Organizations rely on Digital Shadows (now ReliaQuest) to be an extension of their security team. Our global team of analysts provide relevant threat research, much needed context, tailored remediation advice and managed takedown support to make our clients’ jobs easier and more efficient. Crucially, by having analysts within the intelligence and collection cycle, we’re able to minimize the real-time false positives that cause nightmares for most organizations.
In our Security Analyst Spotlight Series, we bring our analysts out of the shadows and into the spotlight, showcasing their expertise and interests so you can learn a bit more about a “day-in-the-life” of a Digital Shadows (now ReliaQuest) analyst.
Name: Heather Farnsworth
Title: Cyber Intelligence Analyst
Q: How did you get into the field of cybersecurity?
A: Throughout my college career, I was very passionate about Criminology. I was fascinated by the ideology of criminals, predictive crime and behaviours, and in what way social class, social economic status and hundreds of other variables influence crime. I also developed a passion for technology during this time, and four years working for a major tech company in IT support allowed me to understand the newest software, the whys behind the product, and how these components are compiled to morph into user friendly functions for a variety of purposes. It wasn’t until the end of my Senior year as an undergraduate that I started to think about what was next for me. I asked myself: why not pursue a career where I could utilize both talents? So, I did, without hesitation. Instead of simply leaving The University of Texas at Dallas with a Bachelor’s in Criminology, I decided to continue my education and pursue a Master of Science in Criminology in conjunction with a Certificate in Cybersecurity Systems: Internal Audit and Information Management.
Q: What areas of cybersecurity are you most interested in?
A: I have a particular interest in the influence geopolitics has on the targeting of public distribution systems. Cyberwarfare is undoubtedly influenced by geopolitics, so it’s fascinating to see how the response mechanisms of cyberwarfare are carried as repercussions of political events. Often times when critical infrastructure is targeted – such as power grids, water supply systems or mass transit systems – it’s a result of a group’s furtherance of political or social objectives. Take the attacks on Ukrainian infrastructure since the annexation of Crimea in 2014. Since then Ukraine’s energy infrastructure was targeted using BlackEnergy malware, including KillDisk, that had been attributed to the ATP group Sandworm. Then as recently as 2017 a new malware variant of BlackEnergy was used to target Ukrainian financial institutions.
Q: What’s the best part of your job?
A: I enjoy being engaged with the client from the very beginning, because this is where I help to identify what’s most important to them. A lot of mutual learning and understanding happens in these early stages. Sometimes, clients don’t know the full extent of their risks, which is where I can add real value. A big part of this is showing the client their digital footprint. Often they’re surprised by how much we can find, or simply didn’t realise exactly what sensitive information had been exposed online for so long. There’s always something new to learn and that’s something I don’t get tired of, it keeps things interesting to say the least.
Q: What do you do outside work that helps with your job?
A: Outside of work, I like to keep up on upcoming technology trends, and especially enjoy listening to cyber podcasts. Currently I have a plan in place to start my Security + certificate along with other training tools that help develop and fine tune my Open Source Intelligence (OSINT) and Closed Source skills.
Q: What has been your favorite project to work on?
A: Recently, a prospective client was in the process of building out a new team and didn’t have the resources to fully identify and understand their current exposure. Using open and closed intelligence sources, I was able to identify and contextualize actors on various forums and sites through the incidents I was producing, to show a much fuller representation of their digital risk. In doing so I was able to help the client understand what actors were a risk to their organization and, specifically, what tools and techniques they used. This then allowed the client to improve their security and mitigation measures accordingly.
Q: What’s one thing that most people won’t know about you?
A: I like to study cold cases in my off time. I know it sounds odd, but I like to attempt to understand the mind of all sorts of criminals, their crimes, and victims. You can never truly predict crime, but understanding how different variables can influence crime is a great way to start. This easily translates into how we understand other phenomena such as financial crimes, terrorism, extortion, warfare, and so much more.
Heather is a University of Texas at Dallas alumna with a BA in Criminology, MS in Criminology, and Certificate in Cybersecurity. She is passionate about intelligence analysis and understanding the “why” and “how” behind campaigns, actors and their targets. She currently works directly with clients to help identify their risks and showcase Digital Shadows (now ReliaQuest)’ SearchLight capabilities. Outside of work, Heather enjoys camping and venturing to new record shops when the opportunities arise.
Learn more about our Intelligence Analysts in our Security Analyst Spotlight Series.
Interested in hearing more from our intelligence team? Check out our blog or subscribe to our weekly threat intelligence podcast: ShadowTalk.