This former cop now patrols the digital crime beat

Juan Romero is a 2020 Infosec Accelerate Diversity scholarship winner. This cybersecurity pro started out as a patrol officer in Virginia local law enforcement. Always interested in computers, he advanced to detective and worked in gang intelligence, organized crime and narcotics. He now uses lessons learned from police work in digital investigations to decipher the ever-changing motives behind digital attacks.

From patrolling to digital forensics

Careers in law enforcement are physically demanding and inherently dangerous, unsustainable traits for the long haul, according to Juan. Citing a desire for more time with his young family and a safer work environment, he resolved to reinvent himself and in 2012 left law enforcement and moved to Colorado to pursue a cybersecurity career. There he earned a cybersecurity master’s degree and an MBA. During this time, the 2013 Target and 2014 Home Depot breaches occurred, reinforcing his decision was the right move.

“I remember thinking how cool it would be to actually investigate those breaches,” said Juan. “At that time they were the biggest, most noteworthy attacks. That fed my early motivation and I knew cybersecurity was going to be my long term career interest.”

Rich work experiences build a deep consulting background

After earning his degrees, Juan joined a bank security team doing incident response, remediating malware infections and attacks against financial websites. His career path also included valuable experiences with Microsoft as part of a cloud team doing incident response for Office365.

“We were the global security team based out of Redmond, responding to data breaches and attacks for all of Microsoft’s enterprise clients,” Juan says. “It was a great experience. We saw a good bit of red and blue activity with a very active pentesting team.”

He also held incident response team positions with AT&T, DirectTV and was part of Cisco’s traveling team helping enterprise clients with remediation and data breaches.

Currently, Juan is a senior digital forensics and incident response analyst at Splunk where he focuses on performing incident response duties for the company.

Parallels to policing

Juan looks back to his detective days as helping create a foundation for what is now his life’s work as a digital forensics and incident response analyst. In law enforcement investigations he was called upon to analyze criminal behavior and put together the puzzle pieces of connecting people through their interactions with gang and narcotics crime.

“That translates to what I do, only it’s all digital now,” Juan says. “It’s linking computers. It’s linking IOCs from malware indicators. By investigating TTPs on a system, you can map what a threat actor did on a particular computer. Or we can look at the artifacts from a breach. The investigating principles have parallels to police work, except with cybercrime it’s all digital. But it’s the same type of work, consulting root cause analysis, trying to find what the criminals did and how they got in.”

The investigating principles have parallels to police work, except with cybercrime it’s all digital. But it’s the same type of work, consulting root cause analysis, trying to find what the criminals did and how they got in.

Constantly learning to succeed

Despite his number of years and experience at the forefront of cybersecurity incident response, Juan knows that to stay sharp he has to relentlessly learn and adjust to the changing cyber climate. He plans to explore certifications and other courses from the Infosec Skills platform to stay ahead of cybercriminals and advance his career. He offers this advice to those looking to break into the cybersecurity industry:

“Integrity and humility are the two biggest characteristics to develop,” Juan says. “Humility being, knowing that in this industry there’s so much to learn in every aspect of cybersecurity. No one person can know everything. I may not be the smartest person in the room all the time, but I am always learning and improving to do better.”

“Integrity ties to honesty and doing the right thing, but it also relates to the work you do when reporting findings and securing systems. If a client is doing something that’s not okay, you need to have the integrity to tell them if it’s not the best practice and encourage them to try something else instead.”

“Be willing to give back and help others,” Juan says. “I make time to share training or offer suggestions to my team for analysis tools or investigating artifacts. When the whole team succeeds it’s also a win for the company. More importantly, it’s a win for our clients.”