A surprising number of security pros enter the corporate world each year with little to no idea how it works. Drop them at any shell prompt, and they'll quickly master an unfamiliar operating system, but ask them to write an effective rÉsumÉ or plan a meeting, and suddenly they're alone in the dark. InfoSec Career Hacking: Sell Your Skillz, Not Your Soul is like a corporate GPS to successfully navigate the hazards of an infosecurity career.
|InfoSec Career Hacking: Sell Your Skillz, Not Your Soul|
And the book does contain a lot of advice. The authors' goal is not only to help the readers get their first infosecurity jobs, but also orient them to the professional world so that the job turns into a successful career. Much of the book is devoted to practical matters like building a quality test lab at home on the cheap, or hot-button issues like vulnerability disclosure models and their effects on the security community. They're not only timely, but also "big-picture" philosophical items that can add a bit of polish to a candidate's interview.
Not all of this discussion is interesting, however. The authors spend a lot of time on things you'd already expect people interested in security to know. For example, the "Laws of Security" chapter states that firewalls by themselves aren't sufficient to guard against all classes of attacks. This should not be a surprise to anyone with even a little security experience. Some of the information comes perilously close to stating the obvious, and most employers would think twice about hiring anyone for a security position who had to learn it this way.
The transition from hard-core geek to hard-core employed geek is often seen as a set of bizarre restrictions and protocols calculated to ensure they never get any "real work" done. InfoSec Career Hacking is essentially a geek-to-geek "brain dump" on corporate survival skills with an emphasis on technical security careers. Geeks with good technical skills but no corporate experience will appreciate this book's accessible approach to corporate mysteries.
Visit SearchSecurity.com's Information Security Bookshelf for chapter downloads from these books and more.
Curing the Patch Management Headache
By Felicia M. Nicastro
Information Nation Warrior: Information Management Compliance Boot Camp
By Randolph Kahn
Spies Among Us
By Ira Winkler
Silence On The Wire
By Michal Zalewski
No Starch Press
Information Security Policies Made Easy, Version 10
By Charles Cresson Wood
Cybercrime: Incident Response and Digital Forensics
By Robert Schperberg
Information Systems Audit and Control Association
Tell us what you think of our book reviews or the titles on our online bookshelf. Send your comments to firstname.lastname@example.org or enter your thoughts on SearchSecurity.com's Sound Off.
"Ed Skoudis makes reading about malware, viruses, worms and Trojans a joy. Malware: Fighting Malicious Code is fresh and easy to read, even fun at some times -- a highly recommendable reading for someone trying to learn a lot about malware."
-HUGO KONCKE, IT manager, Montevideo Stock Exchange
Download Chapter 6 from SearchSecurity.com's Information Security Bookshelf.
Dig Deeper on Information security policies, procedures and guidelines
How infosec professionals can improve their careers through writingBy: Joshua Wright
Time to erase IT friction between InfoSec, NetOps
Being Geek: you've seen the movie, now read the book
How sticking to the basics can help enhance your IT career