Another n00b, anoth...
 
Notifications
Clear all

Another n00b, another questions 😉

9 Posts
7 Users
0 Likes
325 Views
(@jeremy)
Posts: 1
New Member
Topic starter
 

Hello all, like the other people in the "Getting Started" group, I would be grateful if I could get some guidance.

First off, I have the same question as everyone else "Should I get into the CF field, and what would be a good place to start". But I think my situation might be a little different from most of the others in this group (or maybe not). Let me shed some light on my background, and after reading about who I am and what I do, I would appreciate an honest opinion to my questions at the bottom of this thread.

Who I am
I am 25, and live in Metro Detroit. I have been working in IT for 9 years now and it has been alot of fun. I started out kinda early (16 years old) and have been able to work for alot of companies, meet a lot of people, all of which have been fun experiences. Now here I am at 25. I have a good job, make good money, and am able to live comfortably. I would not consider myself a geek in the sense of pocket-protectors and nerdy glasses, but I am a self proclaimed geek when it comes to all things technical. Outside of work I love to get into "techincal projects" and as I am single, I spend alot of time working on work related projects from home.

What I do
I am currently a Web SysAdmin for a fairly good sized marketing company. My main responsibilities are the stability, speed, and security of our customer-facing websites. I am also called upon in emergency situations to help out the other teams in our IT department when they are having a critical issue. From Peoplesoft, to our SAN's and Tape Libraries, to Windows servers, to Networking issues, they come to me for it all. Because of this, I fancy myself a sort of "jack-of-all-trades".

So now my question(s)…Reading who I am and what I do for a living, do you think I should even bother trying to get into the CF field? That is a pretty broad question, so let me break it down to some more manageable questions

-As I said above, I have a pretty good salary. If I did get into CF and had to "start over", I would probably be taking a $30k pay cut. Thoughts?

-Even though I have been successful, I have not taken one college course. All I have is a high-school diploma (do those things even count anymore?). 10 years ago many people would have told me that I would not be able to get where I am today without a college degree, but here I am. At one point I thought about it, but it would not really buy me anything, I already make more then most graduates…the only time it would help me is if I were to change careers. As that is what we are discussing, I now have to strongly consider college. Do you think I can do it without a degree? I know it would be hard, but if it wasnt then it wouldnt be worth it right 😉 Thoughts?

-And then there is the whole "comfort zone" thing. If I stay doing what I am doing, I can continue to make a good living, but will always have that nagging voice in my head saying "you should have went into the CF career". I am sure that I would someday be able to make close to what I do now working in CF, but it would probably not be for a while. What do you think, Is it worth it?

I feel that at this point in my life, I am capable of jumping in head first and being successful. I am not saying that I know all of the tricks of the trade…but from a technical standpoint I feel that I am more then ready. I am sure there will be alot to learn, but personaly that is the fun part. Ideally for me, I would love to find a company that brokers forensic work out. I have found companies that broker out sysadmin work on a project-to-project basis. A client needs a script to automate a manual process, and they need it by next week. That kinda thing. Those type of projects have allowed me to keep my 9-5, but instead keep me busy in the evenings and afterhours, and allow me the flexability of working from home. I know those jobs are out there for sysadmin work, are they out there for forensic work too? As I said, I think it would be ideal because I would not be "starting over" with a new career. Rather I would be slowly getting into it, and after a few years and some experience I could then make the decision to completely drop my IT career and transition over.

Well, I realize I have been pretty long-winded and I apologize for that, as well as any grammatical errors. As I said several times above….thoughts?

Thx,
Jeremy

 
Posted : 08/12/2006 2:01 pm
azrael
(@azrael)
Posts: 656
Honorable Member
 

Hi Jeremy,

I find that I'm pretty much in the same position as you are at the moment, I too have not much beyond the UK equivalent of a High School diploma & yet am managing very nicely in the IT industry without.

I've started getting into Forensics for my own educational pleasure & fulfillment - I just set out to get that degree that I missed out on years ago, decided to skip straight to an MSc and here I am now … In the UK you can go straight to an MSc with sufficent work experience in place of a first degree if you go to the right places. I'm loving it, but so far I haven't given up my "day job" (except for 4 weeks a year to go to University … ). You might like to consider doing the same - if you are single and spending your time working - why not study instead ? Distance learning is discussed a lot in the Training forum, with many Online US Universities offering FC.

I don't work in Forensics at the moment, but I have allready found applicable uses for some of the skills that I have learnt in my first year of study in the roles that I have been working in. Any useful skill learnt is a "good thing" in my opinion.

You can then fully determine if this is something that you can spend 5 or 6 days a week doing for the next 40 years … ( Assuming retirement is still 65 by the time you and I get there … I'm only 28 btw, so I really appriciate where you are comming from - I however have some dependants who rely on my current salary which complicates it a little. )

I was speaking to a UK recruitment agent only yesterday with regard to this, and whilst I could expect an immediate hit on my salary, because I would switch from Contract to Permanent work, he was very keen on putting me forward for roles which would only be approx. $10k off what I would earn in a perm role for UNIX/IT Security here. It seems that a number of employers are interested in people who have good practical experience of the corporate world, some experience of forensics and a demonstrable enthusiasm to do the job.

If the US is anything like the UK, Law Enforcement or Govt. work will suck pay wise compared to the commercial sector, however, I understand that the job satisfaction of putting a criminal behind bars is more than enough to make up for it.

For me, I'm going to stick to what I do as a day job while I finish my training (2 more years worth), I'm going to use this time to get my finanaces in order and put some cash aside, then I'm going to bite the bullet and get stuck in - if it doesn't work out I'll come back to IT Security - those skills won't have been lost, and nor will yours - they will only be enhanced by a better understanding of IT in general.

Good Luck with whatever you decide to do,

Azrael

 
Posted : 12/12/2006 6:17 pm
farrahyde
(@farrahyde)
Posts: 21
Eminent Member
 

Jeremy,
I am currently taking one of those online courses Azrael was speaking of,
I have 10 plus years of experinece with computers networks and security, the course is tough, but I enjoy learning.
My children depend on me too much to waste time on full time college.
I'm 35 and never had a college course. I do have that high school diploma but I don't think that matters this late in the game. I don't even have a A+ certification just my own experience in my own computer company.

If any of those people you have met along the way are lawyers, or insurance persons, or maybe even mid sized corporations with a need for incident response… and your current company doesn't have a "non compete" clause then yes a self taught careear in CF is a great possibility for you. Just don't expect it to put all the food on the table..
You'll need other skills/ income to offset the price of getting started.

If your current company can offer you a position with IR or CF then the training would deffinatley be benefical to you, if nothing else but to bring more ideas to the table for them. why not hit them up to help pay for the course?? most employees offer some schooling assistance if you ask.
( i wished i had that option)

Hopefully this has given you a little to think about, Good luck in whatever you decide.
-Rhonda.

 
Posted : 21/12/2006 2:53 am
(@armresl)
Posts: 1011
Noble Member
 

Incident response and CF are pretty much two totally different paths.

If you are talking about taking a $30k a year pay cut I would stay where you are at and learn CF on the side to see if you like it and which path you want to go down.

 
Posted : 21/12/2006 4:52 am
(@armresl)
Posts: 1011
Noble Member
 

If you like the field and start up your own company, try to make sure you give estimates that reflect everything that you think could possibly come up. Don't forget to bill for storage as some cases can go on for years and you are taking up not only physical space but a hard drive that you cannot use for another case.

You may find that the scope of projects expands but the quote you gave the client stays the same and sometimes a client might not think that imaging another small drive and looking for more items would warrant a lot more money.

If you grab a decent sized retainer on a case and submit your final bill in a timely fashion you should be able to budget any money you have come in just fine.

Hope some of that helps.

 
Posted : 21/12/2006 4:58 am
az_gcfa
(@az_gcfa)
Posts: 116
Estimable Member
 

Do not know if you have read any of the other posts in this section? I would strongly advise that you do.

A couple of things you need to consider and research before you jump in and make a complete lifestyle adjustment. I hope you have done a marketing survey and understand the landscape. I became interested in CF my last couple of years in Govt Service before retirement. My initial business contacts with lawyers, businesses and LE agencies revealed a great deal of the mindset of the my local community.

1) Most people did not understand the various certifications and did not care. However, they valued a college degree more and indicated that they would be more likely to hire based upon that single qualification. However, the LE community was cold all together; they implied they relied upon the State or Federal authories – they did not get involved in Computer Crime? If you have the option, you may consider working for someone else or an established firm until you learn the ropes. Technical companies like the degrees but understand the various certifications better. So you might have a better possibility working for someone for a while [just a thought!].

2) Arizona and numerous other states have licensing requirements for this particular line of work; basically anyone that takes testimony or provides evidence in court based proceeding must be qualified to obtain a PI licensed (3year of Investigative work!). Be sure you check your local government requirements – in some states it is a felony to be caught without a license.

3) Make sure you get your Professional liability and Error and Omission Insurance lined-up. Plus some states require Surety Bonds in various amounts to be established.

4) Make sure you have a facility and work area that can be secured. You may be required to testify and prove that you have maintained appropriate control and protections of "potential evidence". A spare room desk drawer would probably not be considered appropriate.

Good Luck

Plus - I'm working on my CF Degree, as well.

 
Posted : 22/12/2006 3:46 am
(@unclebuki)
Posts: 12
Active Member
 

Incident response and CF are pretty much two totally different paths.

armresl, I'm a CF newbie. Could you please elaborate on the differences?

 
Posted : 30/12/2006 9:58 pm
 ddow
(@ddow)
Posts: 278
Reputable Member
 

Incident response is often a system admin function in response to a system compromise. The goals include quick restoral of server/workstation functionality; investigation of compromise vector so all other business nodes can be patched; determination if the compromise was internal or external. Skills needed OS and application specific, computer security, business objectives.

CF is traditionally intended to investigate a system with the ultimate intent of testifying in court. Preservation of evidence, chain of custody and admisability of evidence are essential goals. Skills needed forensic techniques; law; data recovery.

Others will also be able to suggest additional differences.

 
Posted : 30/12/2006 11:15 pm
(@unclebuki)
Posts: 12
Active Member
 

ddow, very good explanation. Thanks.

 
Posted : 30/12/2006 11:19 pm
Share: