Last Updated on Monday, 08 November 2010 21:36 Written by Brian Baskin Thursday, 04 November 2010 14:10

I am just finishing up my first week at my new place of employment, cmdLabs, LLC.  What an amazing roller coaster ride.

Let's revisit the past ten years... just to get it off my mind and on paper.

It was with very mixed feelings that I left my former employee, where I had been employed for over 10 years. In late 1999 and early 2000 I was working as a network engineer at a NASDAQ data center near Washington, DC, suffering through the daily commutes. Through a friend I learned of a government facility where they were teaching computer forensics and investigations. It was outside of my skill set, but something I wanted passionately to be involved in. So, I made the leap to join CSC on the Defense Computer Investigations Training Program (DCITP) contract, as it was known at the time (now called the Defense Cyber Investigations Training Academy - DCITA), part of the Defense Cyber Crime Center (DC3).  The downside to the move? I had to start at the ground floor. I started as classroom technical support. It was literally starting at the bottom rung of the ladder. 

I did my work, head down, and found new ways to improve upon processes. I built databases, performed research, and eventually became a research aide to many of the instructors. When they got stumped by a hard question from a student, I would receive a pager message (yes, we had text pagers back then), and would try to get an answer within five minutes. After about a year of hard work, I raised the question - Let me teach. Let me start small, by teaching a hardware block of the introduction class. After a month or two of deliberation, they decided to give me a one-hour block teaching motherboard technology, with it recorded and reviewed by the government customer. I went up and did my thing - 15 minutes into the presentation slicing my arm with a sharp solder leg and bleeding out. I casually grabbed a towel used for cleaning the white board, placed it on my arm, and used a demo motherboard to apply pressure - all without missing a step and without the students even being away (AFAIK). 

I was given the job of being an instructor, and I started grabbing modules to teach. Within a year I has mastered all of the hardware/software/OS lessons of our core course and was the sole expert on the Linux section (being a user since 1994). Eventually, my need for more outgrew the class and I was moved to the Incident Responders team, where I started renovating their methods of Linux/Solaris incident response. I grew out from there into the Forensics material where I focused on host-based application artifacts. I then moved into Intrusions where I worked to renovate the Solaris Intrusion Response (FISE) course and build a new Linux Intrusion Response (FILE) course.

And all that in the space of just four years. I was working with Johnny Long on rebuilding our online investigations material, and we redesigned the course into new territories. Based upon much of my research, Johnny approached me with a side project. A Syngress project on IM/P2P security had lost an author and they needed someone to write the P2P analysis section, quickly. I then started researching and writing the Gnutella, Kazaa, and BitTorrent sections of the book, having them complete in just a month. And so began my side-career of being a "closer" for Syngress, but that's another story... But the research from that time, and since, has helped me become a premier P2P forensics researcher.

Eventually, by 2006, I had a mastery of the courses and was hitting a wall. At that point I was promoted to the Deputy Lead Technical Engineer position. I worked to review and authorize content changes to all of our courses. I performed extensive research on new forensic responses, next to Johnny who did research on new attacks, and then integrated the research into our training materials.

I also worked special projects for most of that period. When something huge came down the road, I was pulled to knock it out. One example was when, in 2008, the US Secret Service came to our customer with a huge project.  They were establishing a brand new forensic school house in Alabama called the NCFI, where they would train state and locals in digital forensics. They asked us to develop seven courses with scenarios, instructor guides, PowerPoints, and handbooks, in a matter of six months. I was placed as the team lead and given four extensively qualified instructors to knock out the project. Which we did, on time and greatly under budget.

It was a dream job. It was my dream job. Yet, I left.  Why?  I pretty much hit my peak there. The projects that were coming down the line were less technical and less cutting-edge. They were more compliance-based to ensure we had standardized formats and guides. A lot of great technical work was still in process, but not enough to scratch my itch. After so many years there, I knew what was coming, and there were no big surprises left. So, it was very difficult to say goodbye to my family at CSC and DC3. A facility full of the brightest people doing great work.  I feel like I've played a big hand in growing DCITA and DC3 to where it is today. I realize this sounds like I'm bragging of my work there, but it's just to show how strongly I feel about my family there.

I have moved on to become a Senior Consultant with cmdLabs, a wholly-owned subsidiary of The Newberry Group. I joined as the first real employee under the three partners: Eoghan Casey, Terrance Maguire, and Chris Daywalt. It's an exciting adventure, working out of cmdLabs' forensic lab in downtown Baltimore, but an opportunity to go the next step. This will literally be a ground floor operation to build out its capabilities, explore new forensic trenches, and have fun in the process.

What is there to learn from this? Do something you care about! Work in a field in which you are passionate! If you're not there right now, then get there. And realize that sometimes that takes a sacrifice. Don't expect that every new job is going to be an increase. You will take pay cuts, benefit cuts, and other sacrifices. But those are minor when compared to doing work that gives your life new meaning. Stop looking for a job that pays $10K more and look for one that you will gladly wake up every morning to do. And when, at a point, you've exhausted your stretch at one place, don't feel confined there. Seek out to improve yourself. 

And to my friends with CSC/DC3. I will definitely miss you. But, as you all know, this is an extremely small community.