the incident timeline, describing how the IT infrastructure was penetrated and the malicious activity that occurred. Forensics Investigations

Digital Forensics and Cyber Security Careers

The digital forensics market can be divided into Computer Forensics, Network Forensics, Mobile Device Forensics, and Cloud Forensics. Excelling in each of these areas requires a mastery of threat and risk management. It also requires an understanding cybersecurity practices from secure architecture, infrastructure, hardware, software, and protocols to security operations.

Becoming and staying an expert in all of these areas would be an insurmountable task for most people and a high-risk situation for an organization. A pragmatic and comprehensive approach is to establish cybersecurity teams (internally or externally) with expertise in all types of forensics.  To be successful, these teams must be highly collaborative, openly sharing their findings and insights, and continuously shaping and reshaping their efforts as new evidence is discovered and analyzed.

Let’s look at one area of forensics. Network engineering and network management have become increasingly important over the past several years. Network communications is business critical with distributed workforces, cloud-hosted applications, e-commerce, supply chain management, customer engagement, and data dependencies. All of these require fast and reliable communication. Yet network communications have become increasing vulnerable with malware, hacking, digital fraud, denial-of-service, and other attacks.  Having a security expert who specializes in network forensics is ideal for investigations that often deal with volatile and dynamic information.

Call to Action

Hackers are continuously creating tomorrow’s threats. However misguided, they are intelligent and inventive thinkers. Top-tier forensics professionals must be even more advanced in their thinking and problem solving capabilities.  For those who are thrive in a challenging and fast-paced environment where quick thinking and decisive action determine success, digital forensics is an ideal career.

Many organizations take a reactive approach and only consider digital forensic solutions and services after a breach takes place.  If you understand forensic investigations either through formal education or experience, work to help the organization adopt a proactive approach of planning for threat protection and digital forensics. Be a good team partner in contributing to defining a solutions roadmap and selecting the best fit, digital forensic vendor.

If you want to further your cybersecurity skills and become a forensic investigator, consider NSA certified programs, such as the University of Maryland Global Campus’s program in Digital Forensics and Cyber Investigation. Also available are certification programs, such as Computer Hacking Forensic Investigator (CHFI), Cyber Defense Forensic Analyst (CDFA), Certified Forensic Computer Examiner (CFCE), and Certified Computer Examiner (CCE).

Author’s Note

Here is an example of a Digital Forensics Investigator resume which demonstrates how to highlight some of the soft skills that I’ve mentioned above.

Digital Forensics Resume


About Jennifer Hay

I’ve been writing technical resumes and advising on career transitions for almost 15 years.

Throughout that time, I’ve read numerous articles about best practices for IT resume writing. What I found in those articles is a lot of bad information because it’s the same advice they give for non-technical professionals. This is important because IT resumes are different.

I built this website to share what I’ve learned in my career. I think you’ll find information on this website that will help make your IT resume a success.