Education, Experience & Certification
Because so much of our daily lives involve digital information and its storage and access, information security is critical to the general operations of thousands of businesses. When there is a breach of that security, the resulting “digital crime scene” requires investigation to a) determine what security measures failed, b) confirm what data was compromised and c) pursue the perpetrator(s) to bring them to justice. Enter the Cyber Crime Investigator, an expert in the field and supported by an extensive network of peripheral resources to accomplish A-C and more.
Obviously, a strong background in computer technology and information technology is critical. As many courses are available at the secondary educational level, it should go without saying that there should already be a skill-set involving computers, information, networking, and programming in place before obtaining a bachelor’s degree. Broad category degrees (such as Computer Science or Information Technology) are valuable; narrower degrees such as Network Engineering or Information Security/Assurance/Forensics are tailored toward the investigator role. Essential education includes programming, database management and systems analysis for the successful Investigator. Additionally, courses (minor or dual-major) in accounting and finance will be a great benefit, as many crimes involve financial transactions (or vulnerability in the financial aspect of network integrity). The general idea that computer education and training is more valuable than criminal justice speaks to “learning the environment” as opposed to learning the tasks; it is easier to add classes in criminal justice to a technology degree than to add a technology degree to a degree in criminal justice.
An often overlooked aspect of study for this field is foreign languages. Because of the global environment of the internet, single-language speakers are at a significant disadvantage when working with international cybercrime. Fluency in as many languages as possible is a great asset – particularly Asian and Middle-Eastern tongues. Adding this skill will significantly enhance your opportunities and future advancement in the field.
For candidates considering a change in career, already possessing a computer or information-related degree, many schools offer certificate programs that will provide the necessary education in targeted areas (like accounting, security or forensics) to improve your resume. Indeed any experience in database management, network or systems analysis will provide a good footing for entry into cybersecurity, but specialized training will result in a more efficient skill-set when seeking employment as an Investigator.
Because the field is so broad and the need is so great (in the public and private sector), there are opportunities to gain experience to enhance your resume and strengthen your skill-set. The Department of Homeland Security, FBI and U.S. Military branches offer internships involving criminal justice and cybersecurity. Not all are a volunteer position, and many can lead to full-time employment within the organization.
Another way to gain attention is to obtain a professional certification from an organization like the International Fraternity of Cybercrime Investigators (IFCI) as part of their education. Such certifications (including Certified Reverse Engineering Analyst and Certified Computer Hacker Forensics Investigator) draw the attention of industry leaders when recruiting staff.
Due to the nature of the industry, investigators never stop training. Change is perpetual, and as network administration and database structure changes, so the investigator must gain expertise in new systems. Conferences, coursework and staying on top of new software developments are how a good Investigator retains value.
Employment Opportunities – Job Titles
Because the industry has yet to standardize like other disciplines, there are several job titles that involve cybercrime investigation. These titles include (but are not limited to):
- CISO / Director of Security
- Computer Crime Investigator
- Computer Forensic Examiner
- Computer Forensics Analyst
- Computer Forensics Investigator
- Cyber Detective
- Cybercrime Agent
- Incident Responder
- Malware Analyst & Vulnerability Researcher
- Security Analyst
- Special Agent
- Vulnerability Researcher
Be aware that not all job titles will indicate cybercrime investigations or network security. It is always valuable to research the job duties and requirements when reviewing potential employment opportunities.
Employment Opportunities, Private Sector – Job Duties
Quantifying a “day in the life” of a Cybercrime Investigator is difficult because it is very likely that no two days will look the same. That said, some common activities will frequently be encountered. These include (but are NOT limited to):
- Analyzing computer system “crime scenes”
- Consulting with team, client representatives and law enforcement
- Convert files and data into a designated format
- Engage in continuing education
- Gather computer system and network information
- Gather evidence
- Identify, evaluate and implement methodology to enhance the security of data files
- Maximize optimal hardware and software performance levels
- Prepare expert reports for interested parties
- Reconstruct computer systems after damage or loss
- Recover files
- Recovering destroyed or damaged data
- Review and evaluate software for design flaws or vulnerabilities
- Testify in court proceeding
- Train local and federal law enforcement officials about computer-related topics
In the private sector, investigators may be tasked with testing existing security systems for corporate clients. A ‘friendly’ attack or hack of a corporation can reveal vital security vulnerabilities for the owner. Investigators are an essential part of the process to maximize system performance as well.
An investigator will be tasked with data recovery and analysis in a forensic circumstance when investigating cybercrime (particularly in crimes against children). Typically, recovered data will be used in legal proceedings. Investigators analyze the extracted data and prepare the detailed reports for use by the prosecution; it is expected that cyber investigators will appear in court to testify to their findings. This data recovery will undoubtedly include passwords, encrypted files, erased or deleted files and emails for use as evidence. Specific crimes where a cybercrime investigator is vital include identity theft, online harassment, theft of intellectual property and ransomware.
Employment Opportunities, Public Sector – Job Duties
Because the area of cybersecurity is closely related to government activity, job descriptions for employees of the FBI, Department of Homeland Security and Military branches warrant specific attention. There are certain ‘Key Priorities’ within these organizations, described as follows:
Computer and Network Intrusions
Billions of dollars are spent annually repairing computer networks and strengthening security features for operating systems used by banks, hospitals, and other vital service providers. Because the list of alleged perpetrators include independent hackers, state-sponsored agents and business competitors, pursuit of these criminals is difficult. To combat the ever-growing number of hostile cyberattacks against these (and other) critical computer networks, federal agencies have developed an evolving series of capabilities – both technical and investigative – and partnerships to pursue agents involved in these attacks. Because of the close relationship between critical systems and national security, this is the primary priority of government agencies.
Corporations, hospitals, school districts, local government administrations and law enforcement have all been victimized by ransomware. Starting with just one infection, an entire network can be encrypted by malware and become inaccessible to users unless specific demands issued by the perpetrator(s) are met. Because these attacks are becoming not only more prevalent but more sophisticated, this cybercrime is a high priority for government agencies. Discovering the malicious code, deciphering its inner-workings to either neutralize or remove it is the task of a Cybercrime Investigator. Preservation of data and restoration of access are the primary goals; apprehension of the agent(s) behind the malware is a close second in priority.
With the recent attacks on a significant credit-reporting agency, the government has stepped up its investigation and prosecution activity related to identity theft. Both cybercrime and traditional criminal resources are active in this arena. Because the opportunity for fraud is so widespread, many different departments work in cooperation to search for crime groups, organizations or very active users. This takes investigators to what is known as the “dark web” (that area that never shows up in ‘Google’ searches) where illicit transactions are known to occur.
Despite the authorization to retrieve communications (via voice, text, and email, for example) provided by a court order, many government agencies lack the technical ability to do so. A Cybercrime Investigator will be involved in creating ways to implement digital surveillance and data retrieval.
Human trafficking has many faces. There are a number of nuances within human trafficking – not just sexual – and all are damaging and dangerous. There are specific divisions within the federal government designed to retrieve internet data, analyze information and cooperate with local law enforcement to find and release victims and bring perpetrators to justice. Monitoring internet sites and groups’ pages as well as chat channels, peer-to-peer file-sharing systems and reviewing information is a critical part of the investigator’s duty.
Individual agencies alone cannot adequately combat cybercrime. Therefore, several government agencies have allied to share resources, information, and strategy. These include the Internet Crime Complaint Center to provide the public with a reporting mechanism to provide information of attacks and fraud schemes, the Cyber Action Team who is a rapid-response team akin to first responders for cyber disasters, and the National Cyber-Forensics & Training Alliance which is a strategic model to bring complimentary agencies together and share resources nationally and internationally.
Cybercrime is a wide-open field with many opportunities for entry and growth. Salaries are very competitive because the work required is so valuable to business and industry, the general public and governments.