DFIR interview: Need you to reverse this packed malware with zero reference materials, write your own Wireshark protocol analyzer, and list 50 malware friendly reg keys from memory.
DFIR first day: Just look for AV alerts and tell the client to wipe and rebuild.
— The Cyber (@r0wdy_) February 18, 2019
But this is every IT job in the history of ever. The interview questions are always one in a million occurrences, or inane trivia questions. On the job is routine stuff that could be and should be automated, but no one has time or inclination.
That’s the IT world in a nutshell.