Skip to main content

This DFIR Team Is The Place To Be!

Fabian Blog And Social 650X440 R2

Author: Fabian Mendoza, Senior Consultant, DFIR

It has been over four months since I joined the DFIR team at Palo Alto Networks Unit 42 but the experience has made it feel much longer than that. I felt compelled to write a blog about my experience thus far and why I feel this is the best place to be for those who are looking for a change.

For starters, you are paired with a coach who helps guide you during the transition period of the first 90 days. This ensures new employees can seamlessly integrate themselves into the team without the usual stress that comes with the feeling of “starting over”. For someone like myself who has been in this situation a few times before, it can feel daunting having to prove to your new colleagues why you belong, and similarly, try to have an early positive impact on your team. First impressions are vital in this fast paced field, but the DFIR team at Unit 42 has been able to soften that burden with the way your first 90 days are structured.

In addition to pairing new employees with a coach, you are also aligned with a manager that best fits your career needs and growth. This is something I noticed senior leadership really cares strongly about because they want to ensure new employees have the best possible pairing that makes the most sense for their career aspirations at Unit 42. For instance, if you are someone that is technically driven, which would’ve been identified during the interview process, then chances are you will be paired with a similarly technically driven manager that can speak the same language you do and can relate to the same topics and interests you have.

The onboarding experience at Unit 42 also includes internal training that aligns with your role. For instance, if you join the DFIR team, you will be assigned the appropriate DFIR related training for your particular level. This includes Palo Alto Networks product training, foundational DFIR training which details how to successfully respond to the wide range of case types we perform, and an onboarding learning path that gives the overall picture on how to conduct DFIR the Unit 42 way. The best part is the training doesn’t stop there! You will have access to an entire library of training modules to help you continue to upskill. You don’t know how to perform linux forensics? No problem! We have a training module for that! You don’t know how to perform cloud forensics? We got you covered! 

Besides the wealth of internal training that the DFIR team at Unit 42 has to offer, the team also provides all employees with a training budget for external training such as SANS, BlackHat and many more! 

Now I would be remiss if I didn’t highlight a few key reasons why the experience at Unit 42 has been so rewarding. Below are some of these key reasons.

The Documentation:

I have worked at various DFIR firms before joining Unit 42 and I can say without a doubt the documentation efforts here are unmatched. As a new employee, this is a major stress reliever knowing that anything you might have a question about, whether it's process related, administrative related or tool related, there is a high likelihood documentation exists to answer your question. It is a strong indicator that the team here really cares about passing on their knowledge to help their colleagues when they inevitably fall into the same situation or scenario.

The Culture:

Speaking of the team passing knowledge onto others, I want to highlight the culture here. Generally speaking, the field of DFIR is an extremely challenging one, with demanding work, long hours and aggressive deadlines to generate answers for key stakeholders. It is a perfect formula for creating a toxic work environment which in turn can lead to team members looking out for themselves and competing heavily with one another. This isn’t the case at Unit 42. Despite the fact that we deal with some of the most complex incidents, the team here genuinely fosters a collaborative work environment. You’ve probably heard this before in previous writings from my colleagues, but there is a reason this point keeps being repeated. I can’t stress enough how vital this is to a team’s success - when everyone is in the interest of sharing and passing knowledge onto one another. Now only does this allow for junior team members to accelerate their growth, but it also creates this bond and trust amongst colleagues, which in turn enables us to better serve our clients during their worst day.

The Work:

Lastly, the work at Unit 42 is extremely rewarding. We deal with all types of cases ranging from ransomware, business email compromises, web server compromises and advanced persistent threats (APTs). We have some of the best people, the best tools and the best process in the industry to be able to respond to various types of incidents with ease. This allows our practitioners to feel comfortable to respond to any breach. On top of that, we have strong forensicators that are always willing to answer any questions someone may have on a case.

All of these key factors I mentioned above serve as a recipe for navigating the complex world of incident response successfully and Unit 42 has managed to capture that graciously. If you are someone that is looking for this type of environment, want to work with some of the best people this industry has to offer, possess the necessary skills, and have the right mindset to help continue to instill the culture this team has built, then consider applying on our careers site!

Related Posts