Jamie Levy, director of adversary tactics at Huntress, is a seasoned expert in digital forensics and cybersecurity. Levy shares insight on personal security practices and the need for organizations to be prepared for potential breaches.
Cass Cooper sat down with Huntress’ Jamie Levy. The two discuss the nuances of latent attacks, the importance of community in the cybersecurity field, and the challenges posed by data breaches. The conversation covers emerging trends in cybersecurity, including the evolving tactics of attackers and the role of AI in these developments.
[Previous CwIS Episode: Practical Insights For Internal Cybersecurity Protections]
The full episode can be watched on YouTube (above), heard on Spotify and Apple Podcasts.
Could you start by telling us about your background and how you ventured into digital forensics?
I started out studying computer science, but I wanted to do something more interesting combining my fascination with true crime and technology. I enrolled in John Jay College’s forensic computing program and dove right into research around memory encryption. That led me to the Volatility Project [an open-source memory forensics framework], where I became a developer. Over the years, I’ve taught forensics classes, consulted on malware analysis and contributed to developing various forensic tools.
You’ve been in digital forensics for more than a decade. Can you share a particularly challenging investigation and what it taught you about adversaries?
Sure. One case involved an adversary using a suspiciously small DLL as a backdoor. Because of its tiny size, it didn’t immediately raise red flags to some analysts. It turned out to be an active backdoor—a lesson in not dismissing files based on ‘expected’ size.
Another case featured an attacker lying dormant for a long period, waiting for a single UDP packet to open a secondary backdoor. That taught me that patient adversaries might appear inactive. By the time they trigger their payload, it’s often too late. You can’t always rely on obvious signs like flashy ransomware alerts. Sometimes it’s the tiniest signals that matter most.
Tell us about your involvement with the Volatility Foundation. What role does the foundation play, and how do you foster new talent there?
Volatility is an open-source memory forensics project. My current focus with the foundation is mentorship—encouraging new contributors to develop plugins, improve documentation and build upon the tool. It’s great to see newcomers add fresh ideas, especially students looking to demonstrate their skills in forensic research.
Since this series highlights women in security, what is your view on gender diversity in digital forensics?
I’ve found the digital forensics community very welcoming to women and people of all backgrounds. Compared to some other security subfields, forensics has been more inclusive. There’s a strong sense of collaboration; if someone has curiosity and willingness to learn, they tend to be embraced here. We continue pushing for broader diversity through mentorship and open-source participation, so everyone can feel at home in this space.
True crime and forensics are extremely popular right now, even in mainstream culture. A lot of us hear about data breaches—like the 23andMe incident. From your perspective, what steps should organizations and individuals take to protect data?
From an individual standpoint:
- Use strong passwords and multifactor authentication (MFA).
- Avoid reusing passwords across multiple sites.
- Limit the personal data you provide. If a platform doesn’t actually require your birthday, consider using a placeholder or different date.
For organizations:
- Encrypt stored data so it’s not easily accessible if breached.
- Implement data retention limits, so only necessary information is kept.
- Conduct regular tabletop exercises to rehearse worst-case breach scenarios.
- Deploy security solutions that provide visibility, so if there’s a breach, alarms are triggered quickly.
Phishing remains a huge problem, as we’ve seen with recent high-profile data breaches. What forensic methods help organizations respond after a phishing incident?
Effective forensics involves:
- Analyzing email headers to see how attackers disguised themselves.
- Reviewing system logs to determine which accounts or machines are compromised.
- Isolating affected systems swiftly.
- Running incident response (IR) playbooks that outline containment and recovery steps.
- Post-event lessons learned, so the organization can improve training and update processes.
Sadly, smaller organizations often don’t have an IR plan until it’s too late. They don’t think they’re a target. Everyone, regardless of size, should be prepared because attackers look for easy openings.
What emerging threats and tactics do you see on the horizon—especially with AI and deepfakes?
We’re seeing attackers:
- Leverage AI to craft more believable phishing emails and refine their malware.
- Use deepfake voices or videos to pose as employees or partners, bypassing basic security checks.
- Exploit stolen email content to create legitimate-looking invoices or documents.
These trends mean we need to think beyond superficial ‘red flags.’ Even if a voice sounds right or an invoice looks authentic, we must verify through independent methods—like calling the person back on a known number or using separate communication channels to confirm identities.
Before we wrap up, is there anything you’d like to share about your current work at Huntress or any final advice for our audience?
At Huntress, we’re committed to making advanced security accessible, especially for smaller businesses that might not have in-house security teams. We’re also hiring. If you’re passionate about forensics, security or just want to help organizations defend themselves, check out our careers page. We want people who are curious, driven and ready to shape the future of cybersecurity.
