Triggering IR

Hello there! If you are reading this, you most probably are curious about how Bytesploit forensics started.

In the spring of 2023 the company I was been working for decided that their Security Engineer needed to develop and enhance his Incident Response skills.

And I will forever remain grateful to my manager who made it possible for me to join the very pricy but worthwhile training provided by SANS Institute at the SANS West 2024 San Diego event.

To provide some context of where I was at that moment, I was a young Security Engineer who failed twice his OSCP exam attempts and was feeling slightly lost in the Cyber realm's landscape. My interest in the Offensive side of security was decreasing and I was going into the FOR-508 class with little to no expectations at all.

I was not sure what path I was supposed to follow to advance my career and what job was suited for me, but I had some signals in the past and some traits that I was not paying enough attention to realize that the answers were all the time there in front of me.

Going into class I was mesmerized by the energy and passion of your SANS class instructor, Carlos Cajigas, and also by the interest presented by my classmates and peers.

The class took 6 days and every day a new topic was presented, by the end of the week I was hooked by the world of Incident Response and Threat Hunting. It was so fascinating how this job was making me feel like a private detective; gathering proof and evidence to solve the mystery of the compromised company. Nevertheless, my brain was mush by the end of the week, but the sparkle of learning about so many techniques to analyze and detect malicious behavior filled my heart with joy and curiosity, I was feeling again hooked and interested in the world of cyber security.

That was the moment when I realized that this is what I want to do for the rest of my professional life, solving mysteries and crimes in the digital realm and also being paid seemed like a dream job for me.

In the last day of the training, we were divided into teams and we competed for the prestigious FOR508 Coin "Non-Potestis Latere", which is translating into "You Can't Hide". The coin was looking so dope and I was so determined to win it, getting that coin was so symbolic for me, it meant that I was able to turn a new page and I was ready for it. Unfortunately, even if I had great team members, we finished second and failed to secure the was painful for me, but not getting it and being able to interact with so many amazing people and being initiated in the world of Incident Response and Threat Hunting was the real coin I have won that week.

As soon as I got back from San Diego, I purchased my exam attempt for the Giac Forensic Analyst(GCFA) exam and I will take it in September. I will use the missed "Non-Potestis Latere" coin as extra motivation and I am more than eager to pass the exam, to trigger the Incident Response stage of my life.