Stronger Together:

Meet Jonathan Cunningham, DFIR Director

Tetra Defense values a well-rounded approach when it comes to cybersecurity. Preparing for cyberattacks, strengthening defenses, and responding to incidents are all important separately, but they are far more effective when combined. To that effect, we learn from Jonathan Cunningham, Digital Forensics and Incident Response (DFIR) Director, as he combines his teaching and FBI experience with Tetra Defense.  

“Don’t stop learning; continue to evolve.”

How did your career begin?

Most of my career pre-cybersecurity was in education. I started out in 1998 as a high school teacher for American history, government, economics, and I even coached the school’s volleyball team. I was fully immersed in the typical high school education realm. At that time, there were programs by Oracle and Cisco that would send teachers out to learn programming skills in hopes that you would come back and teach it in the schools. This training started around 2000-2001, and that’s when I started learning the technical skills that I could teach to students myself. 

What first piqued your interest in cybersecurity?

By 2009, I had been teaching for a while in school computer labs when I stumbled upon the opportunity to work for the FBI. They had been in a hiring blitz at the time, so I applied and honestly thought nothing of it. They do their hiring in stages, and I ended up passing the tests and long story short, became a Federal Agent. Initially they wanted me to be in counterintelligence, but then they found out I had a cyber background and ended up kick-starting my career in their cyber investigations. Even though years had passed since my initial training, they recognized my willingness to learn and provided me more learning opportunities.

At the time, they had a program that prepared agents to do their own cyber forensics — the intention was to not only use this information myself, but to pass it along to my squad. Just about once every two or three months I was heading off somewhere to complete training after training, while still working cases. It was busy, but I learned a ton. I look back on this time as comparable to a college education, almost like a second degree. It gave me the experience on the forensics side of things, which I later used in future investigations beyond the FBI, such as now with Tetra. 

What brought you to Tetra Defense?

Tetra certainly has a different model than what I’ve experienced before. Coming from both education and the FBI, I was working in really structured environments and really specialized teams that had their own “niche.” I was comfortable in those environments too, but once I learned about the great work and the growth Tetra was experiencing, I was intrigued and I knew I had to be a part of it. After several conversations with Nathan Little, our VP of DFIR, I became very interested in contributing to something that was going to grow. Then I met Scott Holewinski, our CEO, and I trusted the leadership and the direction of the company even more.

I was intrigued by the opportunity to widen my horizons outside of the niche I specialized in previously. Here, I can try my hand at many different things from the forensics side to even interacting with our clients directly. I’m happy I made the switch.  

How does your team interact in relation to others? 

At Tetra, we have many sides to the house – whether its actively responding to incidents, gathering evidence on the forensics side, or risk management for prevention, there is a lot of overlap. Especially when it comes to incident response, it’s important to do every side of the job instead of drawing the line at where the actual incident stops. The one thing that stood out to me about Tetra from the beginning is that our IR team conducts the investigation, finds out what went wrong, shows the client where the intrusion was, and then we’ll go beyond that to help rebuild the organization. That aspect of walking hand-in-hand with the client every step of the way is what I’ve always liked about Tetra.  We offer an even more complete picture with our other services as well. Our teams all blend together; the proactive and reactive teams need to collaborate because each case requires something different.

Any advice for aspiring cybersecurity professionals?

As you enter this workforce, you’ll notice that a lot of us who are a little older or have more experience didn’t have much formal, academic training, simply because there weren’t many programs when we started out. Even going back just five or ten years ago, there weren’t as many specialized programs across the board. Now, we’re finally starting to see programs that have more of a focus like digital forensics. Our local college here in Daytona now offers a year-long program with a certificate in cybersecurity. What I predict for the new crop of folks coming in is the need to find a specialty. A lot of the successful recruits we see often have a specialty outside of incident response, and we see that as a benefit when it comes to the wide range of work we do — we may need that specialty and it’s always helpful to bring something else to the table to separate yourself from the pack. Embrace your specialty, embrace whatever you’re doing on the tech side, but be sure to broaden your horizons since the landscape constantly changes. The field continues to grow, so don’t be afraid to put yourself out there and don’t stop learning; everything could be valuable one day. 

A non-work related question: How do you like to spend your free time?  

Everything I do outside of work involves no screen! I played volleyball since college, including professional beach volleyball, and I live right by the beach, so I still do that when I can. I run, I bike ride, surfing is a large part of my free time, and I pretty much do anything that involves water and sunshine when I’m not working. I’m an outside person and I enjoy being outdoors when I’m not working on cases or virtually connecting with our team.

Check out some related content on our blog: