Tetra Defense values a well-rounded approach when it comes to cybersecurity. Preparing for cyberattacks, responding to incidents, and creating unique solutions are all important separately, but they are far more effective when combined. To that effect, we learn from Cindy Murphy, President of Tetra, as she describes her path from law enforcement, to digital forensics, to education, to now, leadership.
“My best advice is to find what your personal learning style is — learn how to learn.”
What first piqued your interest in digital forensics?
I have been very comfortable with computers from a young age. My father was a professor at the University of Iowa, and I spent a lot of time as a child playing in their server rooms. Dad taught me file systems, simple programming, simple queries, and things of that nature, and he taught my sisters and me to build our own computers.
I was presented with an opportunity to dive much deeper into the world of computer crimes in 1998 during my time in the Madison Police Department. I started working on a case that involved the illegal tampering of historical documents — specifically, someone was cutting out historical signatures from books in the historical library at the University of Wisconsin-Madison, and selling them online on newsgroups, hosted by MIT. This case intrigued me and gave me an opportunity to connect with an early digital forensics expert, Eoghan Casey (who literally wrote the book on digital forensics) as part of the investigation. I was hooked from my first case.
After that case, I went through as much specialized digital forensics training as I could find, worked on educating as many of my peers as I could, and worked hard to learn what I needed to not only do this work well, but also help facilitate the education of others in the field. Pretty soon, I was developing curriculum for Madison College, authoring coursework for the SANS Institute and teaching all over the world, and consulting with NIST and the DOJ. In 2009, I felt I had hit a wall with existing training — it felt like many courses I attended were repeating content, some of which wasn’t technically correct. I had quite a lot of experience in the field at this point, but I wanted to progressively advance my academic knowledge. So, I went back to school and earned my Master’s of Science in Forensic Computing and Cybercrime Investigation from University College, Dublin in 2011.
What brought you to Tetra Defense?
I was a year away from retirement from law enforcement in 2016, but I knew I wasn’t ready to retire, because this work is so fulfilling. Scott Holewinski, whom I had known for several years at that point called me to talk about what it would take to start a digital forensics business. Along with some of his associates, including Wesley Gill and Tyler Gill, we started collaborating and realized quickly that there was a great opportunity to bring my experience, reputation, and vast professional network into an already great mix of technically skilled folks including software developers like Trentin Thomas and incident response folks like Nathan Little. My previous experience was never business focused and learning that side of this work, being part of this growing team of amazingly smart people, and part of leadership in this organization has been incredibly rewarding.
How does your team interact in relation to others?
There’s so much value in having us all under one roof. Not only do we have each other’s technical knowledge and experience to rely on, I firmly believe we had immediate success thanks to our collaboration. In the beginning, Nathan was really pivotal in making sure we could make our incident response efforts compatible with our digital forensics and investigative efforts — he was ready to lead our numerous ransomware and business email compromise cases, and I was able to concentrate on leading our corporate investigation, civil litigation, and mobile forensics cases. Between proactive services, incident response, digital forensics, and our software development teams, all the of the teamwork that happens makes us stronger and sets us all up for more learning and more success in the future, not to mention providing positive outcomes for our customers.
Any advice for aspiring cybersecurity professionals?
My best advice is to find what your personal learning style is — learn how to learn. Then, expose yourself to as much as you can, experience-wise. This is a vast field that changes every day, so if you’re not enjoying what you’re learning, there’s always room to shift focus. Immerse yourself in the communities and organizations out there that welcome active participation and sharing of knowledge of the latest techniques. When you first start out in this field especially, try to avoid tunnel vision. Your time and energy will need to cast a wide net before you find what really lights a fire, and keeps you growing to meet tomorrow’s challenges.
A non-work-related question: How do you like to spend your free time?
Most of my life outside of work has nothing to do with computers. That’s intentional and for me, healthy. I’m a musician with Hoot’n Annie String Band and play the cello, ukulele, mandolin, mandola, tenor guitar, 4 and 5 string banjos, and vocals. While things have drastically changed for us this year due to the pandemic, luckily we’ve been able to continue weekly socially distanced music sessions in my backyard. When I’m not playing music, I stay active with my Brittany spaniels, tending my new flock of chickens, stand-up paddle boarding, occasional yoga, reading, and decorative knot tying as a member of the International Guild of Knot Tyers .