Podcasts

Podcasts


The Power of Mind over Matter with Jessica Hyde

A DFIR expert shares her journey from retail management to the Marines to a successful career in forensics.

Notes:
For someone who wrote her first computer program at age 4, Jessica Hyde's journey into infosec took a more winding route than you'd expect. After dropping out of high school, she worked in retail management until 9/11, when she realized she had to do something that made a difference in the world. Since joining the Marines, she's become a Master's-level expert in digital forensics. In this episode, she and Jason discuss how varied backgrounds and experiences enrich an enterprise, the importance of helping others, and that putting your mind to something allows you to achieve anything.
Bio:
Jessica Hyde is an experienced forensic examiner in both the commercial and government sectors. Jessica has 14 years' technical experience and holds an MS in Computer Forensics from George Mason University. She is currently the Director of Forensics for Magnet Forensics USA and an Adjunct Professor at George Mason University where she teaches Mobile Forensics. Her previous roles include Sr. Mobile Exploitation Analyst for Basis Technology, Sr. Electrical Engineer American Systems, and Senior at EY. Jessica is also a veteran of the United States Marine Corps.
Return to Episode List
Transcript:

Jason Nickola:

This is "Trust Me, I'm Certified" brought to you by GIAC Certifications, a podcast exploring how to conquer imposter syndrome.

Jason Nickola

Welcome back to "Trust Me, I'm Certified." I'm Jason Nickola and our guest this episode is Jessica Hyde. She's now one of the leading experts in digital forensics as a director at Magnet Forensics and adjunct professor at George Mason University. She's hard to miss in the DFIR world as a frequent speaker, SANS DFIR summit advisory board member, among many, many other contributions in the DFIR community. How she ended up here, though, is just such an interesting and inspiring story. Probably one of my favorites that we've learned about here on the show. And what I love about it is that Jessica has been on a mission for the better part of two decades, one that has not only seen her transform herself and the notion of the power she has in the world, but also has seen her become very outward facing and continually leveraging her skills to battle for the greater good. This was a really compelling conversation and I feel like Jessica is basically one of my heroes now. There's so much great stuff here and I hope you all leave the conversation with a jolt of inspiration to go out in the world and find your own sense of mission and purpose and infuse that in your career. So here it is. Enjoy.

Jason Nickola

Alright, Jessica Hyde, thank you so much for joining us.

Jessica Hyde

Thank you so much for having me, Jason.

Jason Nickola

So your exposure to engineering came in the Marine Corps, right?

Jessica Hyde

Yes and no. So before the Marine Corps, I had really no idea what I wanted to do and Marine Corps take the ASVAB. And they said, hey, engineering is good. And so I started doing electronic analysis of aircraft, I became an avionicsman, much similar to Lesley Carhart. I actually think it's funny that the two digital forensics examiners that you've had on the show, both happen to be aviation electricians in the military, before going into DFIR, which is really interesting. And another forensicator I know, Eric Capuano, who's a SANS instructor, also happens to have taken this bizarre path of working in avionics, and then winding up in digital forensics, which are askew fields.

Jason Nickola

Maybe we found something here.

Jessica Hyde

Maybe we found something here, maybe we need to recruit incident responders from avionics out of the military.

Jason Nickola

Right.

Jessica Hyde

But yeah, so that made me realize that I actually like circuitry and electronics and some exposure to DC/AC theory. And so yeah, and then I started trying to go to school while being on active duty and get an electronics engineering degree. So and then I think I started doing real engineering after that, as I started doing reverse engineering in a lab, whereas reverse engineering IEDs. And so that's when I actually started doing engineering as opposed to just troubleshooting and analysis.

Jason Nickola

So before that, were you into technology as a kid? Did you build things, break things? What were you doing as a kid?

Jessica Hyde

So I mean, when I was young, I was very lucky that I had an uncle who had a Commodore 64. And he used to babysit me, it was my only exposure to electronics. I didn't grow up with much means. And he brought over the C64 and plugged it into our TV set. And at about four I wrote my first program, which was really, really simple. It was to take phone numbers and show all the alphanumeric constructs that they could be with those seven numbers. And I can tell you, my first phone number was SHE-PEST, 743-7378. And I know that because of that, and so I was became obsessed with patterns and how things can be encoded and decoded. And so that was my first exposure. But to be honest, I didn't have technology in the home. And I had some exposure at school, but not really great until I got to high school and was able to take programming classes and robotics classes. But then I really left that all behind.

When I graduated, I'll be clear first, I actually am a high school dropout who now teaches grad school and has a graduate degree, but that shows it doesn't matter where you came from, but I went into retail management until September 11th. So I really was not touching technology outside of operating a point of sale system, which is weird then when you investigate them. But I was a retail manager for years before September 11. And then I went in the Marine Corps and the Marine Corps was like, hey, you're good with the stuff because of the ASVAB. You're good at electronics and we're gonna send you to avionics school. So It was almost like it reignited something I forgot I lost. I didn't remember how much I loved solving problems, decoding things, troubleshooting, trying to understand things and how they work. And it really reignited that passion that I had had as a young child. But it was stifled because it wasn't as common in society, it wasn't as prevalent. I will say, I did some phone phreaking. But that was more because I had a boyfriend in another state and I wanted to make long distance calls. So I did not - I was a minor. And there may have been some things, I figured out the algorithm for calling cards. But that's okay. Because I had a reason to, but that was my youth. And that was all very different, reformed much, much so.

Use your powers for good. I thought it was good. I thought I was making good long-distance calls to my boyfriend, from cell phones, and by the way, I learned also how you get caught. Because if I happened to have been generating calling cards, I can't believe I'm talking about the calling card numbers that actually worked, and using them, I always used them from pay phones to call pay phones. And then one day I was stupid. And I called my boyfriend at that time at his house instead of at a payphone. And the phone company took note and was able to figure it out. And he gave me up so...

Jason Nickola

So is that the end of the relationship?

Jessica Hyde

Yeah, you can say that. Don't dine somebody out for - yeah. But I mean, I used to have a little tone emulator, and the whole paperclip trick and all of that stuff back in the day. I'm definitely dating myself by the fact that - and so the irony is that what I've primarily worked in is mobile forensics, right? So definitely some irony in both my first coding project, and I actually have never really related this myself, translating phone numbers into words, very apropos, I guess to what I wound up doing later in life that I never expected I would do. And then getting in trouble for doing a little bit of phone phreaking and calling card generation back when that was the thing, too. Now I'm reversing Android apps, right? That's a completely - I never put it together. So thank you, Jason, for bringing that up.

Jason Nickola

Well, there was so much there that we should dig into. But where you went with it was exactly where I was going to go. It's so interesting to me how in the moment, and looking ahead, it doesn't seem like there's any connection between these things, and you don't see like, hey, I'm a 4 year old that is encoding and decoding my phone number on a Commodore 64, in a really good way. But that's kind of weird. I don't think that's common, right. So, I'm sure there are some tellings of your background where it's like, yeah, I joined the Marine Corps and I was exposed to engineering, and I got out and started doing some reversing, but really, there's a lot more to it than that, especially as you start to connect in the phone phreaking. And it's really cool to look back and identify the things that you didn't know were there, and then kind of piece them together and go, hmm, maybe this was gonna happen, this maybe I ended up doing what I was supposed to be doing.

Jessica Hyde

Right. And, you know, I never thought of those things as being part of my story of how I got here. So thank you for eliciting that out of me. I had no idea it existed.

Jason Nickola

Thanks for telling it.

Jessica Hyde

I needed connections to find it. So I kind of encourage anyone who's listening to us to link back now to the things you did as a kid. And how do they relate even if you don't think they did?

Jason Nickola.

Right. Yeah, I was prepared to ask some really general questions about like, hey, did you like doing puzzles and like figuring stuff out? And it's like, yeah, I was encoding and decoding my phone number and phone phreaking. And it's like, okay, yeah, this all makes perfect sense.

Jessica Hyde

It does. And if you think about it, that's all about figuring out how things work. And then how do I use that in a technological means. Only now using powers for good.

Jason Nickola

Right? Definitely. So another thing you mentioned is working in retail, well, dropping out of high school, working in retail, and then September 11th happened, and I'm assuming that that was what's, you know, spurred you.

Jessica Hyde

100%. I was on Parris Island October 28th, 2001.

Jason Nickola

Okay, right. Why was that important to you to do?

Jessica Hyde

I mean, for the obvious reasons. So people I know, I mean, my dad worked right there and he was missing at the time I enlisted. My dad thankfully was okay. He just kind of shut down after seeing what he saw. But I knew people, we all lost people, I lived in New Jersey. I saw the towers fall with my own two eyes. I was working retail at the time, I was a store manager of the Abercrombie and Fitch in the Livingston mall, New Jersey. And immediately, we, after the second plane hit, basically closed everything in New Jersey that was a possible target and being a mall it was immediately closed. And I drove home and at the time, I lived in town called Hawthorne, and my apartment happened to be, my neighborhood was on a hill. And because of that, from my living room window, you could see the towers and I saw them fall with my own two eyes and I realized at that moment, and I'm sure you can hear this in my voice, but that I had to do something more important with my life. That it wasn't about just getting by and seeing my friends and doing the things I enjoyed at that point. That I needed to use my skills and my brain and my body and my all to do something that mattered.

And I spoke to a recruiter, got an education waiver because I scored high enough on the ASVAB or the pre-ASVAB - first you take a pretest and they wouldn't have even spoken to me. I scored enough on the ASVAB for them to let me in with a GED. I believe in 2001 - don't quote me on this, my recruiter told me so who knows how true it is - that there were only three education waivers that year and I was one of three. It did help that I was a female. There are quotas to get enough females to run the actual platoons at boot camp. And so I went into the Marine Corps and it's the smartest, best decision I made. A lot of people fell It was a bad reaction to grief. On September 10th, one of my roommates died of a heart attack completely unassociated with the events of September 11th. And I had lost an infant brother that year, at five days. My friends bet, had betting pools, that I would not make it through boot camp. And I was the kind of person who always did something that was unexpected. And the most unexpected thing I could do was to complete it and do it. And so I did, and it's all mind over matter, right? I mean, so at the time, I was four foot 11, I was probably 100 pounds soaking wet. I was not normally what people think of when they think of a Marine.

But being a Marine, it's not your physique. That all can be built. It's your mind. And thing we used to say is mind over matter: if you don't mind, it doesn't matter. And that's something I live with every day, and it made me who I am. If it wasn't for the Marine Corps, I would have not gone to college. I wouldn't have earned a degree in electronics engineering and a master's in computer forensics. The Marine Corps basically paid for that. I used my GI Bill and I went to school while on active duty. I wouldn't have met my spouse who happens to be a pen tester now, but we were both avionicsmen together in the Marine Corps. So maybe this again, goes to this point of being in avionics and then winding up in infosec. I wouldn't have had my children. I wouldn't have been exposed to the things I was exposed to. I wouldn't have most of the relationships I have. I wouldn't have had the opportunity to learn that I love electronics and to be reinstigated with that. The Marine Corps gave me everything. The Jessica you talk to today wasn't born in Orange, New Jersey. The Jessica you speak to today was born in Parris Island, South Carolina.

Jason Nickola

That's powerful. That's succinct. That's important, yeah.

Jessica Hyde

Yeah. So the worst day of my life gave me the greatest thing in my life. And if anything beats a terrorist, it's that. And I mean, I'm fortunate enough that when I left the Marine Corps, I continued that mission in reverse engineering IEDs, and then going and working in counterterrorism labs doing forensics. And now I build tools to help other people do that. And at the end of the day, what I get is that sense of mission and I know I'm doing something with my life.

Jason Nickola

You took the words right out of my mouth, because the thing that I find among people, many people who are successful, companies that do really well, and just people you want to be around and respect. It's they have some kind of a sense of mission. It's not just, I'm going to go do this because the money's great or because this is the next thing that's up. It's about "I want to help move people out of poverty" or I want to try to translate more opportunities to people who don't have them, or I don't want to let the bad guys win, you know, whatever it might be. I think it's really, really important to find that mission. And it lends so much context to the real grind of what you have to do, especially in this industry, and with a lot of the things that you've been doing for throughout your career. So yeah, that mission is important.

Jessica Hyde

And I think it's 100% that, right, because mission gives you drive, mission gives you passion. And I don't see how anyone working in DFIR or even in broader infosec cannot have that sense of knowing that what you do matters. There's a great quote from Ronald Reagan that says, "some people run wonder their whole life if they've made a difference. Marines don't have that problem." And I feel like that equally applies to digital forensics, incident response, and infosec overall. We are fighting the digital fight. And that's the fight of today. Look at the world right now.

Jason Nickola

Sure. So, post military, did you know exactly what you wanted to do when you left the military? And what was that process like to translate to a professional career?

Jessica Hyde

No, I hadn't. It's just like most people who wind up in this field, they had no idea where they wanted to be. I wish I could say, oh, you know, I fell in love with hearing stories about forensic cases and solving them. And I decided I was going to be a forensicator. And I went to school for forensics. And I wish I had that story. Because, wow, that shows just something that's innate that you know that you love. No, I got out, I had an engineering degree. I had a clearance. I applied for some jobs. I was in Northern Virginia, outside the DC metro area, mainly because my husband's work had brought them there after he left the military. We got together after he left the military. He continued in avionics. Got a networking degree, I got an engineering degree. And then we wound up at one point in our lives, both being directors of forensics at the same time.

He's now a pen tester, but very, very weird, because completely different paths after we left the same. But so his job had brought him to DC. And so obviously, I went there as well. So I was still on active duty, he was in DC, I was in Norfolk, we were traveling, and then we had two small children. He was doing the four-day week, driving down in Norfolk for three days. It's like a three-hour drive. And so that was our life. I was going to school and on active duty, the whole spiel with two small children. And so eventually, as soon as I got out, I went up to Northern Virginia. Had to immediately find work, I stumbled across this position that - I interviewed for a couple of positions somewhere working for companies that were doing manufacturing of chips somewhere, right? So I had this electronics engineering degree, I wanted to do something in electronics, it's where I've spent the last six years of my life in the Marine Corps. And I went on this interview for this contracting job for the government that did not disclose what the work was because you don't put "we reverse engineer IEDs" on the job post.

Jason Nickola

I haven't seen that on Craigslist lately.

Jessica Hyde

Yeah, it was just an electronics engineering position. It was in the same town where the town house we were renting happened to be. And it was like three miles from my house. So I applied to it. I went into the interview. And I remember feeling like I was taking an oral final for my digital fundamentals course in college. And it was hard. And then they had me write a description of a stapler. And they're like, give the physical and gratuitous whole description cause they want to test my writing, which by the way, is like the most important thing that a forensicator needs to know how to do. It's how to write a report. And I'm guessing, well actually I know, I worked there for three years, and they flat out told me the reason they did that was they would hire all these good engineers, and then find out they couldn't report on their findings. And if you can't report on your findings, your work is nothing, right? That's the outcome. That's our product is reports, right?

So I had to write about the functional and physical descriptions of a stapler, one paragraph on each. And I thought it was the worst interview I ever did in my life, because it was just so - there was no, we want to know who you are, if you're a good fit for the company or whatever. And I had no idea what they did because it was such an obscure posting. And so then, when they contacted me about the job, I'm like, yeah, what is this? And they're like, oh, well now we can tell you what we do, blah blah blah. I got some offers. And I was like, well, this definitely sounds the most interesting. And this is the thing where I can still give back to my brothers and sisters who are getting KIA and hurt in the field by trying to find out who did this so that we can stop the next IED from going off. Right? That's the entire mission there. And it was freakin fantabulous. And phones are used in IEDs. And that's literally how I got into mobile forensics. But I started the exact backwards way because everything I got was post-blast. Right. So I had to figure out the schematic of how this was used as an IED, and then figure out how to get data off of - and this is pre smartphones - off of a phone that's BTFU.

Jason Nickola

Was literally blown up, yeah.

Jessica Hyde

Right, blown the eff up. And yeah, how to get data off of those, which meant everything was at the hardware level, everything was extracting at the hardware level and figuring out the data storage, and I couldn't plug it into the cellebrite, I had a cellebrite. But then that wasn't useful. I mean, it could be once you had the data extraction, and you had a full physical and you ran some parsers against it. But for the most part that wasn't where the work was started, or what the intense work was, if that makes sense.

Jason Nickola

So I always like to imagine like a Rocky training montage for people working in technology. Is that where it happened for you? Was it strictly day job stuff, because you know, you were coming out of the military, you had gotten your degree, you have some kids at home, your husband's a busy guy, you get this job? And it's interesting to you, and you get to use a lot of the skills you had. But it wasn't very neatly exactly what you had been doing. So how do you fill in the skills?

Jessica Hyde

No, it wasn't at all. And that's exactly it, I realized that I had skill gaps, especially when it was like, how do we get the data off the phone, and I'm like, well, I got a little GI Bill money left, I'm going to after work, go and work on my MS in computer forensics. So I started simultaneously while working in a lab, working on my Master's in computer forensics to start filling in the gaps. And my lab originally didn't do the forensic analysis of the data off the devices, we were actually originally just strictly positioned at doing that. But that's what I thought was interesting. So I went and studied it. And then I brought that back to my lab. And my lab scaled up and started doing that work and actually took that work from another lab that was supposed to be doing it originally. And now that lab still does that work. And so you know, started looking at the hard drives, started looking at the phone, the actual data that was recovered after we did the hard data recovery, which was more where we were focused, was schematic development, data recovery, microcontroller reverse assembly, I did a lot of microcontroller code reversing, which is weird, because most people when they learn to reverse, I don't think that they're in assembly, it was all push/pop move for me when I learned to reverse so I actually am better and more comfortable in assembly for reversing than I am in higher languages but that's neither here nor there. But it's just because it's where I spent years of time working. And that's what makes a difference. So to be honest, I think it's what's neat is because I think if you have a varied past, you bring different elements and different thought processes to what you do. To be honest, I still use skills that I used to repair jets when I'm doing analysis of IoT devices.

I shoot wires, or the board to find my grounds to find my RX/TX and those are just such. basic things to me. I'm not afraid to pull out the soldering iron, right, I've done silver solder on a ladder in high winds during a snowstorm before in obscure situations and I'm upside down with a soldering iron with silver solder which has a higher melting point. So soldering on a board is not a big deal, right? I used to be an IPC trainer where I could 7711/7721, where I would teach soldering as part of my function in that lab. But no, you're right. It's the outside, right. So I went outside, I got the degree and I studied. And then I became obsessive that my free time can always be used to make me better, right? Like, how can I get better and learn more. So I was trying to fill in those gaps. So I learned those gaps. And then I brought those gaps to my job.

Jessica Hyde

And so that's really interesting. And then in the montage that you were describing, I identified another gap, which was I wasn't well rounded. I was very specific into mobile. I was very specific into forensics. I was very heavy engineering, but now I've gotten this exposure to the broader computer forensics through the master's program at George Mason, where I've later started teaching, but I decided to leave that role to broaden myself and took an incident response job at EY, a consultancy, where then I was able to instead focus more on IR, intrusion, HR violations, and much more heavily on the computer and network side, which is where I was weak. And I needed that. I needed that exposure. Does that make sense? So like, I needed to round myself that way. And that has immensely helped my career now. Because I worked with agencies like ATF, who was my liaison when I was in the reverse engineering lab, and with agents and did things that were both intel and law enforcement base cases. And then I went out into corporate incident response and HR investigations and user investigations on computer and network base. And then I went back into a mobile forensics lab and government.

And so I think that it - the identification that I needed to broaden and widen my skills and taking that step to do it was something that I think really helped me. I think we need to put ourselves outside of our comfort zones. You were kind of saying how do you shape a career and I think that that's really part of it, is recognizing when you have skill deficits that you're not going to achieve in your current place. If you can achieve them in your current place, do it. My current role I luckily have enough flexibility to grow and garner any way that I feel that I need to and I can express those things and grow and garner in different ways. But I didn't necessarily have that in a lab with such a specific mission. So I went someplace that had a broader and different mission, and that the education and training still was necessary, and then was able to grow different ways. So I highly advise getting out of your comfort zone. Regardless of how you do that.

Jason Nickola

You said something that was really interesting about how even today, you still reference back to and benefit from your avionics experience.

Jessica Hyde

Absolutely.

Jason Nickola

Do you think that you still benefit from your retail experience? We had Lodrina Cherne on, we recorded it recently. And she had a similar experience in, you know about communication and being customer facing and distilling your message and things like that.

Jessica Hyde

This, this is incredible. So one of the most important skills to being able to be outside of the lab to talk to customers to relate things. I mean, I've briefed generals of foreign countries, I've briefed dignitaries, I've but I also have spoken to customers at organizations and having good customer facing, that skill, was actually incredible. And I absolutely learned that. I also learned a lot about leadership, believe it or not, in retail before even going to the Marine Corps, because I was leading teams of people who had varying interests, a lot of part-timers, this wasn't their primary function. And how do you lead and motivate people who aren't doing this because they want to, who are not passionate about what they're doing? And finding ways to lead and motivate, like, I remember doing really silly things like having, you know, running my own contests, not just about sales, but about interactions, and putting jelly beans in jars and having people guess whose jar was whose, not knowing that I was doing things off of metrics. So they didn't know which jar was theirs that was getting filled. And it was a race to the top, but they didn't know which jar they had. And then they actually got to guess which jar they had. And people learned more about themselves. And I learned a lot about time management, about scheduling, about lots of these interesting little nuanced things that you don't necessarily go, oh, that's technically related.

But most of my soft skills actually came from that experience of being in retail and being a retail manager. And this is why I advocate to teams that it is incredibly, incredibly important to have career switchers on your team. Your whole team doesn't need to be people who have done lateral moves. But having that perspective is going to help you understand - and you brought up something else here, maybe Lodrina did, and I haven't obviously seen that because it hasn't aired yet. But everybody else probably will have, is that when you learn how to relate to people of diverse backgrounds who you've never met before. So it helps with that pitch and being able to understand because again, you're talking to people on their worst day when you're doing forensics or you're talking to people who are investigating the worst day and in doing that you need good communication skills and you also need to make things relatable to people. You need to very quickly find ways to connect with people so that they have trust in what you're saying, and they want to listen. And they're going to take your advice for what it's worth and feel that you're advising them truly as you feel and that you're showing that honesty. And that's connection you have to make with people.

Jason

For sure. Yeah, and it's also not their fault that they're not a forensic expert.

Jessica Hyde

Absolutely. So I was actually having this discussion yesterday with somebody. And I said, one of the most amazing - actually, I was talking to Matthew Mitchell, who's going to be giving the keynote at the SANS DFIR summit, he will have done this by the time anyone sees the recording. And he is in a hacking for good world. And he's amazing. One of my favorite, I have so many favorite people, but he's definitely in my favorite people list. And he's incredible, runs CryptoHarlem, does all these amazing things for good. And we were having a discussion a little bit about what forensicators are like. And I said, you know what skill every good forensicator has, every good forensicator can give great analogies, because they have to be able to take very technical research and very technical findings, to - and I don't care if you're an academia, or if you're giving a presentation, or if you're in law enforcement, or you're in incident response and advising CISOs and CEOs, we need to be able to take very technical concepts and make them relatable and understandable. And so we're we all have this amazing skill that's not tapped into, that is a hard skill for people to develop, but get it from going through the trenches and having to learn how to brief people.

Jason Nickola

For sure. So forensics, in general, and especially a lot of the hardware stuff that you've talked about and that you've done in your career is very intimidating for most people. It's intimidating for me. What made you think that you could do this stuff?

Jessica Hyde

So, to be honest, I'm the kind of person who goes, you don't know what you can do until you do it. Just do it. Right. You don't know if you can learn a foreign language, you don't know if you can play a musical instrument, you don't know if you can dance. I joined the Marine Corps not knowing how to swim. And that is a pretty bold freaking thing to do. Like I said, I grew up with no means, I never had access to a pool. I didn't know how to swim, we played in a fire hydrant when it was on. So when I went into the Marine Corps, I knew darn well that I was going to have to pass swim call. But I had faith and confidence in the fact that they knew how to train me. And that by the end of the day that I would figure it out, as long as I could do what I was told. I can follow instructions, I can pay attention, I can study hard, and I can work hard. So I might not get it day one out the gate.

But I'm going to tell you, I am going to learn it. By the end of the day, I was jumping off the 20-foot platform in full gear and doing that swim across the pool. And I did not know how to swim, I walked in the pool, they go swim across and I went to the bottom. They pulled me out, they told me what to do. And I step by step learned. And that's how you approach anything. And if I could join the Marine Corps, not knowing how to swim and passed swim call on the first day, some people pass it by the end of the week, but everyone passed. You can do it. It is going to take you a different journey. It's going to take you a different amount of time, but you can do it. So with anything I say, I don't know how good I'm going to be at this. But if I put enough in, I'll be able to pass. And that's the way it is, right? Like a SANS course is like drinking from a fire hydrant even when you know the content.

Jason Nickola

Right? Yeah, it is.

Jessica Hyde

And drink from that fire hydrant, and then study and work at it. And you'll get there. And that's what it's about. And then I guess even the more important part is - I don't think the harder part for people is trying something. I think the harder part for people is saying I know enough to share with others what I learned. And that's actually the more important part people need to do.

Jason Nickola

Totally agree. Yeah, that's unfortunate, because one of the most critical parts of the learning process is being able to, like you said earlier, distill down what you know in a way that lands with other people. And that is really difficult to do if you don't know what you're talking about.

Jessica Hyde

Here's the deal. You do know what you're talking about. At every stage that you are there is somebody who's not yet to that stage. So even if you started your journey yesterday, you have background and experience in what you're seeing and the way that you're interpreting and understanding the information you're learning. And by sharing your interpretations, you help others on that same journey. There's always somebody - when you first start out there's always somebody a day behind you. And then when you when you move out past that starting, you are in possibly parallel lines to other people, where they have not necessarily had the same exact experience, background, etc. And so your interpretations and the way that you make that content relevant, and the way that you then learn things or find things or discover things is going to be different than the other person. So you do have something to share. And it's hard to express it to people and people are so afraid of what other people might think.

And I'm going to tell you something about the DFIR community. We want you to share, because none of us can do any of this on our own. There are people who are the fathers of the field, the Brian Carriers, the Warren Cruzes, the Eugene Spaffords, the Owen Caseys, who were putting out content and doing things that everybody else has built on. But since that time, we're all building on each other and together, so build on somebody else's work, or share what you're doing so other people can build on yours. As long as you have things peer reviewed, it's fine. Peer review and talk to somebody else at your level. I mean, I've never worked in a lab where we didn't peer review our reports by other people, I would hope to never work in a lab where we don't peer review each other's work.

Peer review is critical not only to the academic process, but to things that are going to court, which by definition, forensic content has the possibility of going to court. Peer review, peer review, peer review. Do that also with what you're sharing, peer review is excellent. And that gives you the confidence and put it out there. You have something to share and put it out there. And it's hard because you do need that fundamentals before you can share. And so you do need to get those fundamentals. And then you need to really have that integrity of having done the work, right. So you've got training, and then you've got work, and then you're ready to share, but you need to do it. As soon as it's ready, just get over it.

But to do it, there are people who have limitations, because of where they work, especially when we're talking about digital forensics, law enforcement, government, etc. I'm not saying you have to share publicly sharing. I'm not saying you have to share with reference to where you work and who your employer is, you may be able to share anonymously, you may be able to share without attribution to your employer, but still stating your name, or you may be able to share just within your community. I worked jobs where I could not be public whatsoever. And I shared within my organization and then made sure that content got shared with other government organizations. And that is critical. So don't be afraid to do it. And that's a really hard thing to say, because I know it's the hardest thing to get over. But we all have demons and we all - imposter syndrome is real. And you know, what we need to do is we all need to name our demon and tell it to be quiet.

Jason Nickola

I like it. So that's such a great perspective. And you're right, the DFIR community and lots of other communities in infosec are just really great and really welcoming. Did you naturally gravitate towards sharing and being a part of these communities? And you've been published a bunch of times, and you've done a lot of speaking and you're on summit committees for SANS? And you've done so many things? Was that natural for you, or is it kind of an area of growth?

Jessica Hyde

No, it's an area of growth. And I'm going to tell you something, as somebody who gives talks all the time, right, I spoke at NCCC yesterday, speaking at the DFIR summit tomorrow, I'm on the advisory and on the organizing committee for DFRWS next week. I get butterflies every single time, my hands get sweaty, the whole nine. There are things I haven't done yet that I struggle with. And then I intentionally try to put myself out there, but when you finish it, the feeling when you've done that work. So here's the deal, you do all this work and all this research and figure out this new stuff, right? What is it if you don't share it? What good does it do anyone else or the community if you don't share it? If you share it, you help another case get solved quicker. And it wasn't natural.

But I used to work a case at a time. And that's the way most forensics examiners work and you have impact on that case. And that can be the most important case in the world or it can be a very, very small case within your organization that nobody knows about. No matter what, you had the impact on your case. What if you can take that impact you had on your case, from the knowledge and insights and work you did on that case? And make it apply to hundreds of thousands of cases all over the world? You can multiply your impact. That's why you share. You help other people get to that answer quicker so that they can solve the next problem and then they can share what they found in that problem that helps you get to your answer quicker. And if we don't do that, we'll never ever, ever be able to keep up. Hundreds of thousands of applications are out there and the tools support hundreds. The number of differences between versions of Windows and versions of Mac and versions of applications and versions, we can never ever know it all, there will never be a reference book, or material or internet source that has it all. So the only way we can create that body of work is if we do it together and share. It's obviously something I'm a little bit passionate about.

Jason Nickola.

A little bit, yeah. That's good advice, though. So it's difficult and it gets easier. I think that the first few times you do it, you imagine that there are all these evil people in the crowd. And you get over it, they're not there, you find out that most people want you to succeed and want to support you. And every once in a while, you get someone who's a little bit of a jerk, but they're much fewer and farther between than it seems like ahead of time.

Jessica Hyde

So, you know, I've put out a lot of content. And I've done everything from written content and peer reviewed journals to blog posts to speaking. And you're always worried about that naysayer, you know, they do exist. But it is such a small quantity. It is such a small percentage of the humans that you are going to reach. And what they say doesn't matter. Now, one of the other things that you can do is get a good network of people behind you. Talk and meet other people in your field. Talk to those people whose work you admire, talk to your peers, get them to see what you're doing, get their buy in, it will help your confidence. And guess what, if you have a strong enough network, they're going to help promote your work. And that's going to elevate it. And even more importantly, if you share your work, like Jason, you know what to talk to me about today. Because you've seen things that I've put out there.

If you share your work, when you go in for that interview on the next job, they're not going to ask you about things you don't know. They're going to ask you about your own work. You're going to have that resume built, people are going to know who you are, people are going to be able to check you out beforehand. And I will tell you, people who share get hired more, they get the jobs they want, especially if you're in a SOC today. And your goal is to get into DFIR, which that sometimes happens. There are sometimes people who are working in security operations centers and that was their foot in the door in infosec. But they want to be in digital forensics. Do research and put it out there. That is the best way, in my opinion. Share with the community. It helps the community, but it also helps you.

Jason Nickola

That's great advice. You're amazing. And I think throughout the course of this conversation, you've become my idol. So thank you. Thank you so much for joining us. I really appreciate it.

Jessica Hyde

Thank you so much, Jason, for having me. This has been awesome. Thank you for helping me realize some insights that I never thought of, and you're so awesome. This has been an honor.

Jason Nickola

That was Jessica Hyde. Many thanks to her for joining us, sharing her background and all of the great advice that she offered here on the show. Thanks all of you as well for joining us for another episode of "Trust Me, I'm Certified." We'll be back in two weeks with Jose Barrientos, a super talented pen tester who almost didn't get a start in the industry until he took his fate in his own hands and refused to take no for an answer. So be sure to check that out. Also, don't forget to subscribe to the show at giac.org/podcasts and wherever else you listen to get updates about new episodes as they're released. Thanks again. We'll see you in two weeks.

Receive GIAC Podcasts Alerts