TL:DR

The difference in skill and knowledge between the very best and everyone else is small but requires so much effort to obtain that most people don’t even try or quit trying.

This post is intended to kick you in your butt.

 

A little bit more detail

If you watch sports, a common theme is that wins are by thin margins of time or points, sometimes only split seconds or inches make the difference. This applies in everything including the DFIR/infosec field. I have been involved in casework and read cases of others where one person does or finds one small thing that completely changes the direction of the case or even makes the entire case. One thing!  Usually, this one little thing is something that you later look at and say to yourself, “Why didn’t I see that?”

We tend to think that ‘next time, I’ll do that too’ but that next time never comes.  And we keep seeing others do this over and over in different cases and wonder why we keep missing these little things that make big differences too.

The effort needed

In music and sports, perfect practice makes perfect. No practice and sloppy practice is a downward slide in skills. The most skilled make it look easy and natural. But those are the ones who have made more effort off the court (or in the lab or the classroom) than anyone else. This is no different in the DFIR field or any field.

Effort = physical energy + mental focus + resources (money, time)

You need all three.  You will never have an equal balance of these. Something will always be lacking.  But you must do the best with what you got and what you can get. Everyone else does too.

Our Own Effort

Our perception of effort spent might not be accurate….we sometimes tend to think we are putting out more effort than necessary (without getting results!) but in reality, we are putting out less and don’t need as much as we think. Athletes and musicians have coaches to help them put this into better perspective.

Our Perceptions

It is so easy to believe that we have it harder than others, and that others don’t need to put forth as much effort to be “x” (where x = competent, or highly skilled, etc…).  Rule #1 – don’t worry about what someone else is doing because you’ll never really know what they are doing outside of what you see in public and online.

Quitting and giving up

If you quit early on, you are most likely far from your goals. If you have been doing the work and putting in the effort, you might be a lot closer to your goals than you think. It would be nice to know how close we are, but we won’t know until we get there. It is easy in college to know how close you are to your degree because everything is by a checkbox.  Math course required? Check the box. Next until done. This is easy because you have a known path to your goal.

In DFIR, when we aspire to do something specific or reach a certain skill level, we don’t have a known path or gauge of where we are.  You don’t know where you are until you get where you are going.  You will never know how close you were when you quit. Frustrating!

Changed goals

When your goal is “x” (forensic examiner, incident responder, etc…), and you work toward that goal, your goal post might change.  Maybe during your journey, you find a more suitable goal. Many people stick with their initial goal and fight themselves all the way to achieve it. Then they are unhappy with the goal they achieved because they choose to ignore the goal that they truly wanted. Rather than see this as giving up on a goal, recognize this as an inspiration derived from your initial path that opened your eyes to a truer path.

 

How do I know this?

As embarrassing as it is to admit, I have tried things and quit. I have tried things, failed, and quit. I have tried things, failed, tried again, failed again, and quit.  I have tried things, failed, tried again, failed again, tried again, and quit.

I have also tried things without putting out the effort that I KNEW that I needed to put out.  None of those ever worked out.

I have also worked to obtain something that I later realized I didn’t want, only to keep going to get what I didn’t want…

The only time that I made my goals that I set was putting in more effort that I thought was needed and each time, barely made the goals.

The “How To” get where you want to be in DFIR (aka ‘harsh realities’)

*  You must put forth the effort.

If you quit, you won’t get anywhere.

Goals change for the better.

Don’t ignore inspirations.

Find a coach (ie: a brutally honest friend or a coach you pay to be brutally honest).

Realize that you are closer than you think, but won’t know how close until you make it.

Focus or the effort is wasted.

When you are short on one thing, use more of the other (ie: less funds available means more time spent to find free or less expensive resources).

Stop complaining.

Stop whining.

Stop making excuses.

Stop blaming others.

*  You demean yourself and your reputation by putting others down.

It doesn’t matter if you were unfairly criticized, unjustly accused, wrongfully discriminated against, or inaccurately judged.  No one cares and neither should you.

No one has unlimited resources.

More realities in DFIR

Few people are as good as you think they are.

Anyone can learn more about something than anyone else.

Credentials are meaningless if you can’t do the job.

If you can do the job while uncredentialed, you are more valuable than a credentialed and incompetent competitor.

You are better than you think you are.

*  You will never know everything. No one does and no one ever will.

You can’t control the “system,” but you can control your effort and path.

You have the potential to discover something today that no one ever will.

Put your words on paper or someone else will. They will deserve the credit, not you.

*  Talk is cheap. Action is what matters.  Want to write a book? Then do it and stop talking. Want to develop an application? Get to work on it!

Haters will hate.  Accusers will accuse. But they only do that to bring people down, not to those who are already down. Don’t feed the trolls.

Do this one thing right now. Do it again tomorrow. Do it again the next day. Keep doing it.

Find ONE THING a day. That one thing must be something that (1) is newly learned, (2) refreshes what you previously learned but forgot), (3) saves you time in your work, (4) makes your work more efficient/productive/effective, or (4) inspires you.

This can be related to work, a class, a YouTube video, playing around, relationships, or a hobby. Anything! Every one of these items affect all the others.  A hobby can create an incredible inspiration at work. Play can create a solid relationship. A great relationship can support amazing ability to work. It is all related to each other and affects one another.

Now: Write it down. Email it to yourself. Tweet it. Tell someone about it.  Do something that will burn it into your mind.  If you don’t do one of these, this ‘one thing’ will be a fleeting moment in time and wasted when it could have saved you hours of work, led to an amazing discovery, or opened an opportunity that you would never have otherwise.

Don't do this for more than one thing a day. Just one. That is all that you need and the most effective. Otherwise, it because unduly burdensome and less effective. PICK ONE ONLY!

Don’t be lazy about this.  This is 100% on you.

Backstory to a book

My most recent book (X-Ways Forensics Practitioner's Guide/Second Edition) is an example of all of this, and is also a reminder to me of what I just wrote. First off, writing a book is not easy. The mere effort to write requires effort (as described above). Then there are detractors, imposter syndrome, and personal matters and work to attend. That is on top of research, writing, editing, re-writing, more research, cooridinating and organizing information and people, and finally putting the final period on the page.

This X-Ways book took way more time than I had planned, I wanted to quit many times, spent more resources than expected, tested more than ever, and simply had to create the words out of thin air, which I believe led to my thinned hair...  There is no need to get into every little thing that was an obstacle to this book, but suffice to say there were many.  The more that I think about it, there were a thousand reasons to quit writing this book and only ONE reason to finish it.  And that is all you need to have, because ONE thing can outweight a thousand others.

Consider your butt kicked, but with much love and respect.