Tetra Defense values a well-rounded approach when it comes to cybersecurity. Preparing for cyberattacks, strengthening defenses, and responding to incidents are all important separately, but they are far more effective when combined. To that effect, we learn from Cody Dorn, Digital Forensics and Incident Response (DFIR) Director, as he describes how sheer technical interest brought him to meaningful work in the field.
“Before, during, and even after any formal experience, a genuine interest and self-discipline will go a long way in this field.”
What first piqued your interest in DFIR?
As far back as I can remember, I had been interested in tech. In high school, I was interested in reading security white papers. I thought security was an intriguing subject since there was so much to explore when “stretching the limitations” of computers. When considering security, I liked learning about networks in how they function, how they manage data, how it flows, how it’s stored, etc. I’ve really just had a genuine interest in the subject that’s been able to carry me throughout my career so far.
How did your career begin?
Beyond just my sheer interest, I first became an apprentice with the Network Administrator of my school district while I was still in high school. I worked with them for 2-3 years to go beyond just my interest — I learned how to maintain their network, I had a better understanding of the security we had in place at the time, and even the beginnings of actually responding in times of disaster. I had even seen how to create plans should these disasters take place, which piqued my interest even further. Out of high school, I was first hired at Gillware Data Recovery, Tetra’s sister company, as a Customer Service Intern when I started. Since I had already had experience, I was eventually able to move my way into more of a data recovery role there. This dealt more with advanced logical work and special file systems — the stuff that deviated from the typical work that we did. Over time, I was able to sort of create my own role there where I could help build efficient systems about their Data Recovery side of the business.
How I finally came the role that I’m in now with Tetra in thanks in part to Nathan Little. As we were focusing our efforts more on helping organizations during times of crisis and incident response, Nathan offered me the opportunity to get more hands-on experience in the faster-paced world of cybersecurity. Due to the nature of this more emergency-based work, I quickly took to it full-time. When it really comes down to it, it’s my sheer interest still in finding the limitations of computers that keeps me so engaged in reading, understanding new concepts that change daily, and applying them where I can in the work that I do on a day-to-day basis.
How does your team interact in relation to others?
There’s a lot of value in having proactive, DFIR, and even software development under one roof here at Tetra. Despite having many remote teammates (more so than ever before), being together on a platform where we’re able to communicate has offered everyone on our team insights into what’s actively happening from the bad guys. For our software development team specifically, we rely on them since the industry standard just keeps changing to meet the needs, and formidably match the threats we face. Something we’re always working on with them is how to improve our internal structures and how to efficiently welcome new team members.
There is such a benefit for anyone to be able to jump in and ask informed questions, whether they come from within DFIR, they come from proactive, or even from David Kruse, our Director of Business Development. With this oversight all around, it can start a dialogue, and really just make everyone more aware and better equipped to deal with what changes daily in the cybersecurity world.
Any advice for aspiring cybersecurity professionals?
I personally enjoy the faster-paced environment of incident response since I’ve found it’s offered new opportunities and new skills for me to learn pretty much every day. I like the concept of having something new to work on all the time, and that’s what incident response offers. We’ve seen the envelope only get pushed further and further from attacks that could be wide-spread, generic attempts, to super-targeted, multi-million-dollar incidents. My advice to anyone who wants to pursue this work in the future is to just nurture your interest in the field with whatever new reading materials you can get your hands on, whatever new skills you can learn from technical folks in your life, and the self-discipline to keep up with the latest changes. After a while, concepts start to stick, and then you can even better contribute to your future team’s knowledge-base.
A non-work related question: How do you like to spend your free time?
My current role usually requires non-traditional hours to meet the needs of our clients, so I try to spend as much time away from a screen when I’m off. My main priorities these days have been to meditate a few hours a day, tend to my plants, and spend as much time with friends as possible.