Sonja Saß
Sonja, what was behind your decision to become an IT forensic analyst?

It was definitely something that grew over time. I’d been interesting in forensic medicine for a while and after leaving school, I did a voluntary social year in surgical care before discovering a bachelor’s course in General and Digital Forensics at the University of Applied Sciences in Mittweida, which was definitely fate. As the course went on, the focus shifted more towards the digital side of things and I realised that was what really piqued my interest. When it came to looking for a job, one thing was clear. I wanted to be an IT forensic analyst and that saw me join Bechtle as a junior IT security analyst.

What role do you play when a company falls victim to a cyberattack? 

It depends on what’s happened. In typical cases such as data theft, we first have to make sure we fulfil all organisational requirements to ensure compliance with statutory regulations including data protection. We then identify, back up and analyse data in strict accordance with a standardised approach before we draw any conclusions.

In the case of incidents, agile teams respond immediately. The first step is to find out what has happened, what phase of the attack we are in, the impact on the system so far and which countermeasures have already been implemented. We discuss the situation with the customer and make recommendations for action. The steps we do take always depend on the incident itself and the customer’s specific situation including the company’s IT infrastructure, which systems are affected and which of those are critical for the business. Existing backups have to be tested, and relevant data backed up and analysed with countermeasures planned and rolled out all while ensuring emergency operations. Whatever the incident, we write up extensive documentation on everything we’ve done.

What skills do you need as an IT forensic analyst?

When something happens, it really is like searching for a needle in a haystack to find out what’s happened, which is why curiosity and analytical thinking are an absolute must alongside a technical affinity. Empathy is also important as we often have to support our customers in extremely difficult situations that could sometimes even be a threat to their very existence. More important than all of that, however, is teamwork—accepting help from others and learning from each other. Lone wolves don’t get very far in this business.

IT security is a very dynamic field. How do you and Bechtle make sure you are always at the cutting edge?

IT security and forensics is a very broad field and when a new operating system or software updates are published, there are a lot of changes to take into consideration. Our one-of-a-kind IT security community made up of 300+ experts help me stay up-to-date in this ever-changing world because I know I can fall back on their experience and expertise. I also make sure I regularly read up on external communities, blogs and other social media posts. Since working at Bechtle, I’ve also become internationally certified—growing from an entry-level member of the team to an expert. Books and training courses are also helpful, but they can very quickly become outdated.


It’s a great feeling to work on challenging projects, to put my skills to the test and be able to support my customers.


Can tell us about a project you are working on right now?

As a Bechtle forensic analyst, I always find myself in interesting situations. I’m currently working on a project with systems that are completely encrypted and a lack of backups means that the IT infrastructure needs to be nearly fully rebuilt. The most interesting aspect for me is that incidents that might look similar at first glance can have remarkably different impacts due to each customer’s situation. It’s a great feeling to work on challenging projects, to put my skills to the test and be able to support my customers.

The number of successful cyberattacks continues to rise, as does their intensity. How does that impact your work/life balance?

Incident response work can’t really be planned and it’s often the case that I work considerably more, but Bechtle allows me to work flexibly meaning I can balance out overtime worked during busy periods.

What would you advise those looking to make a career in IT security at Bechtle?

I always advise newbies to get an insight into the wide-range of IT security topics as it’s such a varied field that covers a plethora of interesting aspects and as a provider of comprehensive fully managed security services, Bechtle is a fantastic employer for getting to know all of them. That’s a fantastic foundation that leaves plenty of room to specialise.

Ready for the future of IT security?

Learn more about our career opportunities: IT Security (bechtle.com)