July 6, 2022
Meet Devin Hill, Convergent’s Director of Digital Forensics and Incident Response.
Devin Hill joined Digital Silence as our Director of Digital Forensics and Incident Response. We’re excited to add him to the team and think you’ll enjoy getting to know him.
Sometime around middle school, I got into computer gaming. As this was the early 90s, this involved a lot of trial and error to find the right combination of DOS commands/settings to get them to work right. I got really good at troubleshooting systems while doing this, which led to a career in IT. Eventually, I got bored with maintaining servers and fighting with printers and was looking for a change. I decided to pursue a bachelor’s degree in Information Security at that time, as I was already spending a lot of my downtime working on hacking challenges and found the security aspects of IT the most interesting.
One of my favorite things about DFIR is that no two cases are exactly the same. Even if investigating breaches/ransomware cases from the same group, they may change up their tactics or tools depending on what worked best on the victim network. This keeps things interesting, even if the analysis process doesn’t change much.
I’ve worked on a number of really interesting cases, some of which have been very high-profile. I’d have to say my biggest professional achievement to date, though, is taking this role at Digital Silence. I’ve been taking roles with increasing levels of responsibility to get to this point in my career, and I’m proud to lead the DFIR practice here.
I spent three years as a Cavalry Scout in the Army, then worked in a couple of factories for about a year afterward. After a mass layoff, I decided it was time to go to college and got an associate’s degree in Computer Systems & Networking. I worked as a Konica Minolta copier tech, then moved to Cincinnati. I started as a Deskside Support Tech for Procter & Gamble before working a couple of SysAdmin jobs for medium-sized local businesses. I moved into cybersecurity in 2014 as an Intrusion Analyst for CBTS Advanced Cyber Security (later Morphick, which was then acquired by Booz Allen Hamilton) and moved into DFIR shortly after. I’ve worked in DFIR roles for several well-known firms since then.
My biggest pet peeve is definitely when IT teams start reimaging systems before beginning an investigation. I completely understand the pressure they’re under to recover the network as quickly as possible after an attack. Unless a copy of the hard drive is made before reimaging a system, all evidence on that system is lost forever. This always results in gaps in the attack timeline and makes it significantly more time-consuming to confirm the initial entry point into the network. This makes it much more difficult to improve the victim’s security to prevent another attack.
Using a password manager is better than reusing the same weak password across different sites. A trustworthy password manager with multi-factor authentication to generate and store strong passwords will keep your data far safer than the alternative.
I recently started running and cycling more regularly again. I also take regular trips with the family to scenic areas like Hocking Hills, Red River Gorge, and Mammoth Cave. When the weather is too ugly for those things, I’m likely 3D-printing something or restoring/repairing retro game consoles.
Does Silicon Valley count? There are some security aspects, so I’m going with Silicon Valley.
I’m currently building a full set of movie-accurate, 3D-printed Ghostbusters gear, complete with lights, sounds, and smoke effects. I’ve finished the trap, pedal, neutrino wand, and other parts. Fingers crossed, I’ll have the whole proton pack complete by Halloween!