A chat with Ms. Heather Mahalik--SANS Instructor, Author, & Inspirational Changemaker!

Project Cyber recently got the opportunity to catch up with Ms. Heather Mahalik! She is a super-cool real-life "detective" who was gracious enough to share her advice for youth involved in cybersecurity and her favorites to learn more. Alert! Interactive Exercises included: discover awesome resources to check out, from podcasts, books, to blogs! Hope you have fun surfin' :)

This is a part of our interview series with amazing people committed to keeping the cyber world secure. Be sure to keep an eye out for more ways to learn about the people of cybersecurity and what the landscape looks like!

Heather Mahalik is the Senior Director of Digital Intelligence at Cellebrite and is a SANS senior instructor and course lead for FOR585 Smartphone Forensic Analysis In-Depth. Heather maintains www.smarterforensics.com, where she blogs and hosts work from the digital forensics community. She is the co-author of Practical Mobile Forensics (1st and 2nd editions). Heather’s background in digital forensics and e-discovery covers smartphone, mobile device and Windows forensics, including acquisition, analysis, advanced exploitation, vulnerability discovery, malware analysis, application reverse-engineering and manual decoding. With over 18 years’ experience in digital forensics, Heather has been an expert of choice for law enforcement and intelligence agencies.

  1. You’ve decoded artifacts and handled so many devices as a forensic examiner; it sounds like something out of a cool movie! How did you learn more about these topics, and what would you recommend teens should do to pursue their interest in this field?

I was taught to create and test data from my first day on the job. My boss at the time made me create what I didn’t understand. This concept is now cemented in my mind. I am constantly researching and testing. I love this aspect of my job. When a new operating system is released - I download, install, create data and verify. Same goes with new applications. You need to try it to really understand it. I try to use multiple methods and tools to provide feedback on what I recommend to the community, based upon my experience.

If you are interested in DFIR, you need to stay current. Read blogs, watch webinars and find people you admire. Follow them! Ask them to help you. Getting to know people in this field is important.

2. What about cybersecurity appeals to you the most?

I love that we take technology and apply it to concepts and methods that help keep the innocent safe and put the bad people away. This field and my work has become a passion of mine. If you love what you do it doesn’t feel like work!

3. What does your typical day look like? From being an author to being a SANS Instructor, you cover so many amazing avenues!

My days start with wrangling my children. :) I work remotely (even before COVID-19) for Cellebrite. Every day is different. I would be lying if I didn’t discuss the meetings. There are tons of them, but they matter. They make the tools better for you, the user. I do a lot of research and I collaborate with my colleagues (we call ourselves the Dream Team). Together, we try to help with cases, answer questions, create blogs, and generally try to educate ourselves and our team.

When I am teaching for SANS, my days are packed! I am in the classroom (even virtually) from 8:30 - 5:30 sharing knowledge with students. These days are energizing and exhausting, but I take away just as much as the students. The interaction is so important as a SANS instructor. When it’s course edit time, you will find me holed up in my office in the evenings researching, documenting and updating course material. This happens a few times a year and makes for really long days.

4. You’ve worked on so many exciting projects! What endeavor have you enjoyed the most?

Wow. This is a tough one. I put my passion into all of my cases. However, some outweigh the others. In my current position, I get to help everyone with the harder parts of their cases. Everyone from detectives to consultants come to me with the files/artifacts they don’t understand. So I get bits and pieces of the cool stuff. I love that my input helps them have the "Aha moment" and sometimes really puts the evidence in perspective.

Writing and delivering my SANS course is huge for me. The effort that goes into it is immeasurable and the outcome when you see students walk away with concepts to apply to their investigations is so satisfying.

And finally - the best case I have ever worked - everything that led to the elimination of Usama Bin Laden. Touching his media after years of chasing terrorists was the culmination of my hard work. September 11th was eye opening on what terrorists can do to the innocent and I was lucky enough to support efforts against terrorism for many years.

5. What are your favorite hacking movies/books/podcasts?

Podcasts - well the one I do with Matt Goeckel of course - Carved From Unallocated

Books - File System Forensic Analysis - Brian Carrier (was my saviour many times)

Blogs - these are what I really rely upon. To name a few bloggers I really keep an eye on - Josh Hickmans, Alexis Brignoni, Ian Whiffin, Sarah Edwards, Mike Williamson, Chris Vance, Cellebrite’s, Elcomsoft’s, Mattia Epifani, Mari Degrazia - just to name a few of my favorites. I LOVE when someone new blogs. For example - Scott Koenig wrote his first blog and I hosted it. It’s brilliant to see new bloggers emerge.

To be honest - I like to "check-out" of work when I watch movies, read books and "leave my office."

6. A piece of advice you would give your younger self?

Admit when you are wrong. It’s okay to not understand everything. It’s not possible to be perfect all of the time. The DFIR community is smaller than you would think and many of us collaborate. It’s so important to be involved and let your voice be heard. But keep your voice honest!

Thank you so much Ms. Mahalik for your time and we really appreciate your advice!