Slashdot Mirror
Infosec Career Hacking
nazarijo writes "Plenty of people are curious as to how to become an information security
professional. It's a profession that has a bit of an establishment atmosphere
to it where entry to various levels is granted in secret. And it's often
hard to understand where to start. Infosec Career Hacking
attempts to demystify this process and show you not only generic strategies
for employment, but ones specific to the information security field." Read on for the rest of Nazario's review.
Infosec Career Hacking: Sell Your Skillz, Not Your Soul
author
Aaron W. Bayles, Chris Hurley, Johnny Long, Ed Brindley, James C. Foster, Christopher W. Klaus
pages
448
publisher
Syngress
rating
7/10
reviewer
Jose Nazario
ISBN
1597490113
summary
Career guide specifically tuned to the information security professional
The first part of the book is especially useful, and I think provides most of the value that's not available elsewhere. Things that are covered may seem like basics that people should have just picked up, but it's hard to know what you're supposed to know when you change environments, let alone see it all together in one place. I find this section to be especially useful and reasonably well written.
Chapter 1 opens up with a basic orientation of the infosec landscape, including the types of companies and organizations you may want to look at working with, the types of work and positions you see typically, and what kinds of skills you'll need to consider get the interview, let alone the job. Chapter 2 is much like a hacking book in that you're encouraged to perform some scout work on your potential places of employment. Good advice, and it's nice to see it demonstrated. Chapter 3 talks about getting experience and getting your feet wet in the infosec world. Things like conferences, local groups and meetings, and even security clearances are covered. A nice overview, but a it shallow in places, too. Chapter 4 focuses on the resume and the interview, the kinds of things that normally jump to mind when you think about career hacking. A decent overview, and good things to learn.
Part 2 focuses on technical parts. These chapters, I felt, were a bit thin on value and attempted to provide too much coverage but without the depth. What I felt this part of the book was trying to do was to be a quick overview of what you should know if you want a career in information security without any of the work it takes. Because this is such a broad amount of material, and the book only spends about 180 pages on it, the coverage isn't deep. Instead, the cursory coverage is a detriment to the book's value.
Chapter 5 is where I found the most material to complain about. This chapter is titled, 'The Laws of Security', and can be used for your benefit or your downfall. In the right hands, where the nuances that come from actually encountering these challenges in the wild and discovering the reasoning behind them, you can display wisdom. In the wrong hands, where you can't successfully defend a challenge to these axioms, at best you'll appear to be someone who parrots security luminaries, and at worst you'll look like an uninformed buffoon. If you decide to accept conclusions without understanding the reasoning behind them, you're asking for it.
Chapter 6 talks about building a home lab of machines for attack. I felt this chapter devoted too much time to drooling over gear and not enough time discussing more equipment and more valuable gear. Large classes of lab resources, including enterprise applications, networking gear, and even commercial security software was left out. The disclosure debate was reasonably well handled in chapter 7, discussing the various ways that people have established this process. What's missing here is how to actually find where to send the report to and how to ensure it's been acted upon. And finally, a nice, succinct and reasonably comprehensive (if a little too short at times) classification of vulnerabilities and attacks fills chapter 8.
Part 3, 'On the Job', is for when you finally have the position and now you want to keep your job, advance your career, and improve your skills. Unfortunately, this section feels a bit undeveloped in too many places. There's a lot to cover, but the chapters here lack any significant depth to them, and it doesn't feel like they really deliver as strongly as they could.
This section opens with an approach to your career much like an intruder would take to advancing their compromise. Chapter 9 covers how to perform scouting of your new environment, how to get through meetings without messing up, landing your own projects and succeeding with basic project management. Thinking about striking out on your own? That's natural, and the next few chapters will help with that. Chapter 10 is a short list of ideas on how you can use your new knowledge and skills to benefit others, which can help you build a name for yourself and maybe even clients. Chapter 11 looks like it's trying to encourage you to become a local leader of information security knowledge, using that information specifically for incident response. In a crisis, everyone loves a hero, so why can't that be you? And finally, the book closes with a chapter on how to start looking at being an independent consultant. It's been said that you'll never succeed working for someone else, so why not work for yourself? This chapter introduces you to some of the possibilities here, along with some of the considerations. Overall, these chapters have some clear value to them, but because they try and cover so much, they feel underdeveloped and fail to really deliver a strong benefit to the reader.
One of my big concerns when I began reading this book was that it would encourage you to simply become another script kiddy type consultant, capable of downloading a few tools and use old hat techniques to deliver sub-par results. That's a crowded marketplace already, so I didn't want to see anyone encourage that. Instead, it tries to impart valuable career skills. My big complaint is that it tries to do so much that it can't possibly succeed in all of them. It does a decent job, but in some places it definitely lacks the solid landing to make it stick. Overall, though, this uncommon book is a nice twist on the old career guides, tuned for the information security market.
You can purchase Infosec Career Hacking: Sell Your Skillz, Not Your Soul from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
The first part of the book is especially useful, and I think provides most of the value that's not available elsewhere. Things that are covered may seem like basics that people should have just picked up, but it's hard to know what you're supposed to know when you change environments, let alone see it all together in one place. I find this section to be especially useful and reasonably well written.
Chapter 1 opens up with a basic orientation of the infosec landscape, including the types of companies and organizations you may want to look at working with, the types of work and positions you see typically, and what kinds of skills you'll need to consider get the interview, let alone the job. Chapter 2 is much like a hacking book in that you're encouraged to perform some scout work on your potential places of employment. Good advice, and it's nice to see it demonstrated. Chapter 3 talks about getting experience and getting your feet wet in the infosec world. Things like conferences, local groups and meetings, and even security clearances are covered. A nice overview, but a it shallow in places, too. Chapter 4 focuses on the resume and the interview, the kinds of things that normally jump to mind when you think about career hacking. A decent overview, and good things to learn.
Part 2 focuses on technical parts. These chapters, I felt, were a bit thin on value and attempted to provide too much coverage but without the depth. What I felt this part of the book was trying to do was to be a quick overview of what you should know if you want a career in information security without any of the work it takes. Because this is such a broad amount of material, and the book only spends about 180 pages on it, the coverage isn't deep. Instead, the cursory coverage is a detriment to the book's value.
Chapter 5 is where I found the most material to complain about. This chapter is titled, 'The Laws of Security', and can be used for your benefit or your downfall. In the right hands, where the nuances that come from actually encountering these challenges in the wild and discovering the reasoning behind them, you can display wisdom. In the wrong hands, where you can't successfully defend a challenge to these axioms, at best you'll appear to be someone who parrots security luminaries, and at worst you'll look like an uninformed buffoon. If you decide to accept conclusions without understanding the reasoning behind them, you're asking for it.
Chapter 6 talks about building a home lab of machines for attack. I felt this chapter devoted too much time to drooling over gear and not enough time discussing more equipment and more valuable gear. Large classes of lab resources, including enterprise applications, networking gear, and even commercial security software was left out. The disclosure debate was reasonably well handled in chapter 7, discussing the various ways that people have established this process. What's missing here is how to actually find where to send the report to and how to ensure it's been acted upon. And finally, a nice, succinct and reasonably comprehensive (if a little too short at times) classification of vulnerabilities and attacks fills chapter 8.
Part 3, 'On the Job', is for when you finally have the position and now you want to keep your job, advance your career, and improve your skills. Unfortunately, this section feels a bit undeveloped in too many places. There's a lot to cover, but the chapters here lack any significant depth to them, and it doesn't feel like they really deliver as strongly as they could.
This section opens with an approach to your career much like an intruder would take to advancing their compromise. Chapter 9 covers how to perform scouting of your new environment, how to get through meetings without messing up, landing your own projects and succeeding with basic project management. Thinking about striking out on your own? That's natural, and the next few chapters will help with that. Chapter 10 is a short list of ideas on how you can use your new knowledge and skills to benefit others, which can help you build a name for yourself and maybe even clients. Chapter 11 looks like it's trying to encourage you to become a local leader of information security knowledge, using that information specifically for incident response. In a crisis, everyone loves a hero, so why can't that be you? And finally, the book closes with a chapter on how to start looking at being an independent consultant. It's been said that you'll never succeed working for someone else, so why not work for yourself? This chapter introduces you to some of the possibilities here, along with some of the considerations. Overall, these chapters have some clear value to them, but because they try and cover so much, they feel underdeveloped and fail to really deliver a strong benefit to the reader.
One of my big concerns when I began reading this book was that it would encourage you to simply become another script kiddy type consultant, capable of downloading a few tools and use old hat techniques to deliver sub-par results. That's a crowded marketplace already, so I didn't want to see anyone encourage that. Instead, it tries to impart valuable career skills. My big complaint is that it tries to do so much that it can't possibly succeed in all of them. It does a decent job, but in some places it definitely lacks the solid landing to make it stick. Overall, though, this uncommon book is a nice twist on the old career guides, tuned for the information security market.
You can purchase Infosec Career Hacking: Sell Your Skillz, Not Your Soul from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
In nulla patrioque ius, ne graeco persius efficiantur vis, ex rebum porro quaestio nec. Prodesset mediocritatem ne vim, duo ut liber simul, senserit accusamus id mea. Nec ad movet iudico, an modus nonummy est. Mei possit pericula ei. Nec et dicat primis, vis eros eirmod electram te, ei dolores torquatos has. Altera nostrum perpetua an pri, nam alienum necessitatibus te. Et eum eius illud tincidunt. Ad affert oporteat tincidunt usu. Aeque mediocrem in mea, illum facete lucilius sit cu, ad vis summo verterem persecuti. Usu an vide possim, paulo similique ad ius. Vis id legendos adversarium signiferumque. Te has sint vidit electram, ius aliquid propriae interesset ad. Zzril verear commodo pri an, facilis admodum vituperata duo an, mutat postea nec eu. No kasd mollis aliquando sit, per commune voluptua scribentur eu. In odio aliquyam evertitur eum. Est clita expetendis ei, vim dicunt impedit vituperata ut, ei mei aliquyam temporibus. Cu ius dicta percipit. Iusto iisque cum eu. Qui id feugait dissentias definitionem. Aliquam inciderint ullamcorper est et, cum tractatos scriptorem at, vis invidunt singulis ex. Vix cu populo ceteros, utinam partem id vix, fastidii voluptatum at per. Duo alterum similique mediocritatem et. Et pri debet ancillae posidonium, vix ne atomorum assentior definiebas, cu mel populo dictas. An vide graecis alienum mel, est ne numquam volumus, dicta virtute constituto ea eos. Vero salutatus ex est, eum cu epicurei erroribus, cu sumo takimata persecuti qui. Utroque vituperatoribus mei te, ex meis autem delicata duo. Per at quis modus quodsi. Id meis ludus persius duo, pertinax vituperata ei his. Mea ex autem justo zzril, no natum tractatos eos. Te wisi euripidis eam. Has bonorum denique accusamus ex, ei iusto tritani quo. Falli sententiae usu no, vis eu sint iudico vulputate. Ei sit hinc mundi virtute. Mei ex ancillae consetetur. Ne vocent molestie indoctum quo, doming philosophia mea te. Tale tota sit ei, has scripta feugait minimum cu. Atqui exerci contentiones id nec. An adipiscing temporibus vix, mazim constituto reprimique usu in. Eu eos everti fastidii. Commune postulant partiendo et ius. Sit maiorum assueverit id. Usu mutat everti cu, an everti quaeque mnesarchum nec. Suas noluisse pri in, te ius audire iisque assentior. Has ne meis tation, sea id enim contentiones. Mea in diam fabellas facilisi, cum debet reprimique eu. Ex eos neglegentur philosophia, mel eu falli dolorum omittantur. Harum feugait laboramus cu est, an malis etiam moderatius qui. Eu nec prompta labores, no eos aeque civibus, ex nonumy primis doctus his. Affert iriure voluptua ei pro. Cetero philosophia ne his, per et eius laudem. In viris qualisque posidonium vix, mea et alia erant quodsi. Dicunt accusam efficiantur ius an. Vix ne stet fastidii, adipiscing scribentur ut vix. Ei erant detracto cum, vel at fabellas gubergren. Ea malorum takimata eos. Lucilius neglegentur per at, te nam graeci salutandi cotidieque, sed assum graeco te. Mel id habeo suscipit, in diceret aliquando sea, no eruditi noluisse mel. Ei feugiat legendos maluisset has. Splendide assentior gloriatur ex nam, adhuc ullamcorper id mea. Affert probatus pertinacia nec at, mei puto aperiri ocurreret an, an pri sanctus vocibus indoctum. Pro vero laudem no. Mutat regione similique vis ad. Animal ullamcorper id his, duo at magna nostrud. Numquam phaedrum signiferumque sed no, decore assentior efficiantur ne cum, cum no nonumy accumsan persecuti. Erat mundi mandamus ex duo. Et eam augue choro nostro. Detracto dissentiunt ut mel. An quas invidunt accusata quo, mea etiam copiosae accusamus no. Epicuri aliquando constituto est te. Eripuit officiis qui in. Cu delenit vivendum cum, sed oblique cotidieque ea, verear recusabo ad mel. Ne tamquam explicari adipiscing his. Dicat soluta possim vis no, eum abhorreant deterruisset ex, eu nam assum contentiones. Assum percipit ea sed, nostrud fastidii ea sed. Id eos homero oportere mediocritatem, mea alii modus recusabo et. Te his nonumy laoreet abhorreant, ad habeo dignissim vis. Id tantas platonem pericul
HAW HAW HAW
>>> at least I'd find someone who knows there's more to security than making users change longer and longer passwords more and more often.
Don't forget blocking portZ! The truely 3l33t InFoSeC H3ck3r blocks all the portZ he can with his F13ew311! Cool!!
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"