Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Secure Reads: InfoSec Career Hacking

Read a review of the security book: "InfoSec Career Hacking: Sell Your Skillz, Not Your Soul"

InfoSec Career Hacking:
Sell Your Skillz, Not Your Soul

By Aaron W. Bayles, Ed Brindley, James C. Foster, Chris Hurley and Johnny Long
Syngress,, 441 pages, $39.95

A surprising number of security pros enter the corporate world each year with little to no idea how it works. Drop them at any shell prompt, and they'll quickly master an unfamiliar operating system, but ask them to write an effective rÉsumÉ or plan a meeting, and suddenly they're alone in the dark. InfoSec Career Hacking: Sell Your Skillz, Not Your Soul is like a corporate GPS to successfully navigate the hazards of an infosecurity career.


InfoSec Career Hacking: Sell Your Skillz, Not Your Soul
@exe This is a book for geeks, and if that term sounds insulting, find another book. The authors make it no secret that the intended audience revels in their geekdom. Most concepts are expressed in terms calculated to put fledgling light-side hackers at ease, like the "don't trip the sensors" method of blending in with a professional environment; mostly they're gimmicks that help set the tone of the advice.

And the book does contain a lot of advice. The authors' goal is not only to help the readers get their first infosecurity jobs, but also orient them to the professional world so that the job turns into a successful career. Much of the book is devoted to practical matters like building a quality test lab at home on the cheap, or hot-button issues like vulnerability disclosure models and their effects on the security community. They're not only timely, but also "big-picture" philosophical items that can add a bit of polish to a candidate's interview.

Not all of this discussion is interesting, however. The authors spend a lot of time on things you'd already expect people interested in security to know. For example, the "Laws of Security" chapter states that firewalls by themselves aren't sufficient to guard against all classes of attacks. This should not be a surprise to anyone with even a little security experience. Some of the information comes perilously close to stating the obvious, and most employers would think twice about hiring anyone for a security position who had to learn it this way.

The transition from hard-core geek to hard-core employed geek is often seen as a set of bizarre restrictions and protocols calculated to ensure they never get any "real work" done. InfoSec Career Hacking is essentially a geek-to-geek "brain dump" on corporate survival skills with an emphasis on technical security careers. Geeks with good technical skills but no corporate experience will appreciate this book's accessible approach to corporate mysteries.

--David Bianco

Top Shelf
Visit's Information Security Bookshelf for chapter downloads from these books and more.

Curing the Patch Management Headache
By Felicia M. Nicastro
Auerbach Publications

Information Nation Warrior: Information Management Compliance Boot Camp
By Randolph Kahn
Aiim International

Spies Among Us
By Ira Winkler

Silence On The Wire
By Michal Zalewski
No Starch Press

Information Security Policies Made Easy, Version 10
By Charles Cresson Wood
Information Shield

Cybercrime: Incident Response and Digital Forensics
By Robert Schperberg
Information Systems Audit and Control Association

Web Feedback
Tell us what you think of our book reviews or the titles on our online bookshelf. Send your comments to or enter your thoughts on's Sound Off.

"Ed Skoudis makes reading about malware, viruses, worms and Trojans a joy. Malware: Fighting Malicious Code is fresh and easy to read, even fun at some times -- a highly recommendable reading for someone trying to learn a lot about malware."
-HUGO KONCKE, IT manager, Montevideo Stock Exchange
Download Chapter 6 from's Information Security Bookshelf.

Article 5 of 14

Dig Deeper on Information security policies, procedures and guidelines

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All