Can you tell us something about your background and why you decided to work in this field?
Sure. My background is a little unusual. I started coding when I was about seven, and I got my first job as professional programmer when I was 15.I was of course very involved at the time in the Chicago hacker community, and that’s kind of how I learned about digital forensics, when it was a new field, and that it was something that I was really interested in doing.
And can you tell something about what are you doing now? What type of work do you do now?
Sure. I work at Motorola Solutions in Chicago, and I run the digital forensics and incident response team.
What is the biggest single challenge that you face in your daily life with forensics and incident response?
I think the biggest challenge for people in forensics in general is keeping up with changing technologies, both changing adversaries and just new technologies that are out there that we’re doing forensics on.
Right. And what will change over the next few years in digital forensics?
We’re definitely going to see less and less of traditional technologies that we’re used to, like physical hard drives with platters. And those are things that we’re very familiar with, and there’s a lot of tools out there to work with. And we’re going to see much more mobile and Internet of Things devices, as well as even cars and aircraft that have heavy computer presences that need forensics.
Do you manage a team of people or work alone?
I lead a team. I have a team of incident responders, and we’re both a managed security provider and we do internal security as well.
One of the questions we are often asked at Forensic Focus is “How do I get started in a computer forensics career?” Do you have any advice?
That’s definitely my passion, and something that I’ve written about a lot, and I volunteer to help people do a lot.
Getting started, you really mostly need motivation. You need to really want to do this, you want to be a forensic analyst, you want to be a security analyst, you love the field and you want to dedicate lots and lots of your life to it. You can’t just do this job from nine in the morning to five at night. You have to have a passion for it.
But once you do have the passion, get out there and learn. Find what niches you’re interested in – you don’t have to know everything, but find things that you’re interested in, and dig in. There’s lots of free resources out there on the internet, on YouTube, on SecurityTube, on blogs and podcasts like this. There’s tons of resources out there; just take advantage of them. And don’t be afraid to make mistakes, and learn from your mistakes while you’re studying.
Yeah, I agree. And what kind of qualities you think are most important to work in this field?
As I said, perseverance and drive, and a passion for the field and what we do.
And what is the most rewarding part of your job? What aspect of your job do you find most challenging?
The most rewarding part for me is the investigative part of forensics. And in terms of digital forensics and incident response, that’s analyzing an incident like a data breach, from beginning to end. And I find that that investigation, and finally resolving it and figuring out what happened, to be tremendously rewarding.
The most challenging part for me – accepting that I can’t know everything in security. I’m never going to be the best at every area of security. I mean, I can barely hope to be the best at one area of security. It’s such a broad field, and there’s so much to learn, and for every one thing, there’s ten more things you don’t know. So it’s been very hard for me to accept that sometimes I’m going to have to be part of a team, and I’m going to have to rely on somebody else who has a strength that I don’t have. And then, when they need my strength, because something they’re doing is not their area of expertise, then I step in and help them.
Okay, good. And you told us that you started when you were seven years old…
…and then at 15, so probably you were one of the first. There are not a lot of women working in IT security, but I can see that the number has been growing in the past few years. What do you think? And what kind of suggestions and advice can you give to women entering this field?
I’d certainly, first of all, say that there’s more women in security than there are in other areas of IT, such as programming. There’s much better representation of women in security and especially forensics than a lot of other IT fields, which is great. But we still have a long way to go. It’s certainly a very male-dominated field still.
I’d say my advice to women who want to be in security is self-confidence. And that can be very hard to gain over time. But you have to have it. When you know that people are going to doubt your knowledge, just by default – there’s going to be preconceptions about what you know – you have to come into those scenarios with a confidence in yourself and what you know. And again, you don’t have to know everything. But when you make a statement, you need to be confident in that statement and willing to back up what you’re saying with a good, logical argument.
Last question. When you’re not working in forensics or security – I don’t know if you have spare time, but if you do, what do you do in your spare time?
A lot of my free time I spend on volunteer work in security. So working at conferences, and blogging, and doing outreach for people wanting to get into security. But in my free time that I have left after that, I’m a martial artist. I study free martial arts, and I just got back from training with a sword-master in the Philippines.
Forensic Focus interviewed Lesley Carhart at Enfuse in Las Vegas, NV. For more details and to find out about next year's event, visit the official website.