By David Bianco
A surprising number of security pros enter the corporate world each year with little to no idea of how it works. Drop them at any shell prompt, and they'll quickly master an unfamiliar operating system, but ask them to write an effective resume or plan a meeting, and suddenly they're alone in the dark. InfoSec Career Hacking: Sell Your Skillz, Not Your Soul is like a corporate GPS to successfully navigate the hazards of an infosecurity career.
This is a book for geeks, and if that term sounds insulting, find another book. The authors make it no secret that the intended audience revels in their geekdom. Most concepts are expressed in terms calculated to put fledgling light-side hackers at ease, like the "don't trip the sensors" method of blending in with a professional environment; mostly they're gimmicks that help set the tone of the advice.
And the book does contain a lot of advice. The authors' goal is not only to help the readers get their first infosecurity jobs, but also orient them to the professional world so that the job turns into a successful career. Much of the book is devoted to practical matters like building a quality test lab at home on the cheap, or hot-button issues like vulnerability disclosure models and their effects on the security community. They're not only timely, but also "big-picture" philosophical items that can add a bit of polish to a candidate's interview.
Not all of this discussion is interesting, however. The authors spend a lot of time on things you'd already expect people interested in security to know. For example, the "Laws of Security" chapter states that firewalls by themselves aren't sufficient to guard against all classes of attacks. This should not be a surprise to anyone with even a little security experience. Some of the information comes perilously close to stating the obvious, and most employers would think twice about hiring anyone for a security position who had to learn it this way.
The transition from hard-core geek to hard-core employed geek is often seen as a set of bizarre restrictions and protocols calculated to ensure they never get any "real work" done. InfoSec Career Hacking is essentially a geek-to-geek "brain dump" on corporate survival skills with an emphasis on technical security careers. Geeks with good technical skills but no corporate experience will appreciate this book's accessible approach to corporate mysteries.
This was first published in October 2005