Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What it takes to be a security incident responder

Bob Violino | June 22, 2017
A wide range of technical skills and curiosity about the mechanics and goals of an attack are key for effective incidence response.

Sherman had worked as a fire fighter early on, which he says set the stage for his role as an incident responder. “I used my fire-fighting skills to mimic incident response,” Sherman says. “A fire fighter’s main duty is to protect. Protecting to a fire fighter may be teaching fire safety, or training, or learning new tools. The same can be said with incident response for protection. Thinking on your feet, using tools, having an incident commander, and bringing in the right response in a timely fashion all fall within incident response.”

chart security incident responder 
Credit: CSO

Mentors have played a key role in Sharman’s career. One is Curtis Rose, owner of Curtis W. Rose & Associates, a provider of computer forensics and litigation services. “Curtis taught me how to think differently, and to really have a strong work ethic,” Sherman says. “One of the key lessons he taught was to understand what made ‘it’ tick. If something occurred on a computer, understand what made it occur, how did got there, and why it got there.”

As investigations can take various turns during their progression, Rose “time and again has brought me back to basics,” Sherman says. “In my opinion [having someone to talk with] is one of the most important aspects of being in digital forensics/incident response.”

Although Sherman is not currently pursuing another degree, he is constantly learning. For example, he takes SANS Institute courses that are non-vendor specific security training. “I have always stated that my security mantra is ‘you don’t know what you don’t know,’” he says. “This is why I have a strong circle of colleagues and friends in cyber security, part of multiple organizations, and continually teach myself something new.”

Sherman says his number one professional goal is always to protect others. “Protecting others may simply mean protecting a person’s data,” he says. “Protecting that data means protecting their job, and the organization’s or company’s best interest. My future career goal is to continually strive to be a better investigator, a leader that others want to follow.”

And what’s Sherman’s personal goal? “To take a well-deserved vacation,” he says.


Previous Page  1  2  3 

Sign up for Computerworld eNewsletters.