Life After Law Enforcement: Do I Stay Or Do I Go?

I was working on a bunch of CFP responses recently and during that process I found one that was rejected (so, so bitter…) by a major digital forensics conference in 2013. I won't say the name of the conference but it rhymed with "CEIC 2013".

The write up that I submitted for the talk was:

"This PowerPoint-free presentation will provide law enforcement officers who are contemplating pursuing a career in private sector digital forensics with the information they need to prepare and be successful.  It will cover how to best prepare for a private sector career as well as the pros and cons of the different options available.  We will also talk about topics such as resume preparation, interview strategies and private sector compensation models."

Since I’m back in the blogging game, I’m just going to do this presentation as a series of blog posts.  From hell’s heart I stab at thee CEIC 2013 CFP approval committee…. unless you turned me down because I inexcusably didn’t use the oxford comma in my CFP. If that was the case, all if forgiven because I clearly deserved nothing better.

The first decision that law enforcement people need to make is the classic one asked by Mick Jones and company in the 1980s.  If and when to leave law enforcement depends on a myriad of personal and professional variables, but the general advice that I give police officers is simply this:  If you are happy and you know it, stay right there.

Taken as a whole, the grass isn’t greener in the private sector compared to the public sector. There are advantages and disadvantages, but if you’re happy doing what you are doing and the compensation and benefits are working for your family, there isn’t any reason to bail out. I’ve seen plenty of people regret leaving law enforcement chasing money because they had a pile of cash dangled in front of them.  In some cases, I’ve seen people return back to law enforcement after spending time in the private sector and there isn’t anything wrong with that.

Money certainly can be a compelling reason to head off to the private sector especially if it’s in such an amount that will change the lives of your family and what you can provide them, but you also have to look at the total compensation package because there is more to compensation than just salary.  For example, many private sector health plans are much less robust than what one can get in the public sector.  High-deductible plans with high monthly premiums have been a trend in the private sector and can eat up quite a bit of that sack of cash you were offered.   It’s also very important to keep in mind that most private sector jobs in the digital forensics world are going to be salaried positions where you aren’t eligible for overtime and comp time even if you traveling and working long hours sometimes during nights, weekends, and holidays.

What I tell people is if they are happy in law enforcement, the private sector will still be around when they decide it’s time for different challenges.  It’s not that I tell people that they shouldn’t cross over, but that doing it to primarily to chase money when they are otherwise happy in their work is likely a bad idea. The bottom line is that if you are chasing money and making that the primary focus of your decision to leave, you could very easily find yourself in a situation where you are making better money, but you are profoundly unhappy. It’s not worth it.

All of that said, I’ve known many people who have left law enforcement either early in their career or after a fully-vested retirement who have been very happy with their decision and thrived in the private sector.  I’ve mentored and even hired many of these people over the years. Some of the greatest people in the industry have been people who have left law enforcement for the private sector.

The people who I’ve seen most happy with their decisions to leave law enforcement were the ones who felt that they had hit a plateau in their careers and felt stagnated and unhappy in their current role.  These tend to be people who want to do more and learn more than they can in their law enforcement job so the idea of greater challenges, an actual career path, and more money makes for a compelling reason for them to make the move.

The career path aspect has been one of my greatest recruiting tools as a hiring manager. Stupid work rules are meat on my table when I come looking to lure some unhappy law enforcement border collie over to the private sector.  I adore dumb work rules such as ones that prevent skilled digital forensics officers from getting promoted unless they’re willing to go back to patrol or, even worse, the jail. Dumbness like this has been one of the greatest recruiting tools I’ve been given by the government sector. From the bottom of my heart to the improvident lackwits who came up with these ideas, thank you.

My advice is if you are considering making the move, you should start talking to people who have already made the move, people who have left and come back, and to as many hiring managers in the private sector as you can.  The networking that you’ll be doing will also help in landing that private sector job if that is the path you choose. 

Even if you aren’t considering making the move yet, one of the best bits of career advice that I ever received was that you should always be preparing for the next job even if you aren’t actively looking for the next job. It’s smart to give yourself as many options as you can even if you are happy in your present situation.

The next part in the series will be a blog post that covers the pros and cons of various private sector options.  As the series progresses, I’ll cover things such as networking, training, certifications, interviewing, resumes, formal education, and more.  If you have questions that you would like to have answered, you can reach me through the usual communications methods I have listed on the blog.

The Glaring Omission in Your Incident Response Planning

Chances are excellent that your incident response plan has a glaring omission in regards to one of the most critical aspects of success during an incident.

There has been an immense amount of time and treasure expended on what a proper incident response plan should look like.  Just throw “incident response plan” into your favorite search engine and you’ll get pages and pages of content. You’ll see all sorts of advice on how the various steps and phases of an incident response plan should play out and quite a bit of thought being put into things such as collecting contact information, identifying stakeholders and roles, inventory of tools to be used, determining secure communication methods (because you’re assuming the baddies got you email servers early and often), and the like.  Great stuff.

Does any of your plan talk about how to take care of your people during a major incident? I’m talking about those incidents that are measured in weeks or months where it’s an all hands to the pump 24/7 response measured in days or weeks of the response.  Once these incidents kick off, it’s too late for the preparation stage.  It’s show time and there is an immense amount of stress involved on all of the team whether it’s the CISO who is constantly being asked for updates by senior executives who are seeing their career dissipation lights cranked up to about a quarter million lumens or the lowest level incident responder who is cranking out digital forensic images or pouring through network logs.

An incident response plan for major incident responses isn’t fit for purpose unless it addresses how your incident responders border collies will be fed, watered, and rested. An organization should have a catering plan in place before an incident so that they can start getting a steady stream of food and drink to the people who are going to be putting in an immense number of hours all around the clock getting things under control.

If it’s a large organization (or a really nice start up in Palo Alto) chances are excellent that there is already an on-site cafeteria for employees that probably offers on-site catering services.  The incident response plan should specify how to engage those people and who the points of contact are.  You’re also going to want to talk to them before an incident to make sure that you can get food to cover a long term around the clock response.

If you don’t have anything on-site, you’re going to want to identify several external catering options and understand how to engage them on short notice for an extended response and to understand how scalable their services are since you might be feeding a very large team.  Their contact information, billing methods, and the like should be part of your incident response plan. You also need to discuss with your catering providers the menu options available before an incident. It’s important to give your people healthy food during an incident to keep them going.  Just saying you are going to order a steady stream of pizza from the take-out place down the road for weeks on end isn’t a great option.  You want to give your people some healthy options to keep them fueled up, feeling good, and ready to chase bad guys out of your network. 

You also want to make sure you are providing your people with a variety of non-caffeinated drink options in addition to the endless gallons of caffeinated sugar water or energy drinks that fuel most major incident responses.  

Keep in mind that you are going to be feeding not only your employees, but any consultants that parachute in to help you out of your bind.  There is a lot of dietary diversity these days so you’ll want to make sure you have options for people who need it due to medical, religious, or cultural reasons.  Popular options include vegetarian and gluten-free diets which works out well because you can get fantastic stuff that complies with either that everyone will enjoy.

The other thing that needs to be covered is transportation for your people.  Drowsy driving is a thing and it’s a thing you want nothing to do with during an incident.  Ride sharing services have made this much easier especially in major metropolitan areas.  The goal is to make sure you can get your people safely and efficiently back and forth between home (or the hotel rooms they are calling home during the incident) and work. Most of your people will be driving into work, but if they are too tired to drive because they ended up working a day or more in a row without sleep, it’s probably not a great idea to let them drive home and your plan should address that fact.

Which reminds me of an important point. If you are having people staying up for days on end, you’re very likely understaffed for your incident and you need to fix that quickly or you’re asking for more problems.  My general rule is that I don’t do forensics after ten hours because my chances for mistakes go up dramatically.  I’ve lost count of the amount of times that I struggled with something during a forensic exam at the end of a very long day only to solve it the issue in first fifteen minutes of being back in the office after getting some sleep.

As always, the keys to success are people, processes, and tools and your incident planning should reflect that fact.