Stepping behind the digital crime scene tape with Devon Ackerman, Global Head of Digital Forensics and Incident Response at Cyber Reason, reveals what it truly takes to excel in the high-stakes world of cybersecurity response.
Drawing from his remarkable 15-year journey—from FBI Special Agent investigating national security threats to leading global incident response teams handling over 3,000 engagements annually—Devon shares rare insights into the evolution of cyber threats and the science of responding to them. "Every single investigation," he explains, "if you're not learning something, you're not paying attention."
The conversation explores how Devin maintains perspective during critical incidents, having witnessed both life-threatening FBI emergencies and corporate crises. This unique viewpoint shapes his leadership philosophy: "If we can figure out how a nation-state threat actor stayed in a client's network for six months undetected, I'm pretty sure we can handle someone's workload while they go take care of a family member."
For professionals in high-pressure roles, Devon's wellness strategies offer practical guidance—from finding moments to completely disconnect (including trips to remote areas without cell coverage) to protecting time on flights for mental decompression. His approach to work-life balance demonstrates how even those responding to the most severe digital emergencies can maintain equilibrium.
Whether you're considering a career in cybersecurity or seeking leadership insights from someone who's navigated both government and private-sector crisis response, Devon's story provides a compelling blueprint for excellence under pressure while preserving what matters most.
Please visit our website https://www.techexecwellness.com to stay up to date and subscribe to our newsletter!
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Hello and welcome back to another episode of the
Tech Exec Wellness Podcast.
This is your host, melissaSanford, continuing on with our
professionals and incidentresponse.
I am super stoked for thisguest.
I did not put it out on any ofour socials because I wanted
this to be a surprise, because Iknow this person, I worked with
him and I certainly look up tohim.
(00:21):
I'm so delighted Drum roll.
Today we have Devin Ackerman.
He is the Global Head ofDigital Forensics and Incident
Response DFIR at Cyber Reason,based in Raleigh, north Carolina
.
Devin leverages over 15 yearsof experience in cybersecurity,
focused on digital forensics andincident response.
Throughout his career, he'sbuilt and managed large-scale
(00:42):
global incident response teamswho've handled over 3,000
engagements annually.
So prior to joining CyberReason, devin led the global
DFIR team at Kroll, which iswhere we work together, a
financial and risk advisory firm.
In this role, devin and his teaminvestigated various types of
cyber incidents, including someof the most complex incidents in
the world, and I want to tellyou, listeners, having someone
(01:04):
like this gentleman here to helpyou when you're talking to a
client, you're in good hands.
That's all I can say, and we'lltalk more about that.
So these incident typesincluded ransomware,
corporate-based espionage,nation-state threats, network
and cloud intrusion events andbusiness email compromise we see
a lot of those.
In addition to providing rapidresponse, devin's team also
(01:24):
provided preparedness services,including threat hunting,
executive tabletop exercises,incident response planning and
compromise assessments.
He supported clients of allsizes, from small, medium-sized
businesses to large enterpriseaccounts.
He pays on closely with lawfirms, insurance carriers and
brokers.
So before this, devin was aspecial agent in the FBI from
(01:46):
2018 to 2016.
During his time in the FBI,devin had numerous positions,
including certified digitalforensics examiner, and was
promoted to a supervisoryspecial agent.
So this is a cyber professionalthat's been in the ins and outs
(02:06):
of cybersecurity and again,this is something that a lot of
our listeners want to know iswho are these people?
Who are they behind the picture?
He's been involved in somepretty big investigations
related to cyber, foreigncounterintelligence, national
security and crime,criminal-related network
intrusions, large-scale evidencecollections and multi-agency
(02:27):
incident response.
He coordinated digitalforensics-related field
operations both within the USand in conjunction with foreign
attache offices, and he's got awhole list of credentials that I
it would probably take me allday to read Before we start.
First, welcome to the show.
I have to ask everybody thisquestion your favorite music
genre and if you have amemorable concert experience to
(02:49):
share with our listeners, sowelcome.
Speaker 2 (02:51):
I love it, melissa.
It's an absolute pleasure.
It is hard to follow such anintro.
I think, right there, we'regoing to wrap the podcast, right
, no?
Speaker 1 (02:58):
Yes, sir.
Speaker 2 (02:59):
It's an absolute pleasure to be here and be on
your show.
So your question first, one outof the hopper.
I have a fairly broadappreciation for music and
probably most of your guests saysomething similar, but I enjoy
almost everything from classicalthe country to rock and some
pop here and again.
I will say, when I'm workingand I'm in the office I need to
(03:20):
concentrate.
I'm usually focused oninstrumental, Typically violin,
piano.
Lindsey Stirling is a fanfavorite of mine, all the way
back to her early days, andsomething instrumental, without
any voice For running exerciseprobably not unlike yourself
Anything with a steady beatmotivates, helps me run.
I'm training for a 5K this yearand I'll add that Tron Legacy
(03:41):
had a pretty amusing music trackback in the day and that might
be a type of music that Igravitate towards.
So for concerts, I've certainlyhad an opportunity to attend
quite a few concerts over theyears and most recently I
mentioned Lindsay Shirley.
I've seen her in concert,actually in North Carolina where
I live.
I also most recently saw JellyRoll, which kind of ups it into
(04:01):
the spectrum there for musicaltalent.
You know, if you've ever beento either.
They both put on amazingperformances.
Lindsey is very active on stage.
You know part of her wholeshtick is is dancing and
acrobatics while playing theviolin and not missing a beat.
It's, it's absolutely amazing.
It's a awesome blend of danceand movement and her instrument,
her craft, jelly roll kind of.
(04:23):
On the other end, amazingstamina.
For those of you that do ordon't like his music, his range
is one of the things I thinkthat's most impressive right
Country to rock, to hip hop, torap, all in one show.
It's pretty impressive to seeon stage and in person.
Speaker 1 (04:37):
I love it.
Okay, you said something and Iwant to dig into that before we
start talking about some otherthings.
Okay, Tell me about that.
Speaker 2 (04:45):
Yeah.
So it's a little bit of apersonal goal.
So I have a close group offriends and a couple of them are
very interested in, you know,kind of a longer distance
running.
I ran a lot in kind of duringmy law enforcement career which
is part of my workout regimen.
You know, moving intoconsulting post, you know FBI
life Consulting's very busy,it's kind of a 24-7 life and not
(05:05):
unlike FBI right, we're alwayson when we've got the badge and
the gun.
But it's a little of a differentlife.
It's more like anchored to thecomputer, non-stop, anchored to
the phone.
So taking time out to dosomething outside and unplugging
, decompressing super importantfor life, work balance and
running is part of that for me.
(05:26):
It's very hard to run when thephone and the watches is
constantly alerting me to emailsand texts and clients.
But I try to go into privatemode and turn up the music and
then when I'm running it helpsme kind of clear my brain.
So the 5k is just kind of apersonal goal of mine.
Want to be able to do that.
Haven't quite picked theparticular 5K yet, but there's a
(05:46):
lot of options.
Speaker 1 (05:48):
Okay, well, we're going to go back to that
question about training, someother things here in the middle
of our segment.
But listeners out there, I metthis gentleman back when I
worked at Kroll and his energy,his demeanor, his
professionalism and no questionI had when I started incident
response was never, never done.
Devin took the time to talkwith me, he was very patient and
(06:10):
I learned a lot from him.
It's truly an honor to have youhere, but I think what our
listeners would like to know iswhat is your favorite thing
about incident response and whydid you get into it?
Speaker 2 (06:22):
If you had asked me that question a decade ago, I
probably would have respondedand said the investigation, the
fact finding the trueapplication of forensic science
when you're responding to anincident is my favorite piece of
incident response.
It's still invigorating to findsomething new.
You're working on aninvestigation, you discover a
new technique.
(06:42):
You tie the proverbial stringsbetween a threat actor across
different engagements, but theteams I work with now are
experts in that and in anycareer there's a natural
progression to where you are asyou work through your life.
My current focus now is in therefinement of the incident
response process, thedependability or the
repeatability of our approach asa team, as teams, as a business
(07:06):
, as a global kind of IR team,the way we do our findings, the
way we present our findings.
My focus now is kind of on therefinement and the presentation
layer.
I'm passionate about thedefensibility of instant
response and specifically youcould say that's my favorite
thing.
I'm passionate about when weportray, present, demonstrate
findings, that when we get askedhow do we know that, there's
(07:30):
like an invigorating moment ofexcitement in me and maybe
that's the nerd right.
There's definitely some of that, but there's a passion because
there's a lot of vocations outthere where it's well, I just
know there's a lot of vocationsout there where it is similar to
what we do, which is it'seducation, it's experience, it's
I tested this.
(07:50):
Therefore, I can repeat itright, the repeatability process
, the forensic, the science ofwhat we do, and digital
forensics is in the underpinningof incident response.
Right, incident response issimply responding to an incident
.
So a lot of individuals areincident responders, right,
lawyers are incident responders,claims managers and insurance
carriers they are helpingrespond to an incident, brokers
(08:12):
even.
But what we do on theconsultancy side, or the
investigative side, is themerging of digital forensics
with that right.
So there are so manyindividuals that have entered
the field of DFIR in the pastdecade, and many will continue
to do so, that in the comingyears, as colleges and
universities, they're all addinga growing focus on this DFIR
career path that you know Ienjoy.
(08:34):
My website, even about DFIRcom,has a whole page devoted just
to higher education four-yeardegrees, bachelor's degrees,
master's degrees, even PhDprograms focused on DFIR.
And in your original question,like what's the favorite thing
for me about this response, withall of the advancement of our
craft, of our careers, ofdigital forensics, frankly, even
(08:55):
in the top of headlines evennow.
There was a recent show justreleased on Netflix where there
a cyber attack happens anddigital forensics is mentioned
in that show.
There's a generation ofstudents who are exiting
education with a degree now andthey want that hands-on,
real-world experience.
They need the investigativepiece.
That's my favorite thing aboutInstant Response it's taking
(09:16):
someone who is new to the craft.
They have kind of the science,they have the IT underpinnings.
They need to learn how to bedisciplined.
They need to learn not to beover-reliant on tools and
automations and not rely uponthe easy button, because the
easy button happens naturally.
In our career we see verysimilar things over and over
(09:38):
again and I want to move.
I want to continue helping thatnext generation of examiners
move beyond the easy button andmore to the trust but verify
side of the science of our craft.
So that's what I'm passionateabout.
That's my favorite aspect of IR.
Speaker 1 (09:53):
I love that.
I love that, if we could take astep back, what led you to join
the FBI?
I'm always fascinated by peoplethat serve.
Speaker 2 (10:00):
So I'll get a little emotional with my answer here,
please do I wrote about thisactually in my book.
So if anyone's read my bookDiving In An Instant Responder's
(10:21):
Journey, there's a chapter atthe very.
I owned an IT company and Iknew I didn't want to web design
and IT you know building ofcomputers forever and I was
looking for that kind of thenext thing.
My mother had actually walkedin.
I was wrapping up a particularbuild for a client at the time
and in my office my parents wereable to come see me on a
(10:41):
regular basis and my mom came inand she said I found this
really cool article about a newdegree program at a college
called Champlain ChamplainCollege in Burlington, vermont,
and it was actually authored bya gentleman by the name of Gary
Kessler.
He was leading the digitalforensics program at the time
and he was talking about thiswhole new kind of degree that he
had had launched and Champlainwas certainly one of the leading
(11:03):
colleges had had launched andChamplain was certainly one of
the leading colleges.
The reason why I'm telling youthis story is my mother was very
integral into the next steps,which was me actually getting
into that degree program andchanging my major.
What led as part of that was aninternship.
Something was very exciting wasthere was something called an
honors internship for the FBIand you could apply and if you
(11:26):
were successfully selected,you'd get a background check,
you'd get a clearance and youcould work in one of the
regional computer forensicslaboratories that the FBI
sponsored across the UnitedStates.
There were multiple at the time.
I was fortunate enough to winone of those honors internship
opportunities and I got to spendover a year in that internship
(11:47):
program, first New Jersey RCFLand then in the Atlanta field
office.
All really because my motherfound an article which led me to
digital forensics, which led meto Champlain, which led me to
an awesome opportunity for that.
What followed after was anacceptance and an invitation to
a class at Quantico andultimately the graduation 24 or
(12:10):
so weeks later, an agent of theFBI.
Speaker 1 (12:12):
What an incredible story.
That is just that's fate.
That's definitely fate.
Who would know that?
That would just change yourwhole life trajectory.
I think that's really awesome.
What is a typical day look likefor you?
What that looks like If there'sany routine best practices.
Speaker 2 (12:28):
Yeah, so a typical day for me.
I'm the generation, thankfully,I get to work from home.
And so, you know, in the kindof post COVID era where a lot of
people had to work in offices,you know, post your FBI career,
I've always been able to workfrom home.
So my typical day I joke withpeople that my commute is about
37 footsteps I wake up and doall the normal things everyone
(12:50):
does, you know, put my pants onone leg at a time, but I get my
coffee and I pretty much comestraight up the office and of
course there's family andthere's kids, everything else
that goes with that.
But my typical day is gettingright into it.
I don't really waste time.
My typical day is getting rightinto it.
I don't really waste time.
I jump right into work and Ihave quite a nice home office
set up away from kind of therest of the house, and so I can
(13:11):
kind of really focus.
I don't have a lot of thedistractions.
So normal day in consultingworld is a lot of emails, a lot
of phone calls.
There's some days where I haveanywhere between 15 and 20 phone
calls, where I have anywherebetween 15 and 20 phone calls,
and that's typically acombination of clients, law
firms, insurance, putting a lotof proposals together but also
(13:32):
executing on the work.
I do kind of a range of expertwitness work, advisory work, as
well as actual hands-onforensics still, and interwoven
in there is leading teams.
I'm, you know, in my, in mycurrent role as global head of
DFIR for cyber reason, my focusis on uh, qc processes, but also
(13:53):
relying upon and, frankly,emboldening the teams that I
have to execute because they'reexperts, right.
So a little bit more of the thekind of, you know, working from
the shadows with the teams,because shadows with the teams,
because we have very good peoplethat I get to work with every
day.
But my typical day is kind ofall of those things and then go
to sleep, wake up and rinse andrepeat and do it all over again.
Speaker 1 (14:15):
So that's a lot of activity during the day.
How do you decompress from it?
Because I know I get exhaustedif I'm talking to people all day
or doing Zooms.
Speaker 2 (14:30):
How are you decompressing?
How are you taking care ofyourself?
So I, you know we talked aboutmusic earlier.
I love getting to unplug withconcerts and music, but my real
focus is, you know, once ortwice a year getting a good trip
, not unlike, I'm sure, many ofyour listeners and probably even
yourself.
But there's a spot out west thatI go, and when I had the
opportunity I haven'tunfortunately been the last year
or two because a lot of thingshave happened in my life but for
(14:51):
several years in a row I'vebeen able to go out west and
there's an area that I get tokind of unplug and there's no
cell coverage and it's in themiddle of 24, 25,000 acres and
it's just, you know, proverbial.
God's country is flat, is.
There's not a lot of treesaround, but you can walk all day
and not even hit the edge ofthe property.
(15:12):
For me, and kind of the nonstopdigital, electronic overload of
life with, you know, I've gotsix monitors on my desk and you
know an iPad and this laptop anda phone and a watch it's not on
my desk and you know an iPadand this laptop and a phone and
a watch.
There's times when justunplugging and not even having
the ability to be tempted by adigital connection is really
(15:32):
nice and there's somethingreally peaceful about it.
There's something where it'sjust, it's very, very different.
It gets me out of my element.
So my decompression piece isreally how do I kind of get away
completely where I can't bedistracted by it, and then when
I come back I'm kind of fullyrejuvenated.
So that's kind of my, that's myone guilty pleasure that I
allow myself.
Speaker 1 (15:55):
That's not guilty at all.
That's beautiful.
I know we talked about the 5k.
We're going to jump in a littlebit about that, training and
all that, but are youincorporating any wellness
practices, meaning anymeditation, any walking?
Are you, are you getting outfrom behind those?
Speaker 2 (16:10):
Yes, so I probably have kind of talked a lot about
work, work, work, and maybethat's what the audience is
hearing a little bit here.
I do my best to have a healthylife, work balance.
So, right, I've got fourbeautiful children and
ultimately the family that kindof goes with that right, so part
of my life is focused on a lotof water.
(16:33):
I'll tell you right now,there's nothing better for kind
of the body than balancing whatgoes in it.
That's a big piece of it.
But from a standpoint ofunplugging and having time on
the weekend where I don't haveto be on, yes, sunday is a big
day for me, right, and that's abig focus of that when I I'll
give you one more piece.
(16:53):
When I travel and I had almost90, I think I had 96 flights
last year it was a very busyyear.
Every time I'm on a plane, Itry my best not to work on the
plane.
There's times when I have toright, there's times I have to
get on the internet, I have toget proposals or emails out.
When I'm on a plane, I actuallyhave shows downloaded on my
iPad and I just disconnect alittle bit.
(17:16):
That's, that's a for me.
That's a little bit of awellness practice because I can
kind of I can watch catch up onsome new show.
I can catch up on somethingthat's different, because I
don't do that during the normalweek, like I don't typically get
to watch shows in the eveningand really done on the weekends.
My my time to finally catch upon some new show that everyone's
(17:40):
talking about is on a flightwhere I have an hour of respite
and I don't want to talk toanyone around me.
Anyways, right, put the AirPodsin, put the noise canceling on
and then escape and do a coupleepisodes of a show, and I may
not even get to watch that showfor another couple of weeks till
the next flight.
But that's kind of my.
That's my balance.
Speaker 1 (17:56):
Now I'm curious to see what shows are you
downloading and watching?
Any of these cool series likeParadise, anything like that?
Speaker 2 (18:01):
Oh, mercy.
Well, I certainly I imagine I'mprobably like much of your
audience, watching Severance andvery much that.
That is an awesome show.
I've definitely caught up onPrime Target a little bit is an
awesome show.
I've definitely caught up onPrime Target a little bit, which
is also a show on Apple Plus,and it's kind of interesting.
It's all about prime numbersand a little bit nerdy but very
(18:22):
interesting show.
There was another show and it'sescaping me, It'll come to me in
a minute but there was anothershow that is, oh, it's called
the Silo.
I knew it would come to me.
Also very, very interestingshow.
I've enjoyed that.
And probably the last one I'llshare is a show called Dark
Matter.
It's about a gentleman thatfigures out how to move between
(18:42):
the multiverse, which not of theMarvel fame, but of a very
interesting way that he showshow to move between versions or
parallel universes, but in anon-nerdy way.
It's actually.
It's almost, I would argue, alittle bit believable.
It's a very realistic kind ofshow and the last season was
quite an interesting seasonfinale.
So, yes, definitely try tocatch up with some of those when
(19:04):
I can.
Speaker 1 (19:04):
That's cool.
Yeah, I could probably haveanother episode where we talk
about dark matter.
I'm into that stuff as well.
It's like I don't know if it'sthe field of being in cyber, but
you're always looking to learnmore and push the envelope when
it comes to things like that.
Yeah, that's really cool.
Speaker 2 (19:20):
Yeah, exactly.
Speaker 1 (19:21):
Okay, so when you're traveling, if we see you on the
plane, you got your AirPods in.
We're not talking right.
Speaker 2 (19:27):
That is you know what .
I'll never ignore someone toorudely, but I actually have one
funny experience I'll share verybriefly.
No, go ahead too rudely, but Iactually have one funny
experience I'll share verybriefly.
I was on a flight it was crosscountry I was heading out for a
speaking engagement and anelderly individual who, it was
very obvious, was veryuncomfortable flying was very
(19:47):
nervous.
It was just.
It was very obvious to methey're very nervous.
They sat to my right at thewindow and, ironically, as I
found out during thisconversation, they were
petrified of heights and I'mlike, oh mercy, we should switch
.
But the reason why I'm tellingthis story is there are times,
most assuredly, where I'm kindof aware of my surroundings and
I could tell this individualthis was not going to be a
(20:07):
flight where I could just kindof disappear into my own world.
I ended up having a really funconversation with the individual
and I think it helped distractthem a little bit.
But they were, you could justkind of tell they were very,
very nervous.
It was definitely someone of alittle bit of an older
generation and they were bythemselves, no one was traveling
with them, and I definitely hadfun talking with them on the
(20:27):
flight.
I got to kind of learn abouttheir life.
It was a very long flight.
At some point you get a littleworn out of talking about
stories and listening andsmiling, but it was still good.
I think they needed it, I thinkit was a good distraction for
them and they did not go tosleep or read a book the entire
flight, so I was theirentertainment, but it was still
a.
It was an enjoyable time.
Speaker 1 (20:48):
You're such an awesome human being for that.
I love that, because I wouldhave done the same.
It's like like if I seesomebody that's kind of
struggling, I'm definitely goingto be there to help.
I love that you shared thatstory.
When you aren't traveling, oreven if you are traveling, how's
your nutrition?
How's your sleep?
Speaker 2 (21:04):
Yeah, I.
So I will tell you right now Iprobably do not drink or eat as
well as I should, and I thinkprobably most people would say
the same, unless you're acomplete gym and health nut,
which again I say that lovingly,people that take care of
themselves I have extremeadmiration for I wish I had the
time.
It's also extremely expensive,right In this day and age just
to eat right Water.
(21:27):
I mentioned that earlier.
Like I'm a huge proponent ofmaking sure, like I don't think
a lot of us drink enough ofwater.
It is in a balance that ourkind of our body needs, and when
you don't, you have a lot ofhealth concerns, so I'm a huge
proponent of that.
I have a large, I have an Amazonsubscribe and save order that
regularly is sending me thatkind of stuff.
But on the fun side and somepeople may cringe at this I
(21:50):
enjoy Celsius drinks but there'sa lot of caffeine in those and
so I try to limit myself.
But that's also kind of my,that's my, that's my one guilty
pleasure.
On the nutrition side, look, I,I definitely try to make sure
the vegetables and the fruits.
You know I almost sound likeI'm I'm admitting something to
my mother here a little bit,right, melissa?
Please don't.
Please don't tell me I can'thave another donut, but I
(22:10):
definitely try to make sure Itypically do skip breakfast.
It's usually one of the meals Iskip every day, so I definitely
rely upon the lunch, and then Itry to make sure I have a
pretty healthy dinner.
So I'm not necessarily the bestexample of healthy food life
balance, but I do try to pacemyself.
Speaker 1 (22:30):
Okay, so we got a few things to work on here.
I pace myself Interesting.
Okay, so we got a few things towork on here.
The sustainability of wellnessyou know you mentioned earlier
that you have a team that youlead and whatnot Do you ever
talk to them about?
Hey, you know what you need totake a break.
How does that play into yourleadership and wellness?
Speaker 2 (22:50):
Yeah, no, it's a good question.
So I hope all the team membersor employees that I get to work
with and work with wouldhopefully say the same thing,
and it's that I always haveadvocated for family first when
I've got employees, when I'vegot team members that need to
take a break or they're burningthem in the midnight oil because
(23:10):
of some new engagement.
We were, I think, a lot of usthat are a personality and
driven to accomplish these typesof investigations and do
incident response.
We're wired a little bitdifferently, right, we like go,
go, going.
We like helping a client duringa victim of a cyber attack.
It's how we're wired.
But any person will hit a wallat some point.
(23:34):
We all have different lengthsthat we can go before we hit
that wall.
Some people hit it after acouple of days of nonstop.
Some people don't hit it untila couple of months, and I've
worked with a lot of differentpersonalities.
So to your question, I verymuch try to keep fingers on the
pulse of all of my team membersand watch the ones that I know
(23:55):
are very driven, very dedicated,always on, and I do try to make
sure they are taking time forthemselves A little bit of.
It's a balance.
We're all big boys, big girls,professionally, proverbially
speaking.
We're adults.
I trust our people to make gooddecisions, but I do advocate
for them.
One kind of example that comesto mind I've had, and we all
(24:16):
have had, right, we've all hadsituations in our lives where
our family members need us andwe need to unplug.
And there will be times when Iget that text message or that
phone call hey, I've got X, y, zand I've never, ever once, done
anything other than I've gotyou.
You need to focus on that and Idon't really care what's on
your plate.
We will figure it out becausewe will right, if we can figure
(24:39):
out how a nation state threatactor stayed in a client's
network for six monthsundetected, I'm pretty sure we
can handle someone's workloadwhile they go take care of a
family member or take care ofsomething that matters, right.
So it's all about perspective,and I'll take that one step
further.
A lot of us that, and maybe someof your listeners that, have
worked in law enforcement orhave worked in military careers.
(25:03):
There's a different.
I think there's perspectivewhen you exit law enforcement
and you look at what the privatesector views as emergency, and
I think that can really help ina positive way, that perspective
, because there are times,there's times in my consulting
career where I've been in ameeting room and someone's
having a meltdown and it's theirworst day, and I'm looking at
(25:25):
the situation, I understand whyit's important to them, why it's
so major.
But I'm looking, I look at itfrom a kind of a different
perspective of I've gotten acall at two o'clock because a
child's been kidnapped and weneed to go find the child.
I've gotten the call on aweekend when I'm sitting down to
dinner or at church with myfamily and it's hey, we've just
(25:45):
had a bomb threat called in andas FBI you go and that's the job
you do, like there'sperspective to what are real
major events that really needkind of the adrenaline rush or
the this is something we need tofocus on kind of response.
And then there's life, and thenthere's work.
Life, right, I think perspectiveis a big thing here, that there
(26:08):
are times when what is big tosomeone, it's important to them,
right, I'm not advocating forminimization of it or acting
like it's not important, butthere's that perspective that
comes with having worked withreally traumatic experiences and
events.
And then when other thingshappen in life.
Even in, like, in consulting, Ithink I have an appreciation
(26:30):
for what really is a big eventand what really needs to have
all hands on deck.
You know, kind of five alarm,fire, sure, and what things.
It's like we got this, we candeal with this, this is just
another day, and that kind ofslowing down, calming down,
pacing oneself.
It comes with time, it comeswith wisdom, if you want to call
(26:50):
it that.
It comes with experience and.
And a lot of people I get towork with, I think, thankfully
have that kind of perspective.
So when you surround yourselfwith individuals who are less
likely to be alarmist, itequally calms.
On the inverse, it calms medown, and that's.
I really rely upon my team justas much, as I hope they equally
rely upon me as well.
Speaker 1 (27:11):
I would say you and I know a lot of the same people
in incident response and youdefinitely exemplify leadership
people and incident response andyou definitely exemplify
leadership and other people Ihave known in this industry.
They have this grace underpressure and everything that you
stated.
You're so calming, you're soyou know.
It's like the house could beburning down, but I've got Devin
over here.
That's like you know what.
(27:31):
We're going to fix it, we'regoing to take care of it and I
think that's what we need to seein leadership.
I don't care if it's cyber orconsulting or manufacturing.
That's the kind of leadershipwe need, agreed.
What advice would you give tosomeone that's listening we have
listeners all over the worldnow, which I'm happy about, and
somebody may be going.
You know what I really want tocheck this out as a career.
(27:52):
What advice would you give tosomeone that's contemplating
doing incident response?
Speaker 2 (27:57):
advice would you give to someone that's contemplating
doing incident response?
Ooh, good question Getting intoa career of incident response,
getting into a career, you know,digital forensics or DFIR is
certainly not something to takelightly.
One of the interesting thingsis I've seen I've seen a kind of
younger generation that wantsone to get into incident
response because, you know,maybe they've read an article,
it pays well or it's kind of aguaranteed job because there's a
(28:19):
lot of opportunities to behired still in this craft, in
this industry, because there'sso many more jobs than there are
qualified individuals to fillthose jobs.
Instant response, with someexceptions, it's kind of an
always-on role, especially inthe consultancy life.
Now, look, there's a lot ofcompanies you can go to work for
(28:39):
that you're in-house IR andoutside of an actual
all-hand-on-deck incident you'reprobably working kind of the
normal 8 to 5, 9 to 5 job and Iget that In consulting.
Again, my perspective, becausethat's what I've done in my
prior place, post-fbi, and mycurrent place, cyber Reason, we
(29:01):
sometimes go for 10, 14, 21 daysat a time because that's just
the nature of incident response.
There will be a major incidentand it will have a domino effect
across different industryverticals, different clients and
we're looked at humbly as theexperts in that right and
there's a lot of vendors that dowhat we do.
So I'm not just saying it'sjust us, but we are looked at as
that.
So we get the phone calls, weget the engagements.
(29:22):
The thing that I would tellthose wanting to get instant
response is be prepared to notnecessarily have a normal nine
to five life.
Okay, if you want that, it'sjust be careful of who then you
work for, because if you're inthe consultancy world or the law
enforcement world, you willhave the kind of.
You'll have a lot more of thefive alarm hair on fire days
(29:44):
than not, because that's justthe nature of it.
We're responding to incidentsand instant response right.
So and if you're not respondingto incidents, you're probably
really bored and you're probablynot getting to practice your
trade and your craft.
So that's the one big thing Iwould say advice I'd give
someone entering IR.
Now that's kind of the hey.
Just be prepared for whatyou're going to get into.
Maybe the more the grass isgreen on the other side, be
(30:10):
prepared to learn non-stop.
Digital forensics and responseis truly a scientific field that
is not only evolving.
Every single investigation Ihave done in the 15 to 20 years
of doing this type of work,right From the FBI to private
(30:30):
sector and I would imagine manyof your listeners would agree
with this.
Many people that I work withwould agree with this.
Every single investigation ifyou're not learning something,
you're not paying attention.
This is not like a lot ofindustries were like I went to
school, I learned how to do thething, I got the paper and now I
do that for the next 30 yearsbefore I retire and there's no
real more learning.
(30:50):
Every case we do, there's a newtype of code, there's a new
type of malware, there's a newtechnique, there is something
that ties the strings together,that ties this organized crime
group or this e-crime group tothis other intrusion, and you
didn't know who the director was.
It's a constant, ever-expandingweb.
(31:11):
That goes back to an earlierquestion of what am I passionate
about?
What do I enjoy?
A little bit of the advice thatI would give to those wanting to
come into IR is be ready toconstantly be learning.
There are days I go to bedexhausted because it's like I
woke up thinking one thing youknow, I had a calendar of this
(31:32):
and we got really nitty grittyinto an investigation and all of
a sudden it's like and we gotreally nitty gritty into an
investigation and all of asudden it's like it's a domino
effect of learning and thentrusting the verification.
It's testing and repeatability.
We see this, but is that trulywhat that forensic artifact
means?
Let's go set up a test instance, let's recreate this and,
before you know it, the day'syou know you're at nine o'clock
at night.
(31:53):
So that's kind of the lastpiece of advice I would give is
be prepared to learn, be excitedto learn.
You need to be passionate aboutthat in this industry, because
there will be days where youwill automatically just be
drowning in new information andyou'll be talking to someone
who's been doing this for maybeanother 10 years older than I
(32:14):
have been doing it, and they'llprobably tell you the same thing
.
Be prepared to learn, becauseevery day is a new experience.
Speaker 1 (32:21):
Well, you want to be mindful of your time, but I have
two more questions.
Are you seeing an uptake inbreaches?
And it was just dead.
So are you seeing an uptake inbreaches?
Speaker 2 (32:38):
And is there anything unique?
Because you say that you knowit's a constant thing.
New things are coming up.
What are you seeing today?
Yeah, so the threat actorlandscape, to kind of ask you
your question, threat actorlandscape has evolved, but it is
also, honestly, continued toincrease.
So threat actor landscape isbroken into a couple of
categories Organized need crimeI mentioned that a minute ago
and those are typicallyfinancially motivated threat
actors.
There is no end in sight forfinancially motivated threat
(33:00):
actors who want to steal ormisappropriate money that
someone else has owned or,excuse me, so threat actors that
are looking to get into abusiness email account,
compromise and reroute aninvoice.
That's not going away anytimesoon.
Ransomware threat actors right,it's for those.
You know they're kind of not inthis industry, not in the
cybersecurity industry.
They're your listeners.
(33:20):
You know ransomware eventswhere a threat actor breaks into
a network, breaks into sometype of data storage environment
, whether it's online or insideof an on-prem network.
Their goal as ransomware is toencrypt your data.
Well, steal some data, encryptthe data they leave behind and
then do something we call doubleextortion where they're hey,
(33:41):
pay me to decrypt it, I'll giveyou the key.
You don't want to pay mebecause maybe you have backups.
Well, I'm going to extort youbecause I've stole this data and
you really don't want me toshow this to the world.
Right?
That whole double extortioncrime.
There's a financial incentivefor a bad guy potentially living
in a third world country whodoesn't have, maybe, good income
opportunities, or maybe they doand they just want to be a
(34:03):
criminal.
There's a financial incentiveto try to make hundreds and
hundreds of thousands of USdollars, or millions of US
dollars, by hacking.
Right, it's the dark side ofthe black hat, white hat
argument with hackers.
So that's organized crime.
And then you've got nationstate.
You've got these advanced,persistent threat actor groups,
the nation state threat actorsthat are stealing research and
(34:25):
development, or the advancementof some type of military
apparatus, intelligencecollection requirement of a host
nation, of a host government.
There is no end in sight forthat.
Every single government wantsto figure out what some other
government is doing and they'regoing to leverage cyber in this
day and age for that.
We're seeing that even rightnow in world conflicts.
We saw that months ago with thepager gate incident I think I
(34:50):
have that name right where allthe pagers exploded in the
Middle East and all of thatincident that happened.
It was the end step of acyber-related attack and a
supply chain attack.
We are living in this kind ofworld where all of these threat
actor groups it is so mucheasier to sit behind a keyboard
than it is to you knowpotentially walk into another
(35:10):
country and do things hands-on.
So cyber to your originalquestion has absolutely
continued to expand.
It is very busy and I thinkthat's also a testament to all
of those that have come intothis career path, that are now
graduating college.
They're entering the job sceneand they're getting jobs because
the skills that we have asinvestigators we don't respond
(35:33):
to incidents, understand logs,understand artifacts.
Respond to incidents,understand logs, understand
artifacts, putting timelinestogether.
It's a necessary skill, right.
So there is no small amount ofor lack of work at all in our
industry and there's a lot ofvendors that have entered the
space.
A lot of people have enteredthe employment market and
they're all very busy.
Speaker 1 (35:52):
Wow, that's fascinating.
I would love to ask more as wewrap up here all the busy and
amazing work that you're doingand continue to do.
Are there any professional orpersonal goals you have mapped
out for this year?
Speaker 2 (36:06):
So I came to Cyber Reason middle to end of last
year.
Cyber Reason is about a12-year-old company.
They are largely known, kind ofin, I think, the global sphere
for being an EDR product company.
Speaker 1 (36:20):
Yes.
Speaker 2 (36:21):
Endpoint Detection and Response and they had a
small internal IR team that wasfocused on helping MDR customers
, their Managed Detection andResponse customer base, with
incidents, with flare-ups.
The consulting space, forseveral reasons, as a company,
is new and that's what I'm hereto build.
So when you ask about my goals,I was recruited and hired to
(36:42):
help build the consultingbusiness and we're doing that.
So one of my goals for thisyear is to continue building and
ramping this brand new part ofan established brand, an
established company to build awhole nother vertical within
this brand as cyber-recentconsulting, which, again, did
not really exist before we gothere.
(37:03):
It didn't exist.
And so everything from proactiveservices and advisory and
testing and off-site, but mybread and butter, which is the
reactive side, the responsive,responding to an incident type
consulting services and buildingthe teams, hiring the right
people that can do that anddoing that globally right, even
though I sit here in the US, Ihave my eye on Canada and Europe
(37:25):
and Asia Pacific market and wehave a team in Japan.
So that's my both business butalso personal goal is being
successful.
In that I want to.
I've invested a lot of time andenergy and I'm working with an
amazing group of team membersthat I've gotten to work with
for many years and we're heretogether to do this and build
this and do it right and takecare of our customers.
Speaker 1 (37:48):
Well, there's no doubt, with you and some of
those amazing people, thatyou're going to be ultra
successful, and I'm so glad thatyou stopped by to take us a
little bit deeper into what'sgoing on in the world.
I really thank you for yourtime today.
Speaker 2 (38:03):
It's been my absolute pleasure.
I would love to do this again.
Speaker 1 (38:07):
We definitely will.
We definitely will.
I just want to say real quickthanks to the listeners that are
subscribed from Belgium, india,austria, australia.
Thank you very much for tuninginto the show.
Please remember to subscribe toour podcasts on various
platforms, including Apple,spotify, iheartradio and many
more.
Thank you for tuning in andtake care.
Hello and welcome back to another episode of the
Tech Exec Wellness Podcast.
This is your host, melissaSanford, continuing on with our
professionals and incidentresponse.
I am super stoked for thisguest.
I did not put it out on any ofour socials because I wanted
this to be a surprise, because Iknow this person, I worked with
him and I certainly look up tohim.
(00:21):
I'm so delighted Drum roll.
Today we have Devin Ackerman.
He is the Global Head ofDigital Forensics and Incident
Response DFIR at Cyber Reason,based in Raleigh, north Carolina
.
Devin leverages over 15 yearsof experience in cybersecurity,
focused on digital forensics andincident response.
Throughout his career, he'sbuilt and managed large-scale
(00:42):
global incident response teamswho've handled over 3,000
engagements annually.
So prior to joining CyberReason, devin led the global
DFIR team at Kroll, which iswhere we work together, a
financial and risk advisory firm.
In this role, devin and his teaminvestigated various types of
cyber incidents, including someof the most complex incidents in
the world, and I want to tellyou, listeners, having someone
(01:04):
like this gentleman here to helpyou when you're talking to a
client, you're in good hands.
That's all I can say, and we'lltalk more about that.
So these incident typesincluded ransomware,
corporate-based espionage,nation-state threats, network
and cloud intrusion events andbusiness email compromise we see
a lot of those.
In addition to providing rapidresponse, devin's team also
(01:24):
provided preparedness services,including threat hunting,
executive tabletop exercises,incident response planning and
compromise assessments.
He supported clients of allsizes, from small, medium-sized
businesses to large enterpriseaccounts.
He pays on closely with lawfirms, insurance carriers and
brokers.
So before this, devin was aspecial agent in the FBI from
(01:46):
2018 to 2016.
During his time in the FBI,devin had numerous positions,
including certified digitalforensics examiner, and was
promoted to a supervisoryspecial agent.
So this is a cyber professionalthat's been in the ins and outs
(02:06):
of cybersecurity and again,this is something that a lot of
our listeners want to know iswho are these people?
Who are they behind the picture?
He's been involved in somepretty big investigations
related to cyber, foreigncounterintelligence, national
security and crime,criminal-related network
intrusions, large-scale evidencecollections and multi-agency
(02:27):
incident response.
He coordinated digitalforensics-related field
operations both within the USand in conjunction with foreign
attache offices, and he's got awhole list of credentials that I
it would probably take me allday to read Before we start.
First, welcome to the show.
I have to ask everybody thisquestion your favorite music
genre and if you have amemorable concert experience to
(02:49):
share with our listeners, sowelcome.
Speaker 2 (02:51):
I love it, melissa.
It's an absolute pleasure.
It is hard to follow such anintro.
I think, right there, we'regoing to wrap the podcast, right
, no?
Speaker 1 (02:58):
Yes, sir.
Speaker 2 (02:59):
It's an absolute pleasure to be here and be on
your show.
So your question first, one outof the hopper.
I have a fairly broadappreciation for music and
probably most of your guests saysomething similar, but I enjoy
almost everything from classicalthe country to rock and some
pop here and again.
I will say, when I'm workingand I'm in the office I need to
(03:20):
concentrate.
I'm usually focused oninstrumental, Typically violin,
piano.
Lindsey Stirling is a fanfavorite of mine, all the way
back to her early days, andsomething instrumental, without
any voice For running exerciseprobably not unlike yourself
Anything with a steady beatmotivates, helps me run.
I'm training for a 5K this yearand I'll add that Tron Legacy
(03:41):
had a pretty amusing music trackback in the day and that might
be a type of music that Igravitate towards.
So for concerts, I've certainlyhad an opportunity to attend
quite a few concerts over theyears and most recently I
mentioned Lindsay Shirley.
I've seen her in concert,actually in North Carolina where
I live.
I also most recently saw JellyRoll, which kind of ups it into
(04:01):
the spectrum there for musicaltalent.
You know, if you've ever beento either.
They both put on amazingperformances.
Lindsey is very active on stage.
You know part of her wholeshtick is is dancing and
acrobatics while playing theviolin and not missing a beat.
It's, it's absolutely amazing.
It's a awesome blend of danceand movement and her instrument,
her craft, jelly roll kind of.
(04:23):
On the other end, amazingstamina.
For those of you that do ordon't like his music, his range
is one of the things I thinkthat's most impressive right
Country to rock, to hip hop, torap, all in one show.
It's pretty impressive to seeon stage and in person.
Speaker 1 (04:37):
I love it.
Okay, you said something and Iwant to dig into that before we
start talking about some otherthings.
Okay, Tell me about that.
Speaker 2 (04:45):
Yeah.
So it's a little bit of apersonal goal.
So I have a close group offriends and a couple of them are
very interested in, you know,kind of a longer distance
running.
I ran a lot in kind of duringmy law enforcement career which
is part of my workout regimen.
You know, moving intoconsulting post, you know FBI
life Consulting's very busy,it's kind of a 24-7 life and not
(05:05):
unlike FBI right, we're alwayson when we've got the badge and
the gun.
But it's a little of a differentlife.
It's more like anchored to thecomputer, non-stop, anchored to
the phone.
So taking time out to dosomething outside and unplugging
, decompressing super importantfor life, work balance and
running is part of that for me.
(05:26):
It's very hard to run when thephone and the watches is
constantly alerting me to emailsand texts and clients.
But I try to go into privatemode and turn up the music and
then when I'm running it helpsme kind of clear my brain.
So the 5k is just kind of apersonal goal of mine.
Want to be able to do that.
Haven't quite picked theparticular 5K yet, but there's a
(05:46):
lot of options.
Speaker 1 (05:48):
Okay, well, we're going to go back to that
question about training, someother things here in the middle
of our segment.
But listeners out there, I metthis gentleman back when I
worked at Kroll and his energy,his demeanor, his
professionalism and no questionI had when I started incident
response was never, never done.
Devin took the time to talkwith me, he was very patient and
(06:10):
I learned a lot from him.
It's truly an honor to have youhere, but I think what our
listeners would like to know iswhat is your favorite thing
about incident response and whydid you get into it?
Speaker 2 (06:22):
If you had asked me that question a decade ago, I
probably would have respondedand said the investigation, the
fact finding the trueapplication of forensic science
when you're responding to anincident is my favorite piece of
incident response.
It's still invigorating to findsomething new.
You're working on aninvestigation, you discover a
new technique.
(06:42):
You tie the proverbial stringsbetween a threat actor across
different engagements, but theteams I work with now are
experts in that and in anycareer there's a natural
progression to where you are asyou work through your life.
My current focus now is in therefinement of the incident
response process, thedependability or the
repeatability of our approach asa team, as teams, as a business
(07:06):
, as a global kind of IR team,the way we do our findings, the
way we present our findings.
My focus now is kind of on therefinement and the presentation
layer.
I'm passionate about thedefensibility of instant
response and specifically youcould say that's my favorite
thing.
I'm passionate about when weportray, present, demonstrate
findings, that when we get askedhow do we know that, there's
(07:30):
like an invigorating moment ofexcitement in me and maybe
that's the nerd right.
There's definitely some of that, but there's a passion because
there's a lot of vocations outthere where it's well, I just
know there's a lot of vocationsout there where it is similar to
what we do, which is it'seducation, it's experience, it's
I tested this.
(07:50):
Therefore, I can repeat itright, the repeatability process
, the forensic, the science ofwhat we do, and digital
forensics is in the underpinningof incident response.
Right, incident response issimply responding to an incident
.
So a lot of individuals areincident responders, right,
lawyers are incident responders,claims managers and insurance
carriers they are helpingrespond to an incident, brokers
(08:12):
even.
But what we do on theconsultancy side, or the
investigative side, is themerging of digital forensics
with that right.
So there are so manyindividuals that have entered
the field of DFIR in the pastdecade, and many will continue
to do so, that in the comingyears, as colleges and
universities, they're all addinga growing focus on this DFIR
career path that you know Ienjoy.
(08:34):
My website, even about DFIRcom,has a whole page devoted just
to higher education four-yeardegrees, bachelor's degrees,
master's degrees, even PhDprograms focused on DFIR.
And in your original question,like what's the favorite thing
for me about this response, withall of the advancement of our
craft, of our careers, ofdigital forensics, frankly, even
(08:55):
in the top of headlines evennow.
There was a recent show justreleased on Netflix where there
a cyber attack happens anddigital forensics is mentioned
in that show.
There's a generation ofstudents who are exiting
education with a degree now andthey want that hands-on,
real-world experience.
They need the investigativepiece.
That's my favorite thing aboutInstant Response it's taking
(09:16):
someone who is new to the craft.
They have kind of the science,they have the IT underpinnings.
They need to learn how to bedisciplined.
They need to learn not to beover-reliant on tools and
automations and not rely uponthe easy button, because the
easy button happens naturally.
In our career we see verysimilar things over and over
(09:38):
again and I want to move.
I want to continue helping thatnext generation of examiners
move beyond the easy button andmore to the trust but verify
side of the science of our craft.
So that's what I'm passionateabout.
That's my favorite aspect of IR.
Speaker 1 (09:53):
I love that.
I love that, if we could take astep back, what led you to join
the FBI?
I'm always fascinated by peoplethat serve.
Speaker 2 (10:00):
So I'll get a little emotional with my answer here,
please do I wrote about thisactually in my book.
So if anyone's read my bookDiving In An Instant Responder's
(10:21):
Journey, there's a chapter atthe very.
I owned an IT company and Iknew I didn't want to web design
and IT you know building ofcomputers forever and I was
looking for that kind of thenext thing.
My mother had actually walkedin.
I was wrapping up a particularbuild for a client at the time
and in my office my parents wereable to come see me on a
(10:41):
regular basis and my mom came inand she said I found this
really cool article about a newdegree program at a college
called Champlain ChamplainCollege in Burlington, vermont,
and it was actually authored bya gentleman by the name of Gary
Kessler.
He was leading the digitalforensics program at the time
and he was talking about thiswhole new kind of degree that he
had had launched and Champlainwas certainly one of the leading
(11:03):
colleges had had launched andChamplain was certainly one of
the leading colleges.
The reason why I'm telling youthis story is my mother was very
integral into the next steps,which was me actually getting
into that degree program andchanging my major.
What led as part of that was aninternship.
Something was very exciting wasthere was something called an
honors internship for the FBIand you could apply and if you
(11:26):
were successfully selected,you'd get a background check,
you'd get a clearance and youcould work in one of the
regional computer forensicslaboratories that the FBI
sponsored across the UnitedStates.
There were multiple at the time.
I was fortunate enough to winone of those honors internship
opportunities and I got to spendover a year in that internship
(11:47):
program, first New Jersey RCFLand then in the Atlanta field
office.
All really because my motherfound an article which led me to
digital forensics, which led meto Champlain, which led me to
an awesome opportunity for that.
What followed after was anacceptance and an invitation to
a class at Quantico andultimately the graduation 24 or
(12:10):
so weeks later, an agent of theFBI.
Speaker 1 (12:12):
What an incredible story.
That is just that's fate.
That's definitely fate.
Who would know that?
That would just change yourwhole life trajectory.
I think that's really awesome.
What is a typical day look likefor you?
What that looks like If there'sany routine best practices.
Speaker 2 (12:28):
Yeah, so a typical day for me.
I'm the generation, thankfully,I get to work from home.
And so, you know, in the kindof post COVID era where a lot of
people had to work in offices,you know, post your FBI career,
I've always been able to workfrom home.
So my typical day I joke withpeople that my commute is about
37 footsteps I wake up and doall the normal things everyone
(12:50):
does, you know, put my pants onone leg at a time, but I get my
coffee and I pretty much comestraight up the office and of
course there's family andthere's kids, everything else
that goes with that.
But my typical day is gettingright into it.
I don't really waste time.
My typical day is getting rightinto it.
I don't really waste time.
I jump right into work and Ihave quite a nice home office
set up away from kind of therest of the house, and so I can
(13:11):
kind of really focus.
I don't have a lot of thedistractions.
So normal day in consultingworld is a lot of emails, a lot
of phone calls.
There's some days where I haveanywhere between 15 and 20 phone
calls, where I have anywherebetween 15 and 20 phone calls,
and that's typically acombination of clients, law
firms, insurance, putting a lotof proposals together but also
(13:32):
executing on the work.
I do kind of a range of expertwitness work, advisory work, as
well as actual hands-onforensics still, and interwoven
in there is leading teams.
I'm, you know, in my, in mycurrent role as global head of
DFIR for cyber reason, my focusis on uh, qc processes, but also
(13:53):
relying upon and, frankly,emboldening the teams that I
have to execute because they'reexperts, right.
So a little bit more of the thekind of, you know, working from
the shadows with the teams,because shadows with the teams,
because we have very good peoplethat I get to work with every
day.
But my typical day is kind ofall of those things and then go
to sleep, wake up and rinse andrepeat and do it all over again.
Speaker 1 (14:15):
So that's a lot of activity during the day.
How do you decompress from it?
Because I know I get exhaustedif I'm talking to people all day
or doing Zooms.
Speaker 2 (14:30):
How are you decompressing?
How are you taking care ofyourself?
So I, you know we talked aboutmusic earlier.
I love getting to unplug withconcerts and music, but my real
focus is, you know, once ortwice a year getting a good trip
, not unlike, I'm sure, many ofyour listeners and probably even
yourself.
But there's a spot out west thatI go, and when I had the
opportunity I haven'tunfortunately been the last year
or two because a lot of thingshave happened in my life but for
(14:51):
several years in a row I'vebeen able to go out west and
there's an area that I get tokind of unplug and there's no
cell coverage and it's in themiddle of 24, 25,000 acres and
it's just, you know, proverbial.
God's country is flat, is.
There's not a lot of treesaround, but you can walk all day
and not even hit the edge ofthe property.
(15:12):
For me, and kind of the nonstopdigital, electronic overload of
life with, you know, I've gotsix monitors on my desk and you
know an iPad and this laptop anda phone and a watch it's not on
my desk and you know an iPadand this laptop and a phone and
a watch.
There's times when justunplugging and not even having
the ability to be tempted by adigital connection is really
(15:32):
nice and there's somethingreally peaceful about it.
There's something where it'sjust, it's very, very different.
It gets me out of my element.
So my decompression piece isreally how do I kind of get away
completely where I can't bedistracted by it, and then when
I come back I'm kind of fullyrejuvenated.
So that's kind of my, that's myone guilty pleasure that I
allow myself.
Speaker 1 (15:55):
That's not guilty at all.
That's beautiful.
I know we talked about the 5k.
We're going to jump in a littlebit about that, training and
all that, but are youincorporating any wellness
practices, meaning anymeditation, any walking?
Are you, are you getting outfrom behind those?
Speaker 2 (16:10):
Yes, so I probably have kind of talked a lot about
work, work, work, and maybethat's what the audience is
hearing a little bit here.
I do my best to have a healthylife, work balance.
So, right, I've got fourbeautiful children and
ultimately the family that kindof goes with that right, so part
of my life is focused on a lotof water.
(16:33):
I'll tell you right now,there's nothing better for kind
of the body than balancing whatgoes in it.
That's a big piece of it.
But from a standpoint ofunplugging and having time on
the weekend where I don't haveto be on, yes, sunday is a big
day for me, right, and that's abig focus of that when I I'll
give you one more piece.
(16:53):
When I travel and I had almost90, I think I had 96 flights
last year it was a very busyyear.
Every time I'm on a plane, Itry my best not to work on the
plane.
There's times when I have toright, there's times I have to
get on the internet, I have toget proposals or emails out.
When I'm on a plane, I actuallyhave shows downloaded on my
iPad and I just disconnect alittle bit.
(17:16):
That's, that's a for me.
That's a little bit of awellness practice because I can
kind of I can watch catch up onsome new show.
I can catch up on somethingthat's different, because I
don't do that during the normalweek, like I don't typically get
to watch shows in the eveningand really done on the weekends.
My my time to finally catch upon some new show that everyone's
(17:40):
talking about is on a flightwhere I have an hour of respite
and I don't want to talk toanyone around me.
Anyways, right, put the AirPodsin, put the noise canceling on
and then escape and do a coupleepisodes of a show, and I may
not even get to watch that showfor another couple of weeks till
the next flight.
But that's kind of my.
That's my balance.
Speaker 1 (17:56):
Now I'm curious to see what shows are you
downloading and watching?
Any of these cool series likeParadise, anything like that?
Speaker 2 (18:01):
Oh, mercy.
Well, I certainly I imagine I'mprobably like much of your
audience, watching Severance andvery much that.
That is an awesome show.
I've definitely caught up onPrime Target a little bit is an
awesome show.
I've definitely caught up onPrime Target a little bit, which
is also a show on Apple Plus,and it's kind of interesting.
It's all about prime numbersand a little bit nerdy but very
(18:22):
interesting show.
There was another show and it'sescaping me, It'll come to me in
a minute but there was anothershow that is, oh, it's called
the Silo.
I knew it would come to me.
Also very, very interestingshow.
I've enjoyed that.
And probably the last one I'llshare is a show called Dark
Matter.
It's about a gentleman thatfigures out how to move between
(18:42):
the multiverse, which not of theMarvel fame, but of a very
interesting way that he showshow to move between versions or
parallel universes, but in anon-nerdy way.
It's actually.
It's almost, I would argue, alittle bit believable.
It's a very realistic kind ofshow and the last season was
quite an interesting seasonfinale.
So, yes, definitely try tocatch up with some of those when
(19:04):
I can.
Speaker 1 (19:04):
That's cool.
Yeah, I could probably haveanother episode where we talk
about dark matter.
I'm into that stuff as well.
It's like I don't know if it'sthe field of being in cyber, but
you're always looking to learnmore and push the envelope when
it comes to things like that.
Yeah, that's really cool.
Speaker 2 (19:20):
Yeah, exactly.
Speaker 1 (19:21):
Okay, so when you're traveling, if we see you on the
plane, you got your AirPods in.
We're not talking right.
Speaker 2 (19:27):
That is you know what .
I'll never ignore someone toorudely, but I actually have one
funny experience I'll share verybriefly.
No, go ahead too rudely, but Iactually have one funny
experience I'll share verybriefly.
I was on a flight it was crosscountry I was heading out for a
speaking engagement and anelderly individual who, it was
very obvious, was veryuncomfortable flying was very
(19:47):
nervous.
It was just.
It was very obvious to methey're very nervous.
They sat to my right at thewindow and, ironically, as I
found out during thisconversation, they were
petrified of heights and I'mlike, oh mercy, we should switch
.
But the reason why I'm tellingthis story is there are times,
most assuredly, where I'm kindof aware of my surroundings and
I could tell this individualthis was not going to be a
(20:07):
flight where I could just kindof disappear into my own world.
I ended up having a really funconversation with the individual
and I think it helped distractthem a little bit.
But they were, you could justkind of tell they were very,
very nervous.
It was definitely someone of alittle bit of an older
generation and they were bythemselves, no one was traveling
with them, and I definitely hadfun talking with them on the
(20:27):
flight.
I got to kind of learn abouttheir life.
It was a very long flight.
At some point you get a littleworn out of talking about
stories and listening andsmiling, but it was still good.
I think they needed it, I thinkit was a good distraction for
them and they did not go tosleep or read a book the entire
flight, so I was theirentertainment, but it was still
a.
It was an enjoyable time.
Speaker 1 (20:48):
You're such an awesome human being for that.
I love that, because I wouldhave done the same.
It's like like if I seesomebody that's kind of
struggling, I'm definitely goingto be there to help.
I love that you shared thatstory.
When you aren't traveling, oreven if you are traveling, how's
your nutrition?
How's your sleep?
Speaker 2 (21:04):
Yeah, I.
So I will tell you right now Iprobably do not drink or eat as
well as I should, and I thinkprobably most people would say
the same, unless you're acomplete gym and health nut,
which again I say that lovingly,people that take care of
themselves I have extremeadmiration for I wish I had the
time.
It's also extremely expensive,right In this day and age just
to eat right Water.
(21:27):
I mentioned that earlier.
Like I'm a huge proponent ofmaking sure, like I don't think
a lot of us drink enough ofwater.
It is in a balance that ourkind of our body needs, and when
you don't, you have a lot ofhealth concerns, so I'm a huge
proponent of that.
I have a large, I have an Amazonsubscribe and save order that
regularly is sending me thatkind of stuff.
But on the fun side and somepeople may cringe at this I
(21:50):
enjoy Celsius drinks but there'sa lot of caffeine in those and
so I try to limit myself.
But that's also kind of my,that's my, that's my one guilty
pleasure.
On the nutrition side, look, I,I definitely try to make sure
the vegetables and the fruits.
You know I almost sound likeI'm I'm admitting something to
my mother here a little bit,right, melissa?
Please don't.
Please don't tell me I can'thave another donut, but I
(22:10):
definitely try to make sure Itypically do skip breakfast.
It's usually one of the meals Iskip every day, so I definitely
rely upon the lunch, and then Itry to make sure I have a
pretty healthy dinner.
So I'm not necessarily the bestexample of healthy food life
balance, but I do try to pacemyself.
Speaker 1 (22:30):
Okay, so we got a few things to work on here.
I pace myself Interesting.
Okay, so we got a few things towork on here.
The sustainability of wellnessyou know you mentioned earlier
that you have a team that youlead and whatnot Do you ever
talk to them about?
Hey, you know what you need totake a break.
How does that play into yourleadership and wellness?
Speaker 2 (22:50):
Yeah, no, it's a good question.
So I hope all the team membersor employees that I get to work
with and work with wouldhopefully say the same thing,
and it's that I always haveadvocated for family first when
I've got employees, when I'vegot team members that need to
take a break or they're burningthem in the midnight oil because
(23:10):
of some new engagement.
We were, I think, a lot of usthat are a personality and
driven to accomplish these typesof investigations and do
incident response.
We're wired a little bitdifferently, right, we like go,
go, going.
We like helping a client duringa victim of a cyber attack.
It's how we're wired.
But any person will hit a wallat some point.
(23:34):
We all have different lengthsthat we can go before we hit
that wall.
Some people hit it after acouple of days of nonstop.
Some people don't hit it untila couple of months, and I've
worked with a lot of differentpersonalities.
So to your question, I verymuch try to keep fingers on the
pulse of all of my team membersand watch the ones that I know
(23:55):
are very driven, very dedicated,always on, and I do try to make
sure they are taking time forthemselves A little bit of.
It's a balance.
We're all big boys, big girls,professionally, proverbially
speaking.
We're adults.
I trust our people to make gooddecisions, but I do advocate
for them.
One kind of example that comesto mind I've had, and we all
(24:16):
have had, right, we've all hadsituations in our lives where
our family members need us andwe need to unplug.
And there will be times when Iget that text message or that
phone call hey, I've got X, y, zand I've never, ever once, done
anything other than I've gotyou.
You need to focus on that and Idon't really care what's on
your plate.
We will figure it out becausewe will right, if we can figure
(24:39):
out how a nation state threatactor stayed in a client's
network for six monthsundetected, I'm pretty sure we
can handle someone's workloadwhile they go take care of a
family member or take care ofsomething that matters, right.
So it's all about perspective,and I'll take that one step
further.
A lot of us that, and maybe someof your listeners that, have
worked in law enforcement orhave worked in military careers.
(25:03):
There's a different.
I think there's perspectivewhen you exit law enforcement
and you look at what the privatesector views as emergency, and
I think that can really help ina positive way, that perspective
, because there are times,there's times in my consulting
career where I've been in ameeting room and someone's
having a meltdown and it's theirworst day, and I'm looking at
(25:25):
the situation, I understand whyit's important to them, why it's
so major.
But I'm looking, I look at itfrom a kind of a different
perspective of I've gotten acall at two o'clock because a
child's been kidnapped and weneed to go find the child.
I've gotten the call on aweekend when I'm sitting down to
dinner or at church with myfamily and it's hey, we've just
(25:45):
had a bomb threat called in andas FBI you go and that's the job
you do, like there'sperspective to what are real
major events that really needkind of the adrenaline rush or
the this is something we need tofocus on kind of response.
And then there's life, and thenthere's work.
Life, right, I think perspectiveis a big thing here, that there
(26:08):
are times when what is big tosomeone, it's important to them,
right, I'm not advocating forminimization of it or acting
like it's not important, butthere's that perspective that
comes with having worked withreally traumatic experiences and
events.
And then when other thingshappen in life.
Even in, like, in consulting, Ithink I have an appreciation
(26:30):
for what really is a big eventand what really needs to have
all hands on deck.
You know, kind of five alarm,fire, sure, and what things.
It's like we got this, we candeal with this, this is just
another day, and that kind ofslowing down, calming down,
pacing oneself.
It comes with time, it comeswith wisdom, if you want to call
(26:50):
it that.
It comes with experience and.
And a lot of people I get towork with, I think, thankfully
have that kind of perspective.
So when you surround yourselfwith individuals who are less
likely to be alarmist, itequally calms.
On the inverse, it calms medown, and that's.
I really rely upon my team justas much, as I hope they equally
rely upon me as well.
Speaker 1 (27:11):
I would say you and I know a lot of the same people
in incident response and youdefinitely exemplify leadership
people and incident response andyou definitely exemplify
leadership and other people Ihave known in this industry.
They have this grace underpressure and everything that you
stated.
You're so calming, you're soyou know.
It's like the house could beburning down, but I've got Devin
over here.
That's like you know what.
(27:31):
We're going to fix it, we'regoing to take care of it and I
think that's what we need to seein leadership.
I don't care if it's cyber orconsulting or manufacturing.
That's the kind of leadershipwe need, agreed.
What advice would you give tosomeone that's listening we have
listeners all over the worldnow, which I'm happy about, and
somebody may be going.
You know what I really want tocheck this out as a career.
(27:52):
What advice would you give tosomeone that's contemplating
doing incident response?
Speaker 2 (27:57):
advice would you give to someone that's contemplating
doing incident response?
Ooh, good question Getting intoa career of incident response,
getting into a career, you know,digital forensics or DFIR is
certainly not something to takelightly.
One of the interesting thingsis I've seen I've seen a kind of
younger generation that wantsone to get into incident
response because, you know,maybe they've read an article,
it pays well or it's kind of aguaranteed job because there's a
(28:19):
lot of opportunities to behired still in this craft, in
this industry, because there'sso many more jobs than there are
qualified individuals to fillthose jobs.
Instant response, with someexceptions, it's kind of an
always-on role, especially inthe consultancy life.
Now, look, there's a lot ofcompanies you can go to work for
(28:39):
that you're in-house IR andoutside of an actual
all-hand-on-deck incident you'reprobably working kind of the
normal 8 to 5, 9 to 5 job and Iget that In consulting.
Again, my perspective, becausethat's what I've done in my
prior place, post-fbi, and mycurrent place, cyber Reason, we
(29:01):
sometimes go for 10, 14, 21 daysat a time because that's just
the nature of incident response.
There will be a major incidentand it will have a domino effect
across different industryverticals, different clients and
we're looked at humbly as theexperts in that right and
there's a lot of vendors that dowhat we do.
So I'm not just saying it'sjust us, but we are looked at as
that.
So we get the phone calls, weget the engagements.
(29:22):
The thing that I would tellthose wanting to get instant
response is be prepared to notnecessarily have a normal nine
to five life.
Okay, if you want that, it'sjust be careful of who then you
work for, because if you're inthe consultancy world or the law
enforcement world, you willhave the kind of.
You'll have a lot more of thefive alarm hair on fire days
(29:44):
than not, because that's justthe nature of it.
We're responding to incidentsand instant response right.
So and if you're not respondingto incidents, you're probably
really bored and you're probablynot getting to practice your
trade and your craft.
So that's the one big thing Iwould say advice I'd give
someone entering IR.
Now that's kind of the hey.
Just be prepared for whatyou're going to get into.
Maybe the more the grass isgreen on the other side, be
(30:10):
prepared to learn non-stop.
Digital forensics and responseis truly a scientific field that
is not only evolving.
Every single investigation Ihave done in the 15 to 20 years
of doing this type of work,right From the FBI to private
(30:30):
sector and I would imagine manyof your listeners would agree
with this.
Many people that I work withwould agree with this.
Every single investigation ifyou're not learning something,
you're not paying attention.
This is not like a lot ofindustries were like I went to
school, I learned how to do thething, I got the paper and now I
do that for the next 30 yearsbefore I retire and there's no
real more learning.
(30:50):
Every case we do, there's a newtype of code, there's a new
type of malware, there's a newtechnique, there is something
that ties the strings together,that ties this organized crime
group or this e-crime group tothis other intrusion, and you
didn't know who the director was.
It's a constant, ever-expandingweb.
(31:11):
That goes back to an earlierquestion of what am I passionate
about?
What do I enjoy?
A little bit of the advice thatI would give to those wanting to
come into IR is be ready toconstantly be learning.
There are days I go to bedexhausted because it's like I
woke up thinking one thing youknow, I had a calendar of this
(31:32):
and we got really nitty grittyinto an investigation and all of
a sudden it's like and we gotreally nitty gritty into an
investigation and all of asudden it's like it's a domino
effect of learning and thentrusting the verification.
It's testing and repeatability.
We see this, but is that trulywhat that forensic artifact
means?
Let's go set up a test instance, let's recreate this and,
before you know it, the day'syou know you're at nine o'clock
at night.
(31:53):
So that's kind of the lastpiece of advice I would give is
be prepared to learn, be excitedto learn.
You need to be passionate aboutthat in this industry, because
there will be days where youwill automatically just be
drowning in new information andyou'll be talking to someone
who's been doing this for maybeanother 10 years older than I
(32:14):
have been doing it, and they'llprobably tell you the same thing
.
Be prepared to learn, becauseevery day is a new experience.
Speaker 1 (32:21):
Well, you want to be mindful of your time, but I have
two more questions.
Are you seeing an uptake inbreaches?
And it was just dead.
So are you seeing an uptake inbreaches?
Speaker 2 (32:38):
And is there anything unique?
Because you say that you knowit's a constant thing.
New things are coming up.
What are you seeing today?
Yeah, so the threat actorlandscape, to kind of ask you
your question, threat actorlandscape has evolved, but it is
also, honestly, continued toincrease.
So threat actor landscape isbroken into a couple of
categories Organized need crimeI mentioned that a minute ago
and those are typicallyfinancially motivated threat
actors.
There is no end in sight forfinancially motivated threat
(33:00):
actors who want to steal ormisappropriate money that
someone else has owned or,excuse me, so threat actors that
are looking to get into abusiness email account,
compromise and reroute aninvoice.
That's not going away anytimesoon.
Ransomware threat actors right,it's for those.
You know they're kind of not inthis industry, not in the
cybersecurity industry.
They're your listeners.
(33:20):
You know ransomware eventswhere a threat actor breaks into
a network, breaks into sometype of data storage environment
, whether it's online or insideof an on-prem network.
Their goal as ransomware is toencrypt your data.
Well, steal some data, encryptthe data they leave behind and
then do something we call doubleextortion where they're hey,
(33:41):
pay me to decrypt it, I'll giveyou the key.
You don't want to pay mebecause maybe you have backups.
Well, I'm going to extort youbecause I've stole this data and
you really don't want me toshow this to the world.
Right?
That whole double extortioncrime.
There's a financial incentivefor a bad guy potentially living
in a third world country whodoesn't have, maybe, good income
opportunities, or maybe they doand they just want to be a
(34:03):
criminal.
There's a financial incentiveto try to make hundreds and
hundreds of thousands of USdollars, or millions of US
dollars, by hacking.
Right, it's the dark side ofthe black hat, white hat
argument with hackers.
So that's organized crime.
And then you've got nationstate.
You've got these advanced,persistent threat actor groups,
the nation state threat actorsthat are stealing research and
(34:25):
development, or the advancementof some type of military
apparatus, intelligencecollection requirement of a host
nation, of a host government.
There is no end in sight forthat.
Every single government wantsto figure out what some other
government is doing and they'regoing to leverage cyber in this
day and age for that.
We're seeing that even rightnow in world conflicts.
We saw that months ago with thepager gate incident I think I
(34:50):
have that name right where allthe pagers exploded in the
Middle East and all of thatincident that happened.
It was the end step of acyber-related attack and a
supply chain attack.
We are living in this kind ofworld where all of these threat
actor groups it is so mucheasier to sit behind a keyboard
than it is to you knowpotentially walk into another
(35:10):
country and do things hands-on.
So cyber to your originalquestion has absolutely
continued to expand.
It is very busy and I thinkthat's also a testament to all
of those that have come intothis career path, that are now
graduating college.
They're entering the job sceneand they're getting jobs because
the skills that we have asinvestigators we don't respond
(35:33):
to incidents, understand logs,understand artifacts.
Respond to incidents,understand logs, understand
artifacts, putting timelinestogether.
It's a necessary skill, right.
So there is no small amount ofor lack of work at all in our
industry and there's a lot ofvendors that have entered the
space.
A lot of people have enteredthe employment market and
they're all very busy.
Speaker 1 (35:52):
Wow, that's fascinating.
I would love to ask more as wewrap up here all the busy and
amazing work that you're doingand continue to do.
Are there any professional orpersonal goals you have mapped
out for this year?
Speaker 2 (36:06):
So I came to Cyber Reason middle to end of last
year.
Cyber Reason is about a12-year-old company.
They are largely known, kind ofin, I think, the global sphere
for being an EDR product company.
Speaker 1 (36:20):
Yes.
Speaker 2 (36:21):
Endpoint Detection and Response and they had a
small internal IR team that wasfocused on helping MDR customers
, their Managed Detection andResponse customer base, with
incidents, with flare-ups.
The consulting space, forseveral reasons, as a company,
is new and that's what I'm hereto build.
So when you ask about my goals,I was recruited and hired to
(36:42):
help build the consultingbusiness and we're doing that.
So one of my goals for thisyear is to continue building and
ramping this brand new part ofan established brand, an
established company to build awhole nother vertical within
this brand as cyber-recentconsulting, which, again, did
not really exist before we gothere.
(37:03):
It didn't exist.
And so everything from proactiveservices and advisory and
testing and off-site, but mybread and butter, which is the
reactive side, the responsive,responding to an incident type
consulting services and buildingthe teams, hiring the right
people that can do that anddoing that globally right, even
though I sit here in the US, Ihave my eye on Canada and Europe
(37:25):
and Asia Pacific market and wehave a team in Japan.
So that's my both business butalso personal goal is being
successful.
In that I want to.
I've invested a lot of time andenergy and I'm working with an
amazing group of team membersthat I've gotten to work with
for many years and we're heretogether to do this and build
this and do it right and takecare of our customers.
Speaker 1 (37:48):
Well, there's no doubt, with you and some of
those amazing people, thatyou're going to be ultra
successful, and I'm so glad thatyou stopped by to take us a
little bit deeper into what'sgoing on in the world.
I really thank you for yourtime today.
Speaker 2 (38:03):
It's been my absolute pleasure.
I would love to do this again.
Speaker 1 (38:07):
We definitely will.
We definitely will.
I just want to say real quickthanks to the listeners that are
subscribed from Belgium, india,austria, australia.
Thank you very much for tuninginto the show.
Please remember to subscribe toour podcasts on various
platforms, including Apple,spotify, iheartradio and many
more.
Thank you for tuning in andtake care.
Popular Podcasts
My Favorite Murder with Karen Kilgariff and Georgia Hardstark
My Favorite Murder is a true crime comedy podcast hosted by Karen Kilgariff and Georgia Hardstark. Each week, Karen and Georgia share compelling true crimes and hometown stories from friends and listeners. Since MFM launched in January of 2016, Karen and Georgia have shared their lifelong interest in true crime and have covered stories of infamous serial killers like the Night Stalker, mysterious cold cases, captivating cults, incredible survivor stories and important events from history like the Tulsa race massacre of 1921. My Favorite Murder is part of the Exactly Right podcast network that provides a platform for bold, creative voices to bring to life provocative, entertaining and relatable stories for audiences everywhere. The Exactly Right roster of podcasts covers a variety of topics including historic true crime, comedic interviews and news, science, pop culture and more. Podcasts on the network include Buried Bones with Kate Winkler Dawson and Paul Holes, That's Messed Up: An SVU Podcast, This Podcast Will Kill You, Bananas and more.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com