IT Security Interviews Exposed: Secrets to Landing Your Next Information Security Job [Paperback]

Chris Butler (Author), Russ Rogers (Author), Mason Ferratt (Author), Greg Miles (Author), Ed Fuller (Author), Chris Hurley (Author), Rob Cameron (Author), Brian Kirouac (Author)

Book Description

Publication Date: July 23, 2007

• Technology professionals seeking higher-paying security jobs need to know security fundamentals to land the job-and this book will help
• Divided into two parts: how to get the job and a security crash course to prepare for the job interview
• Security is one of today's fastest growing IT specialties, and this book will appeal to technology professionals looking to segue to a security-focused position
• Discusses creating a resume, dealing with headhunters, interviewing, making a data stream flow, classifying security threats, building a lab, building a hacker's toolkit, and documenting work
• The number of information security jobs is growing at an estimated rate of 14 percent a year, and is expected to reach 2.1 million jobs by 2008

Editorial Reviews

Review

"The book is readable and written in a light, witty style". (Info Security, September 2007)

From the Back Cover

It's not a job. It's THE job, and here's how to get it.

What does your ideal IT security job look like? What will prospective employers expect you to know? What affects how they view you and your skills? What if you haven't had much experience? What if you're not 30 anymore?

Here's the crash course in how to discover, apply for, and land the IT security job you want. Written by a squad of highly credentialed security professionals, this guide prepares you with the technical knowledge, interview skills, strategies, and job search techniques you need to find and get the perfect job.

Meet every job search challenge

• What does — and doesn't — belong on your résumé

• How to survive a telephone interview

• All about firewall technologies, devices, deployment strategies, and management

• A review of security essentials, regulations, legislation, and guidelines

• The effects of state cyber security laws, Sarbanes-Oxley, and international standards

• A refresher course in network fundamentals

• Everything you should know about wireless, security posture, and tools

• When and how to say "no"

See all Editorial Reviews

Product Details

• Paperback: 218 pages
• Publisher: Wiley; 1 edition (July 23, 2007)
• Language: English
• ISBN-10: 0471779873
• ISBN-13: 978-0471779872
• Product Dimensions: 9.2 x 7.4 x 0.5 inches
• Shipping Weight: 12.6 ounces (View shipping rates and policies)
• Average Customer Review: 3.0 out of 5 stars  See all reviews (2 customer reviews)
• Amazon Best Sellers Rank: #860,797 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

16 of 16 people found the following review helpful:

4.0 out of 5 stars Good review for a pro, but not meant for a newbie., December 19, 2007

By 

Ben Rothke "Author of 'Computer Security: 20 ... (USA) - See all my reviews
(REAL NAME)   

This review is from: IT Security Interviews Exposed: Secrets to Landing Your Next Information Security Job (Paperback)

Information security is a hot career area and is among the strongest fields within IT for growth and opportunity. With excellent long-term career prospects, increasing cybersecurity vulnerabilities and an increase in security & privacy regulations and legislation, the demand for security professionals is significant. Even with a bright future, that does not necessarily mean that a career in information security is right for everyone. What differentiates an excellent security professional from a mediocre one is their passion for the job. With that, IT Security Interviews Exposed is a mixed bag of a book. For those that are looking for an information security spot and have the requisite passion for the job, much of the information should already be known. For someone who lacks that passion and simply wants a security job, their lack of breadth will show and the information in the book likely won't be helpful, unless they have a photographic memory to remember all of the various data points.

If you find information security challenging and either want a job in the field or are looking for a better job in the field, the book will be quite valuable. But for those looking for a hot security job, their lackings will likely show through on in interview, even with the help of this book.

As to the actual content, chapter 1 provides a good overview of how to find, interview and get a security job. The chapter contains many bits of helpful information, especially to those whose job seeking skills are deficient. A good piece of advice the author's state is that one should never pay a fee for headhunting services. There are many people that call themselves recruiters, but are nothing more than fax servers who charge for the service. The burden to pay is always on the hiring firm, and a job seeker should be extremely suspicious of anyone requesting a fee to find them a position.

I would hope that in future editions of the book, the authors expand on chapter one. The chapter itself in fact could easily me made into a book in its own right. As part of the job search process, many job searchers often do not ask themselves enough fundamental questions if they are indeed in the right place in their career. Such an approach is taken by Lee Kushner, founder and CEO of the information security recruitment firm LJ Kushner and Associates. Kushner formulated the following 7 questions that every information security job candidate should ask themselves:

1. What are my long and short term plans?

2. What are my strengths and weaknesses?

3. What skills do I need to develop?

4. Have I acquired a new skill during the past year?

5. What are my most significant career accomplishments and will I soon achieve another one?

6. Have I been promoted over the past three years?

7. What investments have I made in my own career?

The other 9 chapters of the book all have the same format; an overview of the topic, and then various questions and interviewer may pose. The reality that these topics of network and security fundamentals, firewalls, regulations, wireless, security tools, and more, are essential knowledge for a security professional. Anyone trying to go through a comprehensive information security interview and wing it by reviewing the material will likely only succeed if the interviewer is inept. Anyone attempting to mimic the questions and answers in the book in a real-world interview will immediately be found to be a sham if the interviewer deviates even slightly from the script, which should be expected.

What really separates a good candidate from a great candidate is hands-on, practical and real-world security experience. Such a candidate won't need a question and answer format to showcase themselves in an interview. Their experience should shine, and not their ability to rattle of security acronyms.

If a company is serious about hiring qualified people, the interview process should not be about short technical questions and acronym definitions. It should entail an open discussion with significant give and take. Having a candidate detail their methodology for deploying and configuring a firewall should be given more credence than their ability to define the TCP the three-way handshake.

Ultimately, the efficacy of the book is in the disposition of the reader. For the security newbie who wants a crash course in security in order to quickly land a security job, heaven help the company that would hire such a person. While one should indeed not judge a book by its cover; this book's cover and title may lead some readers to think that the book is their golden ticket to a quick landing into a great career. The breadth of information that a security professional needs to know precludes and short of cramming or quick introductions. Those with a lack of security experience attempting to use this book to hide their shortcomings will only embarrass themselves on an interview.

On the other hand, for the reader who has a background in information security who wants an update on network and security fundamentals, they will find IT Security Interviews Exposed a helpful title. The book contains a plethora of valuable information written in a clear and easy to read style. In a little over 200 pages, the book is able to provide the reader with a good review of what they know or may have forgotten. Used in such a setting by such a reader makes the book a most helpful tool for the serious security professional looking to advance their career.

2.0 out of 5 stars Misleading title, January 17, 2012

By 

Vo Blinn (US) - See all my reviews

This review is from: IT Security Interviews Exposed: Secrets to Landing Your Next Information Security Job (Paperback)

The book, despite the title, is mostly about networking and related
security issues.
Less than 40 pp (out of ~240) devoted to
- ethics,
- risk (2 pages),
in Ch. 3 and regulations in Ch. 4.

Not without some editorial mistakes
- ViFi for 802.11x, p. 24: apart from spelling, 802.11x family
standardizes WLAN communication, while WiFi is used in product branding.

Some are more dangerous:
- Managing these connections using well-defined ports
(or sockets when combined with the source IP address) is vital ..., p. 24:
well-defined, while not defined, are easily confusable with well-known ports.

Which might be a hint on why it has not seen 2nd edition, in spite of
growing popularity of the profession.

Regrettably there are only few publications on the subject.