I’m currently seeking security investigators for a research study I’m conducting on cognition and reasoning related to the investigative process. I need individuals who are willing to sit down with me over the phone and participate in an interview focused on individual investigations they’ve worked. The interviews will be focused on describing the flow of the investigation, your thought process during it, and challenges you encountered. I’ll ask you to describe what happened and how you made specific decisions. Specifically, I’m looking for investigations related to the following areas:
- Event Analysis: You received some kind of alert and investigated it to determine whether it was a true positive or false positive.
- Incident Response: You received notification of a breach and performed incident response to locate and/or remediate affected machines.
Ideally, these should be scenarios where you felt challenged to employ a wide range of your skills. In either domain, the scenario doesn’t have to lead to a positive confirmation of attacker activity. Failed investigations that led to a dead end are also applicable here.
A few other notes:
- You will be kept anonymous
- Any affected organization names are not needed, and you don’t have to give specifics there. Even if you do, I won’t use them in the research.
- You will be asked to fill out a short (less than five minute) demographic survey
- The phone interview will be recorded for my review
- The phone interview should take no longer than thirty minutes
- If you have multiple scenarios you’d like to walk through, that’s even better
- At most, the scenario will be generalized and described at a very high level in a research paper, but it will be done in a generic manner that is not attributable to any person or organization.
If you’d like to help, please e-mail me at chris@chrissanders.org with the subject line “Investigation Case Study.”