Andrew Carr, MS, GCIH, CTCE is the Director of Cybersecurity Graduate programs and Assistant Professor of Cybersecurity at Utica University.
FF: Please tell us a bit about your background in computer forensics and how you ended up as Director of Cybersecurity Graduate programs at Utica University.
I pursued an education in Cybersecurity when it was a rather new concept in the field. I was Cohort 1 of the Cybersecurity undergraduate program at Utica University (Utica College at the time) and specialized in computer forensics. I interned for an entire semester at a local police department performing forensics in assistance of criminal prosecutions. From there, I got my first job in computer forensics at a regional crime lab in a nearby city. The lab was ASCLD/LAB accredited and provided me with an excellent opportunity to learn under the most rigorous of standards related to forensic analysis.
While working at the lab I pursued my master’s degree in Cybersecurity at Utica University in Cohort 1 of that program as well. I once again specialized in computer forensics and learned a great deal from professionals at the top of the field. I taught as an adjunct professor at Utica University for five years while I was working at the crime lab which allowed me to impart the skills and knowledge I had gained in the field on the next generation coming up. I left the crime lab after about 8 ½ years to teach full time in the Cybersecurity program at Utica University, which I did for two years before heading out into the private sector. I spent about 4 ½ years in incident response consulting, leading IR teams. I was able to be involved in hundreds of incident investigations and reviews with a focus on ransomware.
I eventually leveraged my cybersecurity and communications skills to become a ransomware negotiator. During that time, I repeatedly negotiated with dozens of different threat actor groups which provided me with valuable insight into the tactics and motivations of modern ransomware operations. Utica University was looking to revitalize their Cybersecurity programs, so I left the private sector in 2022 to go back into academia as the Director of Graduate Cybersecurity programs and help bring my experience in industry to the programs. We completely reimagined the curriculum, reassessed our offerings, and rebuilt every single course from scratch to ensure the most modern and relevant topics were addressed, with a focus on practical, hands-on learning driving every decision we made.
FF: What digital forensics courses and research opportunities does your department offer? What can students expect to learn?
Both our undergraduate and graduate programs offer specializations in Digital Forensics and Incident Response (DFIR). The specializations provide students with several courses dedicated to forensic analysis processes, techniques, and tools. All courses focus on practical, hands-on learning. The university has partnered with RangeForce to offer cutting edge virtual environments that students can use to gain skills critical to their careers. Both the undergraduate and graduate students also take a course focusing on incident response, as the need for forensic practitioners in IR has exploded in recent years.
Students specializing in DFIR at Utica University will learn everything from the basics of digital evidence handling and integrity, acquisition and recovery of data, to advanced investigative techniques to identify evidence of malware persistence, defense evasion, privilege escalation and more.
Our programs mix the crossover skills needed for traditional digital forensic investigations with the cutting edge needs of incident responders. All of this is stacked on our core cybersecurity curriculum which helps students build knowledge and skills in DevSecOps, cloud infrastructure, GRC, security operations, and more. Students regularly research emerging attack methodologies and provide insight into the forensic techniques and data sources necessary to investigate them.
FF: What are the main challenges of teaching digital forensics courses? What do you find most rewarding about your role?
The main challenge of teaching digital forensics courses is ensuring students can learn practical, hands-on skills. Years ago, this meant I would have to spend countless hours regularly creating salted data sets and lab scenarios to provide students with the opportunity to develop real skills that they can use on day one of their careers. It is one thing to have a professor tell you about how to do something in forensics and an entirely different thing to actually get to do it. This is why our partnership with RangeForce has become so essential to providing the type of practical education we offer to students.
RangeForce is a leading provider of hands-on training modules for industry professionals developed by the creators of the cyber range for the NATO Cooperative Cyber Defense Center of Excellence. It allows us to test the skills students have learned through challenges and assessments that provide verified digital badges. The addition of RangeForce to our school allows me to spend more time teaching and less time making data.
FF: What digital forensics reading material or resources do you recommend to supplement academic learning?
I try to read as many cybersecurity articles as I can from numerous sources to stay current. I have also been a member of Forensic Focus since 2008 and recommend it to my students because it provides great perspective from some of the best in the business. Places like the DFIR Report, and blogs from Crowdstrike, Kroll, and others are great resources as well.
FF: What trends do you see in digital forensics? How do you keep your curriculum up to date?
The need for forensic practitioners in the IR space has boomed in recent years and that branch of forensics brings with it the need for more advanced understanding of exploits, external data sources, malware, hacking techniques, and more. Through our partnerships with CompTIA and RangeForce we can ensure that our learning content is current and regularly updated. Everyone that teaches in our programs is also a practitioner. We have all done what we teach and most of us still work as consultants to stay current and keep our skills sharp, which ensures we always understand how our discipline is changing and evolving.
FF: One of the questions we’re often asked at Forensic Focus is “how do I get started in a digital forensics career?” What advice would you give? What qualities do you think are most important for work in this field?
I can’t overstate the value of doing an internship. We encourage all our students to do an internship as it provides an excellent opportunity to learn in a real world setting and network with professionals in the field. Employers often look at internships as satisfying minimal experience requirements and it shows you can perform well in that environment. I wouldn’t be where I am today without the recommendation provided by my supervisor at my internship.
Critical thinking and a drive for continual learning are essential in this field. Things change rapidly in digital forensics, and you will often have to work through things that there is no book, article, or write up about because you might be the first person to encounter it. You will need to understand how to approach a problem, how to work through it, and always be willing to learn new things to stay current. You will never know it all, but you must always keep pushing to try.
FF: What do you enjoy outside of digital forensics?
I love spending time with my family. Becoming a parent is the best thing I ever did. If I can squeeze in some golf too, then that’s a pretty great day.
If you’d like to connect with Andrew, you can find him on LinkedIn (login required).
