Get started in computer forensics: Entry-level tips, skills and career paths
This week we're excited to have back one of the major figures in digital forensics, Paraben CEO Amber Schroader. Amber dives deep into the specific forensics skills you need to be successful, traits that make a good forensics investigator (her best team member is someone with a psychology background!) and the art of understanding language and semantics — all while walking us through key moments of a case. If you're looking towards career advice in computer forensics, get ready to learn from one of the best!
Amber Schroader is the CEO & Founder of Paraben Corporation. She has spent the last two decades as a driving force for innovation in digital forensics. Amber has developed over two-dozen software programs designed for the purposes of recovering digital data from mobile phones, computer hard drives, email and live monitoring services. In addition to designing technology for digital forensics, she also spearheaded the procedures for mobile and smartphone devices as well as the emerging field of IoT devices. Amber is the patent holder on the EMI shielding container, otherwise known as a Faraday bag, as well as inventor to many other shielding products. Amber has written and taught numerous classes for this specialized field as well as founded multiple certifications in the field. Ms. Schroader continues support through book contributions and other industry speaking engagements.
[00:00:00] Chris Sienko: Cyber Work is celebrating its next major milestone. As of July 2020, Cyber Work has had over a quarter a million listeners. We’re so grateful to all of you that have watched the videos on our YouTube page, commented on live release feeds, left ratings and reviews on your favorite podcast platform, redeemed bonus offers, or just listened in the comfort of your own home. Thank you to all of you.
Because our listenership is growing so quickly and because Cyber Work has big plans for the second half of 2020 and beyond, we want to make sure that we’re giving you what you want to hear. That’s right. We want to hear specifically from you. So please go www2.infosecinstitute.com/survey. That’s www2.infosecinstitute.com/survey. The survey is just a few questions and it won’t take you that long, but it would really help us to know where you are in your cybersecurity career and what topics and types of information you enjoy hearing on this podcast. Again, that’s www2.infosecinstitute.com/survey. Please respond today and you could be entered to win a $100 Amazon gift card. That’s www2.infosecinstitute.com/survey.
Thanks once again for listening, and now on with the show.
[00:01:19] CS: Welcome to this week’s episode of the Cyber Work with Infosec podcast. Each week, I sit down with a different industry thought leader and we discuss the latest cybersecurity trends, how those trends are affecting the work of Infosec professionals while offering tips for those trying to break in or move up the ladder in the cybersecurity industry.
One of our first and far and away most popular guests on this show is with us again on the show today. Amber Schroader is the CEO of Paraben, a 20-year-old computer and digital forensics company of which she is owners and president. Amber is a major figure in the world of computer forensics and incidence response and is an expert in the field, a creator of topflight computer forensics tools and someone who is pushing the concept of computer forensics forward.
We’re going to be talking today about breaking into the computer forensics field, some of the more interesting aspects of the job and some of the tools and skills you’ll need to get started. Amber Schroader is the CEO and founder of Paraben Corporation. She has spent the last two decades as the driving force for innovation in digital forensics. Amber has developed over two dozen software programs designed for the purposes of recovering digital data from mobile phones, computer hard drives, email and live monitoring services.
In addition to designing technology for digital forensics, she has also spearheaded procedures for mobile and smartphone devices as well as the emerging field of IoT devices. Amber is the patent holder on the EMI Shielding Container, otherwise known as a Faraday bag, as well as the inventor of many other shielding projects. Amber has written and taught numerous classes for this specialized field as well as founded multiple certifications in the field. Ms. Schroeder continuous to support through book contributions and other industry-speaking engagements.
Amber, welcome back to Cyberwork.
[00:02:57] AS: Thank you so much for having me. Excited to be here.
[00:03:00] CS: Good. So while I encourage all of our listeners to go back and listen to Amber’s first episode on the podcast, I know that not everyone wants to go back and root around two years of our back catalogue. So some of these questions might get repeated a bit. But to start with, we always like to find out a little bit about your cybersecurity journey. So what first got you interested in cybersecurity and what was the big obsession initially with computer forensics?
[00:03:24] AS: I think the thing that made it so I really felt that it was a good space for me is I’m learning disabled. So I’m dyslectic. So I naturally did everything backwards. And digital forensics really clicked in my brain, because it’s really that opposite side of cybersecurity and it’s got puzzle-solving, where it was okay to think differently. It was actually a bonus as supposed to if I would have wanted to become like an author. It would had taken me forever to just do one book. I’m doing much better as contributing to books, because it’s hard to get all of it out at one time. And it really helped in the problem solving. So I thought that was a good match up for me.
[00:04:04] CS: Can you sort of speak to the way that you think of computer forensics as being sort of like the opposite side of the coin at cybersecurity?
[00:04:12] AS: Well, in order to understand your security, you have to understand the artifacts that your security can leave behind. Because they represent new vulnerabilities that you might not have accounted for. So I always think that doing a forensic audit is a good way to really make sure that whatever security system you design is actually solid, that you’re not missing something in that process.
[00:04:32] CS: I see. Yeah. So you’re basically saying rather than thinking in terms of building a defense system, you’re thinking of the places where in the existing defense system someone can break through?
[00:04:43] AS: Yes. So we do on the kind of more of the security side, we do some app pen testing as an example. And it’s our understanding of how the mobile operating systems work and function. And then how they get laid down into the file system? How their database structure is and then what vulnerabilities exist, which is where that security side comes in. But I would never get there if I didn’t start with the forensic artifacts.
[00:05:07] CS: Okay. We have a lot of listeners. We’ve been getting a lot of sort of surveys in. We asked a survey of our listeners where they started. And we know that a lot of them are just considering cybersecurity for the first time. And thank you for all of you who are filling out the survey and letting us know about that, and hello.
For listeners who are just learning about this profession for the first time, can you give us kind of a basic description of what a computer forensics professional does? What are the regular tasks and projects that you do and what makes the job interesting?
[00:05:39] AS: A computer forensic professional is going to go through and they’re going to do imaging, which is a scientific method of copying data. And then after that is done, they’re going to go through and actually go through all the individual pieces. So if you want an analogy for it, it’s like taking the box, the puzzle and then finding all those pieces. Putting it back in the box, taking the box back and saying, “How am I actually going to put together this puzzle with the way that they did it?” And you might be missing pieces that you have to go and find. All of that is part of the digital forensic and profession and experience. It’s definitely for people who like to really think through the minutia of the data. And so if you only like to look at big pictures and you don’t like focusing in on, “Hi. I’m going to be doing the same thing for the next couple weeks.” Then it’s probably not the best choice. But if you really love the Minutia side, then it’s a good choice for you.
My best investigator I have on my team, she has a psychology degree, and she loves the details. And she is just fantastic at it, because she understands how people think. She understands how they work with their data. So she was not obviously originally in this field, but she’s become one of my best investigators, because I was able to teach her all the nerd stuff. That’s not hard]. I can’t compensate for that way you think through your data.
[00:07:08] CS: Can you sort of walk us through, just to use your example, you might be doing one thing for several weeks here. Can you give an example of a multi-week campaign like that where you’re just sifting through one set of details for weeks? What does that look like? What kind of things might you be looking for?
[00:07:25] AS: In our professional services, we do a lot of smartphones. We also do computers, but I’ll use a smartphone example just because everyone can relate to that. It’s very rare you get someone that doesn’t have a smartphone anymore. And we were doing one with an alleged rape accused. He was accused of rape. And we took on the case, and we processed through his phone, and that took about a day, but it was processing the data that took the next 45 days.
And the reason is, if you think about, for this person, his entire life revolved around his phone. He didn’t have any other electronics. His last internet history search was who is Paraben Corporation? Which really cracked me up, because that’s never happened before. I was like, “Whoa! Look at that.”
[00:08:07] CS: How long ago was that?
[00:08:09] AS: And it’s because we were doing this investigation. The authorities had handed over his phone and given it back to him, and his mother had actually contacted us. It was quite the sob story. And it was difficult to not say yes to her because of it. And then we went through, once we processed it, he had over 350,000 text messages. And this is the technical term, that is a boatload, or a buttload of text messages.
[00:08:38] CS: That’s definitely scientific.
[00:08:38] AS: And that’s not even the highest we’ve had. We’ve had over 500,000 text messages coming off of someone’s phone. I don’t know that people to talk to him.
[00:08:48] CS: You’d literally have to be doing a text a minute, I think, or more.
[00:08:51] AS: It is. Of course, he was younger than am I. Not that we will say how young I am or old I am. So his vernacular was different, but it was a lot of “k,” “what,” “you know.”
[00:09:02] CS: Right.
[00:09:03] AS: And you have to read that all in context. You can just search it. Because that doesn’t come up, right?
[00:09:08] CS: Yeah. So, for weeks and weeks, you’re sort of – What? Are you sort of like putting it through different algorithms or looking for different search terms and keywords and trying to find sort of like narratives in there?
[00:09:20] AS: Exactly. You’re trying to kind of find the scope of what’s happening in that. And for someone who texts that much, he also had almost 200,000 cookies on top of it. It was a lot of cookies. He could be like the cookie monster of smartphones.
[00:09:34] CS: Yeah. He was everywhere and he was letting everyone have at his phone, I guess?
[00:09:39] AS: Yes, indeed. And we had to limit our scope to a date range and then you always want to then kind of expand a little bit beyond it and then kind of put those pieces together. But it was interesting, because he was from a region than I’m from. And his vernacular was not one that unnecessarily understood either. So I have to take it through the Lexicon side of it and really think through it. And that’s where you start adding more and more time, because you get your initial impression and then you have to do your next one, because a digital forensic person, it has the burden of proof. That must be something that you’re willing to really take responsibly. To me, it’s an obligation. So it’s a big deal. And it’s a little different than maybe how I would like a pen test. I do those, and I don’t necessarily feel some weird emotional obligation or some value obligation to that as I do when I’m working a different kind of a case.
[00:10:37] CS: Yeah, I was literally thinking of that example when you said that, because we post these walkthroughs of capture the flags on our website. And those sort of ring a certain bell in your head where it’s exciting. You got to have this quest and you got to find the things and you go through all the gatekeepers, and then there it is. But this is a completely different type of quest here. You’re not looking for that thing. You’re sort of creating that thing out of sort of hearsay and like a person’s life and sort of context clues. Like you say, vernacular context and everything. So that’s really fascinating.
[00:11:08] AS: It definitely gives you a different perspective on it. I do have to say that out of all the professions in the world we might have experienced, this is the first one in my career path that every day is different. There’s not a single case I’ve ever worked that, “Oh, this is exactly like that other one that I was working on that was Bob’s.” It’s like, “No. Everyone is different.” So that part is really exciting. So I think people who like variety in their life, I think it’s a really good feel for them.
[00:11:35] CS: Now, do most computer forensics professionals have multiple cases going on? Or is it kind of case where you have something like this and that’s all you’re doing for 45 days?
[00:11:43] AS: Typically, in our queue, we’ll have 45 cases that are in the queue and then one investigator will work two to three. And we don’t do a ton of professional services. Our primary goal is we design the technology investigators use. But with the professional services, we do process – It’s about 4 to 5 in a queue and one person will work two to three depending.
[00:12:05] CS: Okay. And like a big case like this, you have like a team of like multiple people working on different aspects of the data?
[00:12:12] AS: Yes, because you’re going to get multiple perspectives on it. I worked on a case, and then my person with the psychology degree also worked it. And because of that, it gave us a different perspective. So we made sure that we did 100% our best work possible. Everyone looked at the data. We made sure we saw the exact same things, different stuff like that.
[00:12:33] CS: Okay. I guess speaking of the fact, you said that everyone has a smartphone and not everyone has a computer these days. And it’s been two years since we last talked. What has changed about the practice of computer forensics in these past two years since you were last on the show? Are there new techniques or skills to be learned or sort of a new methodology or anything like that?
[00:12:52] AS: I think that computer forensics is actually moving. It was originally this big, and now it’s kind of expanding out. And I think part of that is what we’re seeing where more people are spending time being online and connected. Their digital fingerprint has actually grown. And so we’re seeing more people rely on that investigation, where you might have gotten X number of cases. Now you’re getting X, Y and Z just because more people are generating more data.
I think cloud has really emerged since the last time we talked as a skillset that people need to have and understand to be able to good in computer forensics, because it’s not just about let me image your image. I need to image your computer, your smartphone and all of your cloud accounts that are associated with both of them. And we’ll going to impact together to make that investigation valuable.
[00:13:44] CS: Okay. So can you sort of talk about a little bit about like the toolset that someone getting into computer forensics would need to know? Obviously, you said that a lot of the sort of like nerd tech and whatever, you can teach them. But like what are some of the sort of raw skills or intellectual curiosities or even just things that you should have on your resume to let someone know who’s looking to hire you knows that you’re sort of serious about this kind of thing?
[00:14:09] AS: I think you need to have a base understanding of obviously the big cloud. And I say the big cloud is really understanding AWS and Azure and Google. Those are my three big clouds that you’ll see most often in digital forensics. Knowing that that’s not going to be a surprise to you when you log in and you’re, “Wow! This is the worst interface I’ve ever seen.” No offense to any of them, but they’re just not the greatest.
[00:14:33] CS: No. We’re given the tools we’re given, and you just got to work with them.
[00:14:35] AS: And you’re kind of like, “Ooh! Great. Now I got to navigate this? Super!” If they understand those basics of what is compiled in it. Am I looking for buckets? Am I looking for something else? Knowing that before they go in, that’s just a – I think an introduction in cloud class on each one. I think they need to understand both operating systems in smartphones. A lot of people get really centric where, “Oh, I’m a dedicated Apple user. I’m not going to use anything else.” Or, “I’m a dedicated Android user.” That’s a huge mistake I think in Infosec in general. You cannot just be on one team. You’ve got to make sure that you understand and you work with both. Because how can you investigate if you don’t work with them?
[00:15:19] CS: Yeah. So in terms of like the tech used sort of analyze this enormous amount of data, has the tech changed significantly in recent years?
[00:15:28] AS: You’ve seen more people come into this space, I think. There are a lot more tool providers. Paraben is primarily a tool provider. We’ve seen a lot more competition because it is kind of a sexy space. It does have like that CSI effect that it’s like, “Oh, boy. Hey, I’m really interested in this.”
[00:15:44] CS: Solve the case. Yeah.
[00:15:45] AS: Yeah, it’s like, “Woo!” But I think the tools, there are some definite leaders in it, and this space is driven a lot by tool certifications, because it’s kind of like getting certified in a drill.
[00:16:00] CS: Yeah. But it’s also kind of like classical sort of like – Like you’re part of the plumber’s union, or you’re part of the – You know that you have these tools down to a science, I guess, right?
[00:16:13] AS: Right. Because you don’t want someone who doesn’t know where the P trap is working on your sink, because it’s going to go epic bad for you. And it’s the same with digital forensics. You don’t want someone doing smartphone forensics that hasn’t been certified in the smartphone tools, because they’re going to try to look at it like a Windows system or like a Linux system, and it’s really not that. It’s something.
[00:16:35] CS: Yeah. Well, I’m going to jump ahead a little bit and then jump back to where we were, because that brings up a question I was going to ask later. But as a product vendor yourself, I want to talk to you about the distinction between training concepts versus training in the use of the product itself. With the state of tools they are today, is there more to be done than just knowing which button to push and which tool to use? Do you really need to understand the sort of like the theory and the practice behind why you’re what you’re doing?
[00:17:03] AS: I am a big advocate against cowboy button clickers. That’s what I call them. They’re going in and they’re like, “Oh! All I have to do is click these buttons, and boom! I have evidence.” It’s like there is no case solve button out there. Actually, we joke. But I think you have to understand the fundamentals in it. And I’ve always thought that in any curriculum I’ve designed or we teach. We always teach this is how Android is structure, and then this is what your tool is going to do, and that’s what it’s going to look like.
Remember back how it was structured? That’s quite they match up to one another. Because as a forensic expert, you have to be able to explain it to someone else and you can’t do that if you say, “Well, I just click these three buttons, and boom! There is my evidence.” You have to say, “No. I know that app came out of the file system. And when it did, it had a structure of a database. That database is comprised of five things that then point to one another.” They have to at least go to that level.
[00:18:04] CS: I have to imagine that it also gives you sort of a flexibility in terms of your problem solving if you sort of have a better sense of knowing why you’re doing what you’re doing than if the button you pushed didn’t do what you thought it was going to do. Then you have other thoughts in your head about like, “Well, maybe I’ll try this, and I’ll try this, and I’ll try this.”
[00:18:20] AS: Yeah. Maybe it was I didn’t get room. Maybe it was I need to try this method. Maybe I need to talk to the chips. All of these things you’re going to impact it. And I do think it improves your problem solving. It makes you a better investigator, because we can all click through a lot of buttons. We do live in a Windows world, and it was designed for us to just click through a bunch of buttons.
[00:18:37] CS: Yeah, that’s true.
[00:18:38] AS: But it doesn’t work when you’re investigating it, because those buttons do a lot of things.
[00:18:43] CS: Yeah. Speaking of kind of the current time we’re in now, has the change of the world brought on by COVID-19 pandemic, has changed the practice of computer forensics, or the job market for computer forensics experts, or the quantity of quality of experts needed in the industry?
[00:19:00] AS: I think it’s changed the market for it. I think we’re still – Even though we’re multiple months into the pandemic, I think we’re having a problem with that adjustment of how do you function in a lab when you’re telecommuting?
[00:19:13] CS: Right. Yeah.
[00:19:14] AS: Because all the rules of evidence are all about controlling it and keeping it in this little sandbox here. And now you’re telling me my sandbox can’t be there. I have that same box exist over at Bob’s house, over at Sally’s house, over at Amber’s house, whatever it may be. How do you make that happen? Which is part of the reason I think those cloud skills really come into play, is because the cloud is able to give you that remote capability and still maintain all the pools of evidence and your chain in custody the way that you need to. And I don’t think most of the people in digital forensics were prepared for that, because they really never work that way. It’s just not a remote job as a general rule, and they’ve had to make adjustments.
[00:19:56] CS: Now, in the before times, how did it look? Were you all sort of like working in the same place and sort of like talking about the same skillset in the same area and stuff like that? I guess I kind of want to see like in my head like what it looked like then and what it looks like now.
[00:20:13] AS: Everyone would be in the same lab on separate work stations working separate cases. And then maybe able to – It kind of reminds me a lot about how you run a development environment, because you never have one programmer just work on an island by himself. It doesn’t go well. And so you’ll end up with three people in a lab similar to developers. You have three developers and you have one tester. And you might have the same within a forensic lab, you have three investigators and then you might have one person, and that’s the evidence coordinator, or the liaison with whoever it is that’s doing the other side of the investigation.
And there is a lot of brainstorming that happens in an investigation, because you might just be like, “Hey, I’m missing something, or I remember this.” Because it’s a lot of knowledge to retain in your brain.
[00:20:57] CS: Yeah. Is there a lot of kind of like cross-chatter like while you’re working? Or people are kind of like throwing out ideas and sort of talking in the room and stuff like that?
[00:21:05] AS: I think in general, not all the time, because those people you kind of want to smother with a pillow, because you’re like they can’t concentrate.
[00:21:12] CS: Yeah. Okay. In general, you’re all sort of there for each other if someone’s like, “What do you make of this? Or what do you think is going on here?” And things like that.
[00:21:21] AS: I have seen this before. I don’t understand. All of a sudden this Window’s artifact, it’s on every device I’ve seen is not on this one.
[00:21:30] CS: Are we all kind of leaving like Slack windows or Zoom windows open now? Or how are we sort of like keeping that line of communication open when the data is in multiple places now?
[00:21:38] AS: I think that’s part of it. One of the thing we’ll actually talk about another time is discord. I think people are making private discord channels. They’re using Slack, all those different tools. That’s how we keep those communications happen. I think the hardest part is that you still kind of work in a little bit of obscurity where it’s like I kind of openly say like, Bob. It’s all the Bob’s out there. I’m a big fan of Bob. I don’t know.
[00:22:03] CS: Works every time.
[00:22:05] AS: You start talking about, “Well, with Bob case one, you have all these different codenames, so you can talk on them and not have this big of a risk.” But there are a lot of secure communications that happen back and forth.
[00:22:18] CS: Okay. As someone who’s owned a computer forensics company for over 21 years now, you hopefully have some cool war stories about ways in which Paraben’s tools and techniques have helped solve a crime. Can you tell me some more unusual – Some of the more unusual cases that you’ve been involved with over the years?
[00:22:36] AS: Some of them are probably not so …
[00:22:38] CS: A little confidential? Okay. Yup, fair enough.
[00:22:40] AS: There are a lot of confidential ones, but I’ll use my case example I had earlier. In the end, that particular case, he was in Apple. He lost his scholarship. He was going to go pro, all of that. In the end, he was actually innocent. He was being set up. He was being accused of this, and it’s all about a different generation. They were both members of Gen-Z, and it was you didn’t do exactly what I wanted to do. So I’m going to throw a digital fit. That’s what I call it when they start the accusations and saying, “Hey, this all happened.” And he’s like, “I have a record of this in my Snapchat.” It’s like, “Okay. Well, let’s see what we can put together.” The nice thing is that generation does not lack in a digital fingerprint. It probably says a lot.
[00:23:26] CS: Yeah. Right. They’re living there. Yeah.
[00:23:28] AS: Pretty much all the time, like no question about it. I occasionally have to go and chat with one of my kids online who’s in the other room just to make him come to dinner.
[00:23:37] CS: Right. Are more of your cases sort of aimed at people of that age and with that sort of media saturation? Or does it sort of come from all – We had a previous guest who I think he had to sort of like prove like some sort of like money laundering that was going in a company, and he had to be able to sort of reproduce like the sort of financial transactions that were happening and stuff. Do you sort of see cases sort of like at all different levels of like media – Or digital savvy and stuff?
[00:24:05] AS: We do. We do a variety of them. We do work civil cases as the primary thing. But yeah, we’ve done any for that type of case. We’ve done some financial fraud. Obviously, some divorces. It’s that, but I do a lot of suicides. Those I usually do pro bono, because it’s just a data recovery process for the families, different things like that. It’s been an interesting variety. I had one that I just did data recovery. But the woman was in her late 80s – No. She was in her 90s. She was in her 90s. But she was running kind of her own little private – I’m trying to think of a politically correct way to put this. Companion service on the side in her 90s. So I had to like give her full –
[00:24:55] CS: Entrepreneur.
[00:24:57] AS: Yeah. That’s what I was saying. I’m like, “Way to go.”
[00:24:59] CS: Get that money.
[00:25:00] AS: Entrepreneur late in life. Way to go.
[00:25:02] CS: Yeah. Yeah. Yeah.
[00:25:03] AS: There’s someone for everyone, a pot for every lid. Whatever works.
[00:25:06] CS: Absolutely. Scottie Bower is smiling in heaven. So, can we talk a little bit about some of the – You mentioned the sort of tool certifications and stuff. Tell me a bit about sort of what the sort of study process is these days and what sorts of tools people are needed to get certified in to do computer forensics well?
[00:25:25] AS: So, the study process is really about finding what area you want to be interested in. There’s a base knowledge for everything. Obviously, we’re very Window-centric. When you do digital forensics, you’re going to investigate, honestly, what’s popular. And so you need to be familiar with it. You can’t be I’m exclusively – I’m only working in Linux and I don’t want to ever look at anything else, because that’s not going to work. Most of the people don’t run Linux.
So It’s understanding that baseline. And then trying to get a relationship with different vendors and says, “Hey, let me try a trial out. Watch a bunch of podcasts.” Actually, I think YouTube has been a huge resource for computer forensic people. I probably – We try to put a YouTube video out at least two to three every other month, which it sounds like a ton in the world of YouTube. But for the type of content we’re doing, that’s a big deal and with a few resource.
[00:26:17] CS: Yeah, it’s very dense, I imagine.
[00:26:19] AS: Yeah, few resource for people. And then they can practice. A lot of it is practice. We like taking datasets. There’re a lot of those for you out there. That had been made by Nist that you can download. And then you have sample data that you can run through all the tools, and your whole goal is to see what’s different from tool A and tool B and how they processed it and why did I get different results. That’s what people want to see that you can do as an operator.
[00:26:49] CS: Okay. So I imagine there’s a lot of sort of tool tutorials, but also kind of people showing themselves actually like doing it so you can kind of watch what’s happening.
[00:26:56] AS: Yeah.
[00:26:58] CS: So with the world being kind of strange as it is right now with the pandemic and people being at home and not in-person with each other, we sort of have this weird situation where we both have kind of a skills gap in many cybersecurity fields, but also job hunting is a little strange right now and oversaturated. Do you have any tips for job hunters in the computer forensics field to standout from other candidates?
[00:27:20] AS: I think the big thing is makes sure they have the right certifications for the tools that match up with that position. There are some baselines like, NK Certification has been around probably the longest out of the tool certifications. They were a founding tool. And so that’s a very common one to look out and make sure that you have when you’re trying to apply in the field.
Then as you find, “Hey, this is the area I want to specialize in.” So I like smartphones, obviously. I do a lot of work in that area. I like IoT. So make sure I’m finding and following a certification path that leads to those tools in that area. And I think what happens is people try to consumer that entire space and it just doesn’t work. Own your specialty, and it’s going to go well. And then everyone will hate this. Be a good writer. Oh! It is my biggest pet peeve. We actually give up writing test. Gramarly is fantastic. It helps all of us, but we want to make sure that you can go train something that might be technical and complicated to something that anyone can understand, because the people who read your reports are more the nerd level of your mom’s as supposed to your nerd level. So you got to be able to convey that knowledge.
[00:28:34] CS: You got to dial it down and sort of be able to tell a story.
[00:28:37] AS: Yup. So sort of on the other side of that, if you find yourself, maybe you’re laid off at the moment, but looking for new work in this field, what are some other activities you should be sort of prominently undertaking or showing off to show that you’re not taking your unexpected downtime seriously? Are there things? Certifications, or study things, or doing sort of freelance computer forensics or whatever? Are there other things – So it just doesn’t look like you’ve been eating Doritos on the couch?
[00:29:05] CS: Doing nothing? Yeah. I think it’s a good time for you to explore other neighboring Infosec certifications, like the cloud information if you’re not familiar with that. And as an entrepreneur myself, I always think it’s a good idea that this is a ton, if you might not be employed, to go out and look at what it takes to start your own business. And start picking up work. Talk to some of the law offices that might be around you and say, “I’m scaling this area.” Talk to the tool manufacturers. We do special discounts for people who are just doing business startups and say, “Hey, let’s suspend the billing over a couple of months. Let’s help you get to your feet under you.”
So you can have an opportunity to start your own firm. Because a lot of times you can do that on the side and you’re just doing a different style of work. So you don’t compete with someone. Partner up with some of the private investigators that maybe don’t want to do computer forensics and become their nerd. Who doesn’t want to go too nerd? Everyone.
[00:30:02] AS: Yeah, absolutely.
[00:30:03] CS: People need it. A lot of people need it.
[00:30:05] AS: Exactly. I know for my mom, I might be her go-to-nerd. Let’s go find your –
[00:30:10] CS: Oh, I definitely am. Yeah.
[00:30:11] AS: And then like I did try to pass that off to my younger brother who I’m like, “You’ll the parents go-to-nerd for a while.”
[00:30:17] CS: Yeah. You’ve heard of Thanksgiving described as a parental tech amnesty day.
[00:30:23] AS: And it’s always about a printer. I don’t know what it is, but it’s always about a printer. Always.
[00:30:28] CS: Yeah. So I want to go from – You’re talking about maybe starting your own company, but I want to talk about like the sort of like the strata of computer forensics professional. So you might be a single professional or even a freelancer. And then you become part of a larger team. But eventually there’s a chance that you might sort of start doing jump-ups to different levels where you’re maybe the manager of a team. So can you talk about some skills and qualities that you need to go from computer forensics work to computer forensics team management?
[00:30:57] AS: I actually just wrote a blog about this the other day. I was writing two blogs. One was about actually setting up your lab and how you can do it on a budget that actually works and making smart decisions, because there’s always overhead. And I think people forget that. They’re like, “Oh, I have an unlimited budget. I can buy whatever I want.”
Just because you can buy whatever you want, doesn’t mean you should buy whatever you want. You should be smart and strategic in your purchasing choices. For the management of people, my biggest thing that I brought up and that you need to show as you want to move up the chain is to make sure that you’re picking people that have that variety of skills. So, developers always work in kind of a pod. I feel very nerdy saying all these. But making sure that your skills of your people also work in that pod. So maybe someone’s who’s really strongly left-brained, and you get someone who’s really strong in the right brain side and then get someone in the middle.
We have an interesting hiring question we ask everyone, which is if you were a kitchen appliance, which appliance would you be and why? And we’ve asked everyone since the start of Paraben this question, because I want to see where the balance is between your left and your right brain and whether or not there is a relationship that happens between them, because that’s going to tell me if you’re going to fill a gap in the field that I have within my teams, etc. Are you going to look different? Look at the problems differently? I don’t like it when people answer things like I’m a knife, because I like to cut things. That’s bad. It says don’t hire you.
[00:32:29] CS: That is really bad.
[00:32:31] AS: Exactly.
[00:32:31] CS: We’re going to need some followup question for you.
[00:32:33] AS: We’re good. We’re really good. We’re backing away. But for the person who says, “I’m a microwave, because I like to take things from one state to a new state in a very quick and efficient way.” That’s a win. That’s a hire, because that might be what I’m missing on my team. And that’s what a manager has to think of, is it’s not who you like. You’re not supposed to be friends with the people you hire. If that happens, it’s great. But at the end of the day, you’re making sure you’re filling all the gaps, because you’re the one that has to pick up everything else. Oh, I still can take out the trash. I did not lose that skill.
[00:33:12] CS: Right. Yeah. So what is the correct answer to the – I know there’s no correct –
[00:33:18] AS: I don’t think there is a correct answer. It’s stepping back and realizing that it’s about gap filling. And as you want to move up, show that you have the ability to do that. Show that you can actually organize the team. So if you’re working a big case and there’s a pod of you, take the lead. And don’t be afraid to take that leap, because people will notice. Even if you fail, they still notice that you stood up and like took it. That’s a big deal. Don’t be afraid to fail. I think a lot of generations are really afraid of that, and there’s a lot of failure.
[00:33:51] CS: Yeah. Yeah, especially in something like this that’s so like there is no one correct solution. So you got to get used to the possibility of any – Was it Mythbusters who said failure is always an option? Yeah.
[00:34:07] AS: Sometimes when you tank it, you like tank it. It’s like based on the kind of tank. But you can get back up again and show that you’ve learned something and not do the same mistake twice. People notice that. That’s who get promoted.
[00:34:20] CS: Nice. What are some ways that computer forensics managers sort of support their teams and make their work better? As a manager, what is the thing you do to sort of make sure once you’ve sort of found the right people for your team. But how do you sort of lift all the boats?
[00:34:34] AS: So you’re going to laugh at me, because it’s like an epic old book. I love the book Putting The One-Minute Manager To Work.
[00:34:40] CS: Oh, yeah. Okay.
[00:34:41] AS: Crazy old.
[00:34:43] CS: Yeah.
[00:34:44] AS: And it’s short, which is great to. But I don’t believe that you can take a withdrawal out of someone’s account without putting a deposit in first. And I think that’s true for all people. No one wants you to just be like, “Hey, you were horrible today. Can’t believe you messed that up,” and you beat on them. It’s let’s point out everyone does something that is a positive in investigation. You were really fast at processing those images. However, next time, I think if you could go through and thread out the process differently, it would become much more efficient. What do you think you could do to improve on that?
I made a deposit, I took a withdrawal, and I ended on a deposit. That’s when you really flourish with making sure you have good people. I am an extremely blunt person. All of my team knows that about me. And they know if they screw up, I’m going to call them on it. But the difference is I’m going to get over it too. Once it’s been talked about, it’s done. We don’t have to keep readdressing it over and over again. Because I’m assuming you’re going to make the improvement.
[00:35:45] CS: Yeah. That’s awesome. So speaking of books that have been an influence for you or whatever, is there a particular tip that a mentor gave you in the past in preparing for this career that’s stuck with you?
[00:35:59] AS: Oh, that’s a tough one. I’ve had some amazing mentors too. And a lot of them, they’re still in my life and they’re still mentors to me. Because I don’t think I’ve ever quit learning. I think the biggest one is – And it sounds so cliché, but there are very few females in digital forensics. They’re growing, which is great. I believe I am still to date the only CEO in this space, a tech company that’s female. And it was very hard, because there wasn’t anyone else to relate to. And I had different barriers to overcome then other people did. And they looked at me and they said, “You need to quit caring about what those people think and just do what you think.” That was oddly profound, because you’ve really get caught up in it. I don’t know why women out there who might listen to this. I don’t know why our self-esteem is so driven by everyone but our self. But it truly is. We got a really messed-up formula going on.
I just quit thinking about what they were thinking. When I walked into a room, I said, “I think I’m going to rule this.” And I did. And the ones who didn’t think I ruled it, you know what? I don’t care anymore. Just own who I am.
[00:37:17] CS: Love it. That’s great. We’ve had a number of women on our show, and we’ve like to talk about sort of – Women in cybersecurity and the difficulties and pitfalls, but also the opportunities that are possible. Do you think about this at Paraben? Do you sort of work towards gender parity and hiring? Do you think that – Is that something that you have like a strategy towards or you’re thinking about and so forth?
[00:37:48] AS: I think I do, which is interesting. I probably have – I think my workforce is actually 70% female, which is – But it wasn’t because they were female. I picked it because they wear the gaps. I try to look at everyone as very gender-neutral. But at the end of the day, for example, my entire testing team, all but one are female, and it’s because their attention to detail, they’re fantastic testers. Like, fantastic.
Like I said, my best examiner is psychology degree. She’s great, because she really looks through the details. The other thing that I try to do, and I think where I’m a little different, because I literally grew up in this space, is I hire a variety of ages. I have employees that are in their 60s, down to in their 20s. And in that process, I get so much more scope of understanding what’s happening with technology.
[00:38:47] CS: Oh, yeah.
[00:38:48] AS: Don’t get me wrong. It can be frustrating when they’re like, “You are so not my generation and you’re pissing me off.”
[00:38:54] CS: Yeah, right.
[00:38:56] AS: But at the same time I’m like, “That is something I never would have seen that perspective on.” And I think it’s hugely valuable because of it. I’ve also employed all of my own children, which I have fired all but one of my children. And he quit.
[00:39:12] CS: Okay. Wow!
[00:39:13] AS: So, I wanted to fire him.
[00:39:15] CS: Lest anyone think that there’s any favoritism going on.
[00:39:20] AS: There is none.
[00:39:20] CS: There is none.
[00:39:21] AS: I made sure they worked the same jobs].
[00:39:23] CS: Hit beyond the chopping block too.
[00:39:25] AS: No. They work the same jobs. They had to work their way up. And I have a lot of respect for that, because I think you should. Don’t ever look at your boss and say, “I don’t think that is part of my job.” Everything is part of your job. You’re a member of a team.
[00:39:39] CS: Do you have any sort of tips or observations on having such an age range of people on your team like that? Are there friction points or things that you’ve learned to sort of mitigate? Or do people just have to figure it out for themselves?
[00:39:52] AS: I try to make it so we have universal things. Before, everyone telecommuted. And Paraben is actually spread out over multiple offices now throughout the world. And before that happened, one of the things we did is – Don’t laugh at me. But food brings people together no matter how old you are.
[00:40:09] CS: You’re not going to hear a single giggle out of me about that. I agree with you completely.
[00:40:14] AS: We would do food sharing, where people would bring in their thing. They’d share their recipes, and we still do that today. I have a couple of my staff that we do a food chat. It’s like, “Hey, this is what I was barbecuing this weekend. This is my rub.” When I make something, I am a big foodie, I make sure I share it out with everyone and says, “Hey, here’s this new recipe. Give it a shot. Let me know how it goes.” Because it’s something not about work, but it changes overall those ages. It doesn’t matter how old or young. You love food. Everyone loves food.
[00:40:43] CS: Everybody likes food. Everybody likes to eat.
[00:40:45] AS: Food and dogs.
[00:40:46] CS: Oh, especially dogs. Any dogs on the team? Anyone have a –
[00:40:51] AS: We have 11 pets on the team. We are a pet-friendly workplace. People could bring their animals to work with them.
[00:40:59] CS: Okay. Any of them wear like a little detective hat or anything?
[00:41:02] AS: Many times you will see our animals in our marketing materials. That is common. You might even hear some of mine in this interview. You might hear them talk. I have four dogs myself and one cat.
[00:41:15] CS: I think I need to hear a declaration of food at one point. Yeah.
[00:41:17] AS: There might have been a small like woo-woo-woo happening.
[00:41:21] CS: And small insistence that feeding time is now.
[00:41:24] AS: Yes. That would be Siberian Huskies, because I have two of those, and they’re very chatty.
[00:41:27] CS: They are not quiet about their desire for meal time.
[00:41:32] AS: No.
[00:41:33] CS: So, as we wrap up today, can you tell us more about Paraben? We went through sort of the E3 platform last time. But sort of tell me about some of the more interesting project tools or initiatives that you’ve got going on at this moment.
[00:41:47] AS: When we switched over and we made a unified platform, that’s what our E3 platform is, which is electronic evidence examiner. Now it’s really finding out this little nugget that happened in trend. And I find it funny, because people are like, “Oh, you’re a forensic person. You’re a security person. You can’t use that. That’s crazy. That’s from china.”
[00:42:08] CS: Interesting.
[00:42:08] AS: I have to tell you all, I spend time on TikTok. I totally do. I learn some amazing things. This week, I was this old when I learned that the numbers on the toaster are the number of minutes. I had no idea. It wasn’t the darkness. It’s the number of minutes. Did you not know that –
[00:42:30] CS: I’m going to need a minute here. Yeah, I have to go dark and think about it for a second. Okay.
[00:42:35] AS: Yeah. And it’s because I don’t think I can investigate something. I don’t understand how it works and how people live in it. I follow the trends and everything else, and that’s what Paraben is really about, is making sure that we’re catching that cutting edge, because where people spend their time with data changes. And if you don’t adjust to it, then you’re making a mistake or you’re missing something, because there’re always fringe pieces of data.
We were the first company that started investigating in IoT, and we started with Xbox’s, and we did that because my middle child was a huge Halo player, like huge. By 7, he had beat all of Halo. That was his thing. Now he’s I’m going to say semi-professional gamer. There’s not a whole lot of proud pride moment there, but he is playing Call of Duty. And it was interesting, because I said, if he’s spending this much time in here and he’s talking to people. And I was monitoring it. We hacked out our Xbox, so we did all that as a family, because that’s good family activity.
And I said, “Other people are too. This is their primary workstation. This is their primary data source. So we need to make sure we can investigate it.” And a lot of people look at some of that that we put out and go, “That’s crazy. What are you talking about?” And I’m like, “It really is the case.” A lot of times when you work in technology, you forget about living with technology, and there are two different things. I work with it and then I also live with it. And they may not be the same thing at the time.
[00:44:12] CS: All right. As we wrap up today, one last bonus question. If people want to know about Amber Schroeder, or Paraben, where they can go online?
[00:44:20] AS: Paraben is Paraben.com. So, P-A-R-A-B-A-N.com. I hate spelling out loud. And it’s ParabenCorp on Twitter. I’m on Twitter as well as Ginger Wonder Mom. Not a big surprise here.
[00:44:34] CS: Okay. Ginger Wonder Mom.
[00:44:34] AS: Good for me to reference my kids. Not a big surprise there. And we’re also in LinkedIn. I know a lot of people, that’s how you spend your time on social media. We’re on there. We put out a lot of good blogs that are simple reads. I’m a child of the Cliffnote. Being dyslectic, Cliffnotes saved me from some really hard books.
[00:44:57] CS: Just give me the stuff I need to know.
[00:44:59] AS: Yup, and then let it go. So we do that with our blogs, and they’re open and available to everyone. And then a big fan on YouTube, where we are ParabenForensics, all one word on YouTube.
[00:45:11] CS: All right. Well, Amber, thank you again for joining us today. This was super fun to catch up, and thank you for all your time and insight on computer forensics.
[00:45:18] AS: Yeah, thanks so much for having me. Hopefully it’s helpful to everybody.
[00:45:21] CS: Yeah. I want to note to our listeners here that Amber is going to be doing a video walkthrough of Paraben’s computer forensic discord server. We’re going to record that in just a few minutes here. So that will definitely give you a sense of where that process of learning, sharing, collaborating in the field of computer forensics is going. So for people who are listening to this on our audio podcast feed, be aware this will be video-based and should be watched over on our YouTube page, which you can find by going to youtube.com and type in Cyber Work with Infosec. So I hope to see you there.
And in the meantime, I’d like to thank you all for listening and watching. If you enjoyed today’s video, you can fine many more on our YouTube page. Just go to youtube.com, as I said, and type in Cyber Work with Infosec, and you can check out our collection of tutorials, interviews and past webinars. If you rather have us in your ears during your workday, all of our videos are also available as audio podcasts. So just search Cyber Work with Infosec in your podcast catcher of choice. If you wouldn’t mind rating or reviewing us, we always enjoy that, and we really do appreciate it.
As I mentioned at a little promo at the top of this show, we want to hear from you about what you want to see more of on the show. So please go to ww2.infosecintitute.com/survey, and you’ll find short set of questions about your listening habits and interests. If you take the, you’ll be eligible to win a $100 Amazon gift card. That’s ww2.infosecinstitute.com/survey.
Thank you again to Amber Schroeder, and thank you all again for watching and listening. We will speak to you next week.
Live forensics demo on Discord: What will we find?
Paraben CEO and Founder Amber Schroader uses a new plugin on Paraben’s E3 computer forensics platform to dig into one of her children’s Discord profiles (with permission).
About Cyber Work
Knowledge is your best defense against cybercrime. Each week on Cyber Work, host Chris Sienko sits down with a new industry thought leader to discuss the latest cybersecurity trends — and how those trends are affecting the work of infosec professionals. Together we’ll empower everyone with the knowledge to stay one step ahead of the bad guys.