Podcast: Play in new window | Download (Duration: 32:25 — 44.5MB)
Subscribe: RSS
Summary
In this episode of Chattinn Cyber, Marc Schein is chattin’ with Devon Ackerman, a highly respected figure in the digital forensics and incident response (DFIR) community. Devon shares his background, starting from his upbringing in upstate New York, moving to Georgia, and how a chance encounter with an article about digital forensics at Champlain College sparked his interest in the field. He explains his early career in IT and web design during the dot-com boom, and how his curiosity and passion for troubleshooting led him to pursue digital forensics as a career.
Devon elaborates on the core concepts of digital forensics and incident response, describing digital forensics as the scientific discipline of preserving, validating, and interpreting digital data, often for legal purposes. Incident response builds on this foundation by focusing on reacting to cyber incidents, preserving evidence, and supporting organizations during and after attacks. He recounts his FBI career, highlighting a significant case involving espionage where a trusted insider stole sensitive data for a foreign government, demonstrating the real-world impact and importance of DFIR work.
The conversation shifts to emerging cyber threats and the evolving landscape of cyber risk. Devon emphasizes that threat actors are highly motivated, whether financially or politically, and continuously adapt to stay ahead of defenders. He discusses the widespread availability of offensive cyber capabilities among nation-states and criminal groups, and how geopolitical tensions can influence cyber activity. The discussion also touches on the role of AI in cybersecurity, acknowledging its potential benefits but warning about risks related to rapid adoption without adequate security controls.
Devon addresses the insider threat, distinguishing between malicious insiders and those who pose risks unintentionally through mistakes or misconfigurations. He stresses that human factors remain a critical vulnerability in cybersecurity, as trusted employees can inadvertently expose sensitive data. He offers advice for newcomers to the DFIR field, encouraging a mindset of continuous learning, experimentation, and resilience in the face of failure, noting the complexity and ever-changing nature of digital forensics.
Finally, Devon describes his current role at Cybereason, a cybersecurity company known for its endpoint detection and response technology. He explains how Cybereason has expanded its services to include both proactive advisory and reactive incident response capabilities, supporting clients globally across the entire cyber risk lifecycle. He provides contact information for listeners interested in learning more or engaging their services, and the episode concludes with Marc thanking Devon for sharing his insights and experiences.
Key Points
1. Career Path to Digital Forensics: Devon’s journey from IT and web design to becoming a leading expert in digital forensics and incident response, sparked by early exposure to the field and a passion for troubleshooting.
2. Definition and Scope of DFIR: Explanation of digital forensics as a scientific discipline and incident response as the reactive process to cyber incidents, including their importance in legal and investigative contexts.
3. Notable FBI Case: A detailed recount of a high-profile espionage investigation involving insider theft of sensitive data, illustrating the practical application and impact of DFIR work.
4. Evolving Cyber Threat Landscape: Discussion on the motivations and capabilities of threat actors, the proliferation of offensive cyber tools among nation-states and criminals, and the influence of geopolitical factors.
5. Insider Threat and Human Factor: Insight into insider threats, both malicious and accidental, emphasizing the ongoing risk posed by human error and the need for vigilance and security awareness.
Key Quotes
1. “Digital forensics is the scientific discipline by which we investigate digital information or digital data… It’s the basis for incident response and legal interpretation.”
2. “The insider threat isn’t always malicious; sometimes it’s a trusted employee making a mistake that inadvertently exposes sensitive data.”
3. “Threat actors are incentivized, whether financially or politically, and they continuously adapt to stay ahead of defenders.”
4. “AI is a buzzword and a powerful tool, but rapid adoption without security safeguards can lead to data spillage and new risks.”
5. “For those entering the field, be hungry to learn, be ready to fail, and understand that digital forensics is a never-ending journey of discovery.”
About Our Guest
Devon Ackerman is a highly respected expert in digital forensics and incident response (DFIR), known for leading the DFIR Definitive Compendium Project and bringing extensive experience from his tenure as a Supervisory Special Agent and Senior Digital Sciences Forensics Examiner with the FBI. During his FBI career, he oversaw and coordinated digital forensic operations nationwide, handling critical cases involving domestic terrorism, mass shootings, and large-scale electronic evidence collection. Devon has also contributed significantly to the field by co-authoring FBI training curricula, developing forensic tools, and providing expert testimony in federal and state courts. Beyond his public service, he has been recognized as Digital Forensic Investigator of the Year, spoken at major industry conferences, and shared his expertise through media appearances and publications. Prior to the FBI, Devon ran a technical services firm supporting small and medium businesses, underscoring his broad technical and investigative background.
Follow Our Guest
About Our Host
National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums.
Follow Our Host