Reasons why Infosec is a good job for prior law
enforcement:
1. The ability to articulate
Summarizing your probable cause for 4 felony charges based
off of one DUI stop into one sentence is a skill that takes years to master,
and can transfer well into other fields. The complex, technical nature of cyber
investigations demand this ability, and it is sorely lacking in the technical
workers in the industry.
2. Report writing for an investigation
This goes hand-in-hand with the previous point, but
reporting your findings in a logical manner is another skill that's highly
valued. The first time I documented my findings from a phishing attack our organization
had fought, my manager read it while yelling, "THIS IS SECURITY
PORN!!!"
No, it's just a report detailing the incident. But that's
such a foreign concept that's so highly valued, it's easily worth close to 6
figures, if not more.
3. Slowing your roll
We've all been that rookie who gets way too excited about
every toned outcall, but hopefully, we grow out of it. That ability to slow
down and get all the facts before rushing to judgment is critical. The first
time I saw the Emotet spam campaign hit us with thousands of unique, custom-tailored phishing emails, some of us were convinced this was an advanced nation-state attack. No, it's not. Slowing down and getting all the facts before
hitting the big red button is something you learn from experience and feeds
your intuition. Again, this is something that comes from your current
experience skillset and takes years to develop.
This also feeds into prioritizing. There will always be more
issues than resources to fully investigate them. By slowing down and
understanding the threats we can make the best decision possible.
4. Risk Management
You've been doing risk management your entire career.
Juggling competing priorities of ethics, liability, legal considerations, case
law, and the whim of your lieutenant is a balancing act you've managed to
figure out. These are all risks, and the ability to find a path forward and
make decisions considering the myriad of factors is an example of managing
risks.
The cyber-world has the same demands, although the
consequences are counted in dollars per minute. I've heard examples from
colleagues in the e-commerce world who rate downtime in terms of $100,000
increments per X seconds. Evaluating competing business priorities is a
complex thought experiment. Being able to articulate that in a succinct manner
requires all of the previous skills.
5. Doing a good, defensible, investigation
You're used to doing an investigation and answering the
questions that are bound to come up. You're used to defending your work in an
adversarial environment and making your case, so you're accustomed to asking
yourself the questions you're bound to encounter that will call into question
the thoroughness of your work.
This includes evidence collection. On numerous occasions I
asked colleagues about ongoing issues and asked for logs, to which I was told,
"Well, we never saved any." This, of course, is unacceptable, and
illuminates the underlying issue: they don't understand how to support their
statements.
By approaching technology with a mindset that has been
through litigation and the courts, you're fundamentally better prepared to defend
your work and back up your statements. The first time you present something to
HR complete with a synopsis, narrative, screenshots, and timelines, it will
blow their minds.
6. Learning deeply nuanced and technical work
One of the biggest excuses I've
heard from family and friends is that "they can't do that nerd stuff"
and "it's too technical."
Did you memorize a series of Title 28 and Title 13 statutes?
Their underlying elements? The difference between negligent and
intentional?
Did you memorize probable cause?
Have you maintained a running list of statutes the county an attorney is issuing felony waivers for this week?
You can memorize some ports, what they do, and the attacks
associated with them. Easy. This is just a continuation of the skills you
already have.
That skill is the ability to learn and be dynamic in
your thinking.
The only constant in law enforcement is changing, and this is
just as true in the cyber world. These are all conditions and dynamics you're
already accustomed to.
7. There are fridges and bathrooms
At my first cybersecurity job I was shown where the
refrigerators were and the bathrooms on the first day. And then it hit me: I
can go hit them whenever I want. I could just get up, get a refill of water and
go to the bathroom, as soon as the urge hit. It was amazing.
Coupled with today's remote workforce and this is amplified:
now you can work from home. The benefits are as good as they sound, if not
better. Trust me on this one.
Comments
Post a Comment