The Professional Development Challenge for Cybersecurity Investigators
In part one of this series, some popular third-party online training vendors are explored that offer online learning platforms for the busy cybersecurity investigations professional who want to stay skilled/current with a wide range of topics year-round and at a reasonable cost…regardless if employee or employer bears the cost.

There are many definitions for “professional development”. For the purposes of this series, the definition is simplified to: “any planned activity that substantively adds knowledge to allow employees to perform their jobs better”. Categories, descriptions and examples are offered below. The focus of this series is highlighted in yellow.

ALTERNATIVE ONLINE LEARNING PLATFORMS
For many cybersecurity investigations professionals, employer sponsored training and coursework is always restricted to the employer’s available annual training budgets. That reality and constraint usually translate into one or two 1–2 week duration short courses that an employee can take per year on average. If we were talking about this issue 5–10 years ago, especially at a time when cyber security courses were not mainstream at many universities and third-party vendors (online or physical classroom), this would not have been as problematic as it is today.
Depending on the exact title and duties of the cybersecurity investigations professional, areas of interest could include, but are certainly not limited to:

Just as background, I am one of those professionals who usually takes one or two continuing education classes per year on average, usually in-person with a vendor like SANS. Over the years, I have taken SANS FOR526 (Memory Forensics), FOR572 (Advanced Network Forensics), FOR408 (Windows Forensics Analysis), FOR508 (Advanced Incident Response), FOR585 (Smartphone Forensic Analysis), FOR610 (Reverse Engineering Malware) and have achieved various certifications such as GREM, GCFA, GCFE (the latter two now expired). I’ve also taken one week classes at other third party suppliers such as: Carnegie Mellon (Linux forensics), IACIS (two-week CFCE prep course), EC Council (Certified Ethical Hacking prep course), Guidance Software (Encase), AccessData (FTK), and with vendors I can no longer even recall (Exchange Server, CISSP prep, etc) …resulting in certifications such as CEH, CISSP, CISM, CCNA, ACE, EnCE, and CFCE (the latter is the only one still current).
While these courses have served me well over the years, there is definitely a need to fill the gaps in-between these structured (and very pricey) training courses. The cybersecurity landscape is fast-evolving and changing for a variety of reasons (from evolving bad actor TTPs to newly discovered vulnerabilities), so idle time where there is no “learning” is very counter-productive and harmful to an employee’s development. Further, the type of work and cases encountered often necessitate having to learn “on-the-fly”. For these reasons, it is necessary to sit down and jot down a rough outline of short duration courses one wishes to undertake over the next 6–12 months, with enough flexibility built-in to substitute courses as life/work dictate. What helps is knowing what one’s job duties and roles are, and what one’s weaknesses are as it pertains to the job, the types of topics one is likely to encounter in future assignments…and then plan based on those factors accordingly.
CREATING A PLAN
To serve as an example… based on the criteria outlined previously, I’ve jotted down a rough sketch of topics I want to get a refresher on or simply want to learn about from scratch and gain better proficiency. Some of these are rather broad. Some of these are very specific.

Hopefully at the end of this series, we can reflect back and develop a summary table that may provide useful to future like-minded professionals looking at additional online training options to ‘fill in the gaps’.
UPCOMING
In the following articles, we dive into specific course examples and reflect on our experiences.
NEXT — PART 2: A review of Udemy Online Course “Penetration Testing with PowerShell Empire” that was completed in under 6 hours.
ABOUT THE AUTHOR

Mr. Spurlock is a digital forensics professional having worked on a number of low to high profile cases for 15 years in the FBI, typically assigned to cyber squads, revolving around these types of cases: white collar, counter terrorism, crimes against children, counter intelligence, human trafficking, cyber and violent crimes. Between 2015–2019, he served on behalf of the FBI as the deputy co-chairman on the US/UK digital media exploitation working group interfacing with various UK police, intel and government agencies. He has testified as an expert and fact witness at the US federal/state level many times. In his current role, he works in private industry investigating how businesses were victimized from cyber based incidents such as ransomware, business email compromise, and cloud-based intrusions. Opinions expressed are solely his own and do not express the views or opinions of his past and present employers.
