Stronger Together:

Meet Nathan Little, Vice President of Digital Forensics and Incident Response

Tetra Defense values a well-rounded approach when it comes to cybersecurity. Preparing for cyberattacks, strengthening defenses, and responding to incidents are all important separately, but they are far more effective when combined. To that effect, we learn from Nathan Little, Vice President of Digital Forensics and Incident Response, as he describes how an interest in math and science led him to a career in cybersecurity.

“Seek out as much hands-on experience as possible.”

What first piqued your interest in this field?

I’ve always been a math and science person — I’d even go as far as to say “nerd.” I participated in my 3rd grade Lego robotics team where we had to drag and drop little blocks of code to make the robot do things, and I’ve been interested in computer science since. It wasn’t until high school where I was able to more formally learn programming in computer science classes, and I was able to establish a background in it. As I went onto college at University of Wisconsin – Madison, I originally pursued Mechanical Engineering (in an attempt to not be an ultra-nerd). I was interested in this field as well, but after a few years I realized I wanted something more fast-paced: As opposed to year or two-long design phases, I preferred hour or two-long design phases allowed by the computer science world. I switched to computer engineering, and it was a great decision for me.

How did your career begin?

In college, I bought my first book on Digital Forensics using open source tools. My degree is in Computer Engineering, but I had always had an interest in Digital Forensics. Once I graduated, I took a job at Gillware Data Recovery, Tetra’s sister company, as a steppingstone into the forensics world. In that role, I mostly developed data recovery software while doing some casework and working with clients when they were in need of data and disaster recovery services. The file system-type experience you get when you’re building an advanced data recovery program is pretty much the core concept of forensics, for the most part. Forensics was something I had always found myself incorporating into most of my cases, so moving towards a realm that focused more on the Digital Forensics and Incident Response side quickly became a perfect fit for Tetra.

What makes Tetra Defense unique?

As our Digital Forensics and Incident Response programs started to take shape just over four years ago, we knew Tetra would need a law enforcement expert. Our President, Cindy Murphy fulfills that role perfectly and provides forensic expertise for every case we take on. With her experience in law enforcement, and our interest in digital forensics, our teams began managing incident response work and we haven’t stopped since. After about a year or so, we wanted both a reactive team, and a proactive cyber risk management team to truly complete the picture. Tetra is unique in that we can provide protection before, during, and beyond a potential attack, all thanks to the vast experience and dedication across our team(s).

How does your team interact in relation to others?

Our incident response team works closely with every other team within the organization. We leverage our software development team to build custom tools and software to make our incident response process more efficient. It’s a really natural fit for us — they make our job possible by creating exactly what we need, and we can inform them of the latest threats we see in the field, making both of our efforts stronger. We see the same relationship with our cyber risk management team. As we respond to incidents in real-time, we see the security controls and decisions that can actually determine how detrimental a case can get. We constantly feed them threat intelligence from the cases we respond to, and they share the best security controls to suggest or implement in our next case. There are so many benefits to having us all under one roof: We know exactly what the current risk landscape looks like because chances are, one of us is working within it at any given moment.

What is an average day like for you?

“Minute-by-minute” is a good description for how my day goes usually. Things change very quickly in the incident response industry, starting with whenever incidents occur. We never know when our team is going to receive a call, but we’re always ready to answer it. Most of what I do is design response plans for the incoming cases and make sure that our team executes them. I’m also known to occasionally get into the weeds as far as the specifics of each case, and that contributes to our training here at Tetra. It’s very common for our most senior people to jump into supporting roles for our junior teammates so they can lead the way on forensics and investigations. We believe the more information and hands-on experience, the better, so we always encourage our team to take both leading and supporting roles, no matter their years of experience.

Any advice for aspiring cybersecurity professionals?

There’s nothing better than real-world experience, but we all understand that internships and valuable in-person opportunities can be in short supply. My best advice to students or others wanting to work in cybersecurity is to seek out hands-on experience as much as possible on your own. Formal Digital Forensics degrees have become only more advanced and more popular over the years, but students and non-students alike can practice “investigation” processes at home. I can suggest an exercise:

Take a personal or a “test” computer, record three days of actions on it (log into it, log out of it, log into it remotely, access files, copy files, upload non-sensitive data, etc.). Be sure to keep track of what actions you made and when they were taken for your own records. After three days, go back in and see if you can find evidence of every action that was taken. This way, you already know the answers to the test, and you’ll be amazed by how much evidence probably isn’t there. You’ll see first-hand how deep you may have to dig to find evidence of each action, and to reach proper conclusions. You’ll also easily see gaps — if you only look at one piece of evidence, you may miss entire windows of time. This is something that anybody can do with just their own computer, open-source tools, and maybe a little bit of equipment, but not much. If you’re anything like us, you’ll immediately be hooked and eager to learn more.

Check out some related content on our blog: