Monday, 27 June 2011

The System Is Broken

There are some great blogs written by forensics professionals out there at the moment.  Two of my favourites are the amusing accounts of forensic life written by two law enforcement forensic guys here in the UK:

http://faintingchicken.wordpress.com
http://happyasamonkey.wordpress.com

I  love their often irreverent and always interesting twitter posts too so do follow them at: @happyasamonkey and @faintingchicken.

The Chicken, in his recent eggscelent (sorry) post, really lays (oops) out in clear terms the ridiculous position he is currently facing with the A19 procedure.  I don't know chicken personally -  or even his name so I have no personal axe to grind - but it seems but he effectively has to re-apply for his job.  However, due to 'the system' he is way down the pecking order (no more, I promise).  How ludicrous!  All the training, development and experience he has gained is just let go and the money then needs to be spent on training somebody else.

I often advise people new to forensics to work in law enforcement for a couple of years to gain experience before moving on as 'the system' makes it almost impossible to be promoted to Manager level.  However, many when they get there stay in law enforcement as they love the work, enjoy working closely with like-minded, talented colleagues and have a genuine commitment to public service.  I especially find this at the Met.  However, many others who are ambitious for career progression just walk away with incredible experience and skills to another employer as 'the system' means they have no other option.

Surely the system is broken?

English summer

There is nothing much worse that being stuck in the UK whilst the annual World Series of Poker (WSOP) continues in Vegas.  I have been at the WSOP for the last two years and it is amazing.  Every day sees somebody else land a huge payday - life changing in many cases.  When not in Vegas I follow the action via twitter, live-streaming, reporting and via friends who are in town but it just isn't the same.

A trip to the WSOP usually keeps me alive in the gap between the football and rugby seasons. Mind you, with the inactivity at the Mighty Leeds United this summer and the bewildering departure of three of our top players (hmmm, is all relative) I am not sure that this coming season will be any less than a disaster.

In terms of summer sport here in the UK, Wimbledon isn't really my thing and the cricket series agains Sri Lanka was less than inspiring.  I am, however, going to pop along for a few days of the India Test Matches as I love the atmosphere generated by the absolutely fanatical Indian supporters - they are amazing!  If you are going to any of the games do let me know and I will kindly let you buy me a beer or three....

Thursday, 16 June 2011

Recruiter Briefing Hell

After a few days in France it is always a relief to revert to good old British hand-shaking rather than the endless stream of kissing.  However, my joy at this was short-lived as I knew I had been roped in to attend my least favourite thing in the entire world: a recruiter briefing.  Trust me, these events make major root canal work look appealing...

I usually avoid these things like the plague.  It starts at reception when you notice the other recruiters all milling around with bundles of files (why: what is in the files?), Ipads and laptops. We are then herded like sheep into a room to be briefed on the organisation and their recruitment needs.  Straight away this makes you feel very special as you are one of thirty or so all working on the same roles.  I mean, which Clients do you think recruiters will really spend the most time with – those who make an effort to see them on a one to one basis or those where you are one of many?

At this stage I give myself a little pep talk about how I must try to concentrate.  Then  it starts with a surprisingly brief HR summary before the introduction of one of the Hiring Managers.

After about three minutes I am reminded of the Oscar Wilde quote, ‘I am so clever that sometimes I don’t understand a word I am saying.’   After a while the will to live has left me and I drift off into an almost hypnotic state punctuated with nodding randomly as the stream of clich├ęs drift over me.  Maybe I should have stabbed myself with a pen to gain his attention?   Rather than taking notes it seems I had sketched voodoo dolls and a noose...

Finally, just as I am taking the laces out of my shoes and looking for beams the monologue was over and questions were invited. 

At this stage I do wake up as it is the best part of the proceedings!  So many recruiters love to talk and ask irrelevant questions – maybe they have a list of stupid questions in their files?  You know that course you attended that had run over and when the instructor asked for questions you all kept quiet as you just wanted to leave - but one person didn’t get it and kept raising inane points?  Well, a recruiter briefing is like this but much, much worse.

At first the Hiring Manager and HR happily answer all questions but after twenty minutes or so even they are looking bored by the tedium and pure irrelevance of the questions.  They exchange bemused glances on more than one occasion.  I actually cringe for one recruiter who asks eight questions very loudly and appears to laugh at the end of each sentence for no apparent reason.  Finally, after an hour of questions we are invited to drink warm white wine and sample a few dodgy sandwiches as we ‘network informally’ with other members of the Team.  The recruiters surge forward to ingratiate themselves and ask more questions.
I slink out of the side door in search of real people living on the same planet as me.....

Thursday, 9 June 2011

Weekend in France

I am writing this blog in the departure lounge awaiting my flight to Paris.  Some exciting work followed by a long weekend in France celebrating the 40th of one of my oldest and best friends - can't wait!

I have spent some great times in France, especially sailing in Brittany.  When me and JP were actively campaigning our Laser 5000 (pictured) on the European Circuit a few years ago our trips to La Baule and Lorient (both wonderful sailing locations in Brittany) were incredible.  Big waves, great sailing, amazing food, superb parties and fun people...

However, the last time I was in Paris was twenty years ago as part of my 14 months travelling before University.   Me and my pal Bupa had hitch-hiked to Paris from Amsterdam - including spending a very unpleasant, damp night in a shop doorway in Belgium – before arriving in Paris.  We were on such a shoestring budget we actually slept in Charles de Gaulle airport every night for a week before heading into Paris during the day until one evening the local police suggested we leave.   We ended up spending a very uncomfortable night in sleeping bags within the Gare du Nord before heading off for Munich the next day.  I had planned to spend the winter in the ski resorts of Germany until the Berlin Wall came down a month or two later and I headed straight to Berlin to spend a superb couple of weeks celebrating the incredible events unfolding before our eyes.

On this occasion I am in Paris as part of a major search assignment for one of our best Clients who is looking for senior eDisclosure professionals.  In this pretty tough market nearly all my personal recruiting seems to be in the eDisclosure area at this time, with particular demand for experienced Project Managers and Senior Consultants. 

In fact, it has been a few months since I was asked to recruit for a pure forensics role.   Is this going to be the case in the future I wonder?  On twitter this week, one experienced HTCU forensics professional was shocked that we are so quiet on the forensics side as he thought that people from the public sector would be in the market seeking opportunities.  My response was to ask where these people would go?  Big Four or similar in an eDisclosure role?  Bank or other major corporate as part of their IR, security or investigation Teams?  Are there realistically many positions available for people with these skills at this time?

Forensic 4Cast Awards

By now most of you will have heard who has won these awards.  I was especially pleased to hear that Eric Huber won the best blog prize for his excellent blog ‘A Fist full of Dongles.’  If you aren’t a regular reader I suggest you take a look as it is always an entertaining read from a guy who really knows his material:

Wednesday, 1 June 2011

Interview with Angus Marshall

In this blog I am delighted to publish an interview with Angus Marshall.  

I first met Angus a number of years ago when he was inspiring large numbers of students through running the digital forensics course at Teesside University.  Nowadays, although still involved in academia, Angus is active in a wide range of work within the digital evidence/forensic computing sector including representing the Forensic Science Society on the Forensic Science Regulator's digital evidence advisory group.

This broad mix of experience gives Angus a unique perspective as you can see from his answers below:


1, How did you become involved in the digital forensics sector?

Almost by accident. About 10 years ago I was a lecturer at the Centre for Internet Computing in Scarborough and also managed the network for staff machines & our labs. One day someone spotted that all the campus bandwidth was being used by one of our Linux servers. I spent some time analysing that and my then girlfriend (now wife) suggested that I should write it up for the Forensic Science Society. After I presented the paper, on some theories about malware & incident analysis, Pat Wiltshire (forensic palynologist) suggested I should contact the old National Crime Faculty to become an expert on their register. A couple of months after that process was complete, I found myself working on a missing person case that soon turned out to be a murder.

I'd had an interest in forensic computing for a while before that happened, but it was always difficult to convince my employers to let me run a course. Fortunately, the success with the casework at Scarborough allowed me to at least put some forensic content into a final year module on the Internet Computing degree. It wasn't perfect, but it gave some insights into how to handle evidence.

2, Do you think students looking to move into this area are better taking a broader IT degree or a more specialised forensics course?

That's a very difficult one to answer. My own first degree was in Computer Studies & Microsystems and I still find myself falling back on principles that I learnt in the 80s. Of course, it's not enough to be just technically competent - you need to know something about applicable law, general forensic & crime scene science and a lot about how to write clearly & concisely.

There's a lot to be said for having a good general computing BSc followed by one of the specialist MSc courses, but there are some very good BSc programmes out there too. I think the key is to find one which combines the technical with the investigative & legal aspects properly - has them running as themes through the whole programme, rather than a course where the "forensic" element is almost bolted on as an afterthought through one or two modules added for marketability.

3, Course accreditation vs competence.  Your  thoughts?

Ouch! Well - since I've just finished a project with the Forensic Science Society to create their component standards (working with practitioners and academics) for accreditation of academic courses, I have to say that course accreditation is a good thing. I think it gives employers and students an assurance that an independent assessment has been made of the content, and that means that good students should be competent when they graduate. The scheme has been running for a few years now in the "conventional" forensic sciences and I know that employers particularly find it useful.

The problem is, of course, that not everyone in the industry will go through an accredited course and that skills in our area change rapidly - we're up against the ingenuity of other human beings after all. So I see an independent certification of competence as an important element too. This is something that the work on regulation & standards is turning into a requirement.

I think we need an independent body which can periodically test practitioners and give a certification of competence in particular skills which are relevant to them and the enquiries they deal with. That would also allow for new skills to be developed and shown to be fit for purpose. Quite how we achieve that, I'm not sure - but I have some ideas and am working with some partners to put together a project which should go a long way towards providing such an independent certification.

4, Why did you leave the world of academia ?

That's a complicated one to answer. Part of it came from increasing frustration caused by constant pressure on the HE sector to do more and more with less and less. It was becoming impossible for me to continue to carry out research and casework alongside managing some very successful courses. It wasn't a decision taken lightly - it took over 12 months before I finally made the leap and I still miss the contact with students and colleagues. Fortunately, I'm not completely out of academia yet. I still deliver a distance-learning module for Ulster, am a visiting lecturer at De Montfort (where some very exciting things are happening) and external examiner for the OU as well.

5, As a recruiter, I talk to a lot of people in the sector who are experiencing very difficult times.  What is your view on the current state of digital forensics?

Times are hard. The austerity measures put in place to deal with deficits has meant that a lot of casework is no longer being outsourced. I think that only the best and the highly specialised are likely to survive.

Having said that, we're seeing some interesting developments outside the law-enforcement sector, not least with the launch of new insurance products designed to cover businesses in the event that they need a digital investigation of some sort. To me, that suggests that digital forensics is coming of age and being recognised as an essential part of business incident response planning.

6, I know you recently attended the ISO/IEC SC27 meeting in Singapore.  What is your involvement with this?

Well, as some people know, I'm the Forensic Science Society's representative on the Forensic Science Regulator's digital evidence advisory group. As part of activity there, the regulator has an interest in some projects that the ISO Information Security Committee (SC27) is working on which related to digital evidence. Since I have some time to spare, I agreed to represent the UK at the meetings where this work is progress. In October I was in Berlin for my first meeting and then Singapore in April for the second. The main project to date is ISO/IEC 27037,not published yet, which will be a standard for handling of digital evidence from first response through to acquisition & preservation prior to analysis. It aligns quite well with the existing ISO17025 which has been adopted by forensic science laboratories, but clarifies some points and is more applicable to all types of digital evidence, particularly in the context of incident response.

I'm also leading the UK proposals to add 3 new standards to complement 27037. We think we need to complete the set with something on investigative models & processes, analysis of digital evidence and validation of digital evidence methods & tools. The validation problem is a big one and one that some parts of the industry seem to be trying to hide from.

None of this is paid work, by the way, I'm lucky if my expenses are covered - and it's definitely not a holiday - we spend a week sitting in committee rooms from 8-5 every day.

7, Tell me about the other work you are doing now?

I can't tell you about all of it - that's the nature of what we do! For me, though, apart from the casework, the most exciting area is around the three pillars of quality within the standards - proficiency, competence and validation. I've been fortunate enough to be commissioned to visit a few labs. and produce reports on their state with regard to applying for ISO accreditation. Most are very good at what they do, but not so good at keeping evidence of how they achieve their hight quality. It's not much fun being the bearer of bad news, but it's something which we all need to bear in mind as compliance is expected by 2014.

I have a lot of ideas about how we can help the industry solve some of the biggest problems and generally demonstrate their quality to a level which should satisfy even the strictest judge. The end result of that will be a much smoother passage through the post-investigtion phase (court, tribunal, disciplinary hearings etc.).

8, What does the future hold for you?

I thought you had the crystal ball ;) I've given some hints in my answers already, I think maybe I should let the readers see if they can work it out for themselves. I can guarantee, though, that the world will run out of pies before I run out fingers to stick into them.

Whatever it is, it had better be challenging, I hate not having a problem to work on - which probably explains why drive an old Lotus as my everyday car.

n-gate ltd. is going to seize every opportunity that comes our way, and try to make a few for ourselves too. We're always open to new ideas and difficult problems in particular. I think my ideal is for us to become known as "the experts' experts".


Angus Marshall can be contacted in the following ways:

Website:  http://www.n-gate.net
Blog: http://marshalla99.wordpress.com
Linkedin: http://www.linkedin.com/in/angusmarshall
Email:  Angus@n-gate.net
Twitter: @marshalla99