'InfoSec Career Hacking' states obvious, but good for newbies

By David Bianco

InfoSec Career Hacking: Sell Your Skillz, Not Your Soul By Aaron W. Bayles, Ed Brindley, James C. Foster, Chris Hurley and Johnny Long $39.95; 441 pages Syngress

A surprising number of security pros enter the corporate world each year with little to no idea of how it works. Drop them at any shell prompt, and they'll quickly master an unfamiliar operating system, but ask them to write an effective resume or plan a meeting, and suddenly they're alone in the dark. InfoSec Career Hacking: Sell Your Skillz, Not Your Soul is like a corporate GPS to successfully navigate the hazards of an infosecurity career.

This is a book for geeks, and if that term sounds insulting, find another book. The authors make it no secret that the intended audience revels in their geekdom. Most concepts are expressed in terms calculated to put fledgling light-side hackers at ease, like the "don't trip the sensors" method of blending in with a professional environment; mostly they're gimmicks that help set the tone of the advice.

MORE INFORMATION Read Chapter 2, Reconnaissance: Social Engineering for Profit Get more tips and expert advice on security careers in our resource center Peruse more book excerpts, chapters and reviews on our Information Security Bookshelf

And the book does contain a lot of advice. The authors' goal is not only to help the readers get their first infosecurity jobs, but also orient them to the professional world so that the job turns into a successful career. Much of the book is devoted to practical matters like building a quality test lab at home on the cheap, or hot-button issues like vulnerability disclosure models and their effects on the security community. They're not only timely, but also "big-picture" philosophical items that can add a bit of polish to a candidate's interview.

Not all of this discussion is interesting, however. The authors spend a lot of time on things you'd already expect people interested in security to know. For example, the "Laws of Security" chapter states that firewalls by themselves aren't sufficient to guard against all classes of attacks. This should not be a surprise to anyone with even a little security experience. Some of the information comes perilously close to stating the obvious, and most employers would think twice about hiring anyone for a security position who had to learn it this way.

The transition from hard-core geek to hard-core employed geek is often seen as a set of bizarre restrictions and protocols calculated to ensure they never get any "real work" done. InfoSec Career Hacking is essentially a geek-to-geek "brain dump" on corporate survival skills with an emphasis on technical security careers. Geeks with good technical skills but no corporate experience will appreciate this book's accessible approach to corporate mysteries.

BROWSE BY TAG Information Security Jobs and Training,   Information Security Careers, Training and Certifications,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information Security Jobs and Training Despite recession, information security certification pay continues to climb Bruce Schneier on outsourcing, awareness training Creating a personal brand in information security Feds push cybersecurity jobs, PCI DSS changes ahead. Feds announce 1,000 new security jobs Some IT security certifications are overvalued, analyst says How to prepare for an information security job interview Security industry remains resilient to tough economy Top social networking sites to boost your information security career Q2 2009 data shows IT security certification pay still climbing

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Cisco Certified Security Professional (CCSP)  (SearchSecurity.com) CSO  (SearchSecurity.com) security clearance  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary