Full Stack Security Analyst

[krmaxwell]

https://twitter.com/kylemaxwell/status/596106032939671552

[chrissanders]

Conversation provoking stuff! While I do think the nature of the industry right now is that everyone has to be a generalist, I think its moving away from that. Much like how all doctors used to be general practitioners, now all doctors receive the basic core training needed and then go into residencies to specialize. Furthermore, you see a similar style of training in the military. Everyone shoots a rifle, but after that it varies. I think we are rapidly approaching a time where DFIR folks MUST specialize to be effective and marketable, but it is important to have a collective set of baseline skills in some of the areas you mention here.

[krmaxwell]

Thanks for the thought-provoking comment. To some extent, I think DFIR is already the start of a specialization, though clearly we can drill down from there (reverse engineering, system forensics, packet analysis, etc.) But if your role is DFIR per se, you need a broad foundation even if you become a specialist in investigation.

Certainly, though, specialization to an extent is required, otherwise we wouldn't have folks able to do some of the highly technical things we need in this field.