Laura McLester graduated from the master's program in cyber security this spring and landed a coveted job at LinkedIn. She credits her time in UAB's Computer Forensics Research Lab with giving her the skills she needed to make her resume stand out. “Whenever you’re starting out in a field, you have that same Catch 22 — you need experience to get hired, but how do you get that experience in the first place?" McLester said. "The lab fills that gap.”Laura McLester used to build trust and bring safety to distraught patients in hospital rooms. Now she does the same thing for the half-billion or so users of professional networking site LinkedIn — while working from home.
It’s a career transformation that McLester says she owes to her time in another location: UAB’s Computer Forensics Research Lab. During her two years in the lab, McLester learned to combine the analysis skills she had developed as a social worker with the programming and criminal justice training she received in UAB’s Master of Science in Cyber Security program — and apply them to dozens of real-life cases on behalf of banks, government agencies and other clients. Even better, for someone who left full-time employment to go back to school: she got paid to do it.
Social worker to cybercrime fighter
“I was a hospital social worker in Birmingham, and I loved it, but for family reasons I needed a career change to something with flexible hours,” McLester said. At the same time, a friend who did work in open-source intelligence (OSINT) investigations told her about some of his cases. “I didn’t know that was a thing, but I took an online class and fell in love with it,” she said. She started attending meetings of the Birmingham chapter of InfraGard, a group that brings FBI agents and private sector technologists together to take on digital crime. “That’s where I found out about UAB’s master’s program,” McLester said. “That was in mid-November and by January I was in my first semester.”
“We’re one of the few programs in the country that really likes social science people,” said Jeffery Walker, Ph.D., chair of the UAB Department of Criminal Justice. Walker is co-director of the Master of Science in Cyber Security program and the graduate-level certificate program in Computer Forensics. “Any time you are talking about digital forensics or cybercrime, you have to remember that there is someone on the other end of the computer. If you leave out the psychology and the social aspects of it all, you are missing a critical factor.”
| This is a good time to specialize in digital security. A recent Wall Street Journal article noted that there are 300,000 cybersecurity jobs needing to be filled. |
The master’s program and the bachelor’s degree in Digital Forensics are offered jointly with the Department of Computer Science. “We get a lot of undergraduate computer science students coming straight in, but we also have people with backgrounds in political science, foreign languages and our physical forensics program looking to increase their skillsets,” Walker said. “The cybersecurity folks are the castle walls, looking to protect the environment; then there are the reaction and analysis people. You need them both.”
Especially when you have a long list of clients with digital problems to solve. Nearly 100 students (undergraduates and graduate students) work in the lab under the direction of Walker; Gary Warner, UAB’s director of research in computer forensics; and a lab manager. Their clients include Facebook, local and national law-enforcement agencies, banks and other financial institutions. “We do a tremendous amount of work for banks — analyzing malware and viruses to figure out who is committing fraud — but we also do a tremendous amount with agencies fighting terrorist threats,” Walker said. “If you only have analysts and no programmers, you’re just reading the newspaper. But if you only have programmers and no analysts, you’ll never understand the people behind the crimes. Whether you’re into programming or into people, you will come out of your time in the lab with some really strong skills.”
Students work cases on a slow afternoon in the Computer Forensics Research Lab. The map in the background notes the employers of alumni, including Microsoft, Cisco, Salesforce, NASA, IBM, Regions and Wells Fargo.
A day in the life
A typical case might involve investigating a digital check-cashing scam, in which a criminal solicits participants willing to deposit a check to their bank account online. Before the bank has time to realize the check is worthless, “they drive to an ATM and take out $400,” Walker explained. “You keep half and the guy who gave you the check keeps half. That may not sound like much, but if you’re doing that with a thousand people, it runs into real money.” It’s not unheard of for a criminal running this scam to make a million dollars a month, Walker noted.
To stop these criminals, “you have to go after the network,” Walker said. That’s why banks turn to UAB. Lab teams first figure out exactly how a scam is operating. Then they use specialized searching software to dig through the open Internet to uncover the network behind the crime. The scammers and the bank account owners that abet them are often connected in some way — friends of friends, say — and patient casework can reveal these links. “We do link analysis to figure out who is friends with whom,” Walker said.
Asking the right questions
Although social work may sound a long way from fighting crime, “I don’t think it’s that big of a jump,” McLester said. “I find myself using a lot of my social-work thinking skills and approaches for cases. When I was a social worker I would walk into a patient room and listen and then have to identify — ‘What are they telling me and what are they not telling me and how do I find out what I need to know?’ In forensics you are handed data and you immediately have to ask the same questions: ‘What is this data telling me and what are the gaps I need to fill in?’”
 Jeffery Walker and Laura McLester |
| “We’re one of the few programs in the country that really likes social science people," Walker said. "Any time you are talking about digital forensics or cybercrime, you have to remember that there is someone on the other end of the computer. If you leave out the psychology and the social aspects of it all, you are missing a critical factor.” |
Soon after she joined the program, McLester started “hanging out” in the lab, she said. “After a few months, Gary [Warner] said, ‘Do you want a job?’” She immediately said yes. “Gary is a tremendous resource for students and I’m a huge fan of the lab,” McLester said. “We work real cases with real clients, getting phenomenal hands-on experience. Whenever you’re starting out in a field, you have that same Catch 22 — you need experience to get hired, but how do you get that experience in the first place? The lab fills that gap. You get exposure to almost all the cybercrime topics — phishing, romance scams, etc. You get to understand what it looks like in today’s world and how the criminals are evolving based on whatever roadblocks have been thrown in their way.”
Making sure ‘everyone is playing by the rules’
By the time she completed her certificate, McLester had moved up from an analyst to a supervisor managing a team of 10 students. When a Trust and Safety team from LinkedIn came to the lab to learn about its work, McLester got to meet them and talk about her projects. Trust and Safety teams work to keep members of a digital platform safe, “to make sure everyone is playing by the rules” and investigating when trouble arises, McLester said. “I fell in love with what they do.” She needed an internship to complete the certificate program, and even though it was a fairly new team that had never had an intern, “I asked, and they decided to open one up,” she said.
At the end of the summer, in which she traveled several times to LinkedIn’s Silicon Valley offices but mainly worked from home, McLester was offered a full-time job. She is the only Trust and Safety team member in Alabama, part of a group that is always on call to protect the network. “Our team is never asleep,” McLester said. “There’s always someone awake and working so that there are eyes on the platform 24 hours a day.”
Other recent graduates have gone on to similarly high-profile jobs at Silicon Valley giants such as Facebook, Walker said. This is a good time to specialize in digital security. A recent Wall Street Journal article noted that there are 300,000 cybersecurity jobs needing to be filled. Graduates like McLester, with both classroom training and hands-on experience on their resumes, are highly sought after. LinkedIn was willing to incorporate in Alabama solely to make the arrangement work, Walker noted. “They really wanted Laura.”
Read more:
