Life Lessons Learned

Life Lessons Learned

response to Windows Incident Response: Lessons From Time In The Industry (05 May 2019)

I am probably going to echo many of things Harlan Carvey, author of Windows Forensic Analysis Toolkit and Window Registry Forensics. There is two statements which apply to any person working in any field: "Pick an area of interest." and "specialize in something."

First, I agree with picking an area of interest that you enjoy. This can be a large informational area, such Information Technology or Law. I think these interest areas can be broad allowing for learning a wide range of topics. Understanding topics near or around your choose specialization leads a person to be better verse when a problem moves across topics.

Secondly, choose a specialization. I started telling this to people a few years ago after I realized I had been 'stuck' in what I consider 'Tier 1' jobs. I remain stuck due to the generalization of knowledge that I have from System Administration to Network Administration to some programming to even cloud solutions. However, I have noticed that it does not matter how much you know or how spread-out your knowledge is, but how you apply a limited subset of informational chucks. Specialization does not mean you never learn other skills but will provide the bulk of knowledge for employers to higher you on.

It really does not matter how many certifications you have if you do not have the experience nor if your certifications do not improve over the years. As with 'Tier 1' jobs, I also consider certifications in tiers. So what do I mean by tiers? I use the terms similarly to how IT jobs are labeled: tier 1 (beginner), tier 2 (intermediate), tier 3 (expert/advanced). Here are some examples:

  • Tier 1: CompTIA A+/Net+/Sec+, Cisco Certified Network Associate, LPIC-1: System Administrator, SANS GSEC, Cyber First Reponder
  • Tier 2: Cisco Certified Network Professional, ISC(2) CCSP/SSCP/CSSIP, LPIC-2: Linux Engineer, SANS GNFA/GCFA
  • Tier 3: Cisco Certified Internetwork Expert, LPIC-3 series

These is not an extensive list. As you progress through your career, you need to move up into different tiers for your choose specialization, then get other certifications you might want to attempt. Just do not try to specialize at everything and too many random certifications will get you passed over by employers.