Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Other Sellers on Amazon
+ Free Shipping
InfoSec Career Hacking: Sell Your Skillz, Not Your Soul Paperback – Illustrated, April 1, 2005
"Enlightenment Now: The Case for Reason, Science, Humanism, and Progress"
Is the world really falling apart? Is the ideal of progress obsolete? Cognitive scientist and public intellectual Steven Pinker urges us to step back from the gory headlines and prophecies of doom, and instead, follow the data: In seventy-five jaw-dropping graphs, Pinker shows that life, health, prosperity, safety, peace, knowledge, and happiness are on the rise. Learn more
Frequently bought together
Customers who viewed this item also viewed
Customers who bought this item also bought
From the Author
I would like to thank my family foremost, my mother and father, Lynda and Billy Bayles, for supporting me and giving me the skills that have allowed me to excel in work and life. My wife Jennifer is a never-ending source of comfort and strength that backs me up whenever I need it, even if I don't know it. I can't describe the joy and love she gives me every single day. The people who have helped me learn my craft have been numerous, and I don't have time to list them all. Basically all of you from SHSU Computer Services, Falcon Technologies, SAIC, and Sentigy know who you are and how much you have helped me, my most sincere thanks. I would also like to thank Chris, Ed, Johnny, and James for their help with this book; their experience and support has been invaluable and this book would not have been complete without them. Final thanks go to Jaime and Andrew, along with the entire staff at Syngress Publishing, for putting up with my quirks and giving me the opportunity to share my thoughts with you.
About the Author
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
The book focuses on career development, not on how to be a hacker or a professional hacker. It's full of some useful information about building a successful career, much of which applies to any technical field. It also focuses mostly on being in the infosec service business, not in product development or, to a large degree, operations. Keep that in mind when you think about buying it. While most of what you'll learn is generic technical career advice, some of it is focused.
The first part of the book is especially useful, and I think provides most of the value that's not available elsewhere. Things that are covered may seem like basics that people should have just picked up, but it's hard to know what you're supposed to know when you change environments, let alone see it all together in one place. I find this section to be especially useful and reasonably well written.
Chapter 1 opens up with a basic orientation of the infosec landscape, including the types of companies and organizations you may want to look at working with, the types of work and positions you see typically, and what kinds of skills you'll need to consider get the interview, let alone the job. Chapter 2 is much like a hacking book in that you're encouraged to perform some scout work on your potential places of employment. Good advice, and it's nice to see it demonstrated. Chapter 3 talks about getting experience and getting your feet wet in the infosec world. Things like conferences, local groups and meetings, and even security clearances are covered. A nice overview, but a it shallow in places, too. Chapter 4 focuses on the resume and the interview, the kinds of things that normally jump to mind when you think about career hacking. A decent overview, and good things to learn.
Part 2 focuses on technical parts. These chapters, I felt, were a bit thin on value and attempted to provide too much coverage but without the depth. What I felt this part of the book was trying to do was to be a quick overview of what you should know if you want a career in information security without any of the work it takes. Because this is such a broad amount of material, and the book only spends about 180 pages on it, the coverage isn't deep. Instead, the cursory coverage is a detriment to the book's value.
Chapter 5 is where I found the most material to complain about. This chapter is titled, 'The Laws of Security', and can be used for your benefit or your downfall. In the right hands, where the nuances that come from actually encountering these challenges in the wild and discovering the reasoning behind them, you can display wisdom. In the wrong hands, where you can't successfully defend a challenge to these axioms, at best you'll appear to be someone who parrots security luminaries, and at worst you'll look like an uninformed buffoon. If you decide to accept conclusions without understanding the reasoning behind them, you're asking for it.
Chapter 6 talks about building a home lab of machines for attack. I felt this chapter devoted too much time to drooling over gear and not enough time discussing more equipment and more valuable gear. Large classes of lab resources, including enterprise applications, networking gear, and even commercial security software was left out. The disclosure debate was reasonably well handled in chapter 7, discussing the various ways that people have established this process. What's missing here is how to actually find where to send the report to and how to ensure it's been acted upon. And finally, a nice, succinct and reasonably comprehensive (if a little too short at times) classification of vulnerabilities and attacks fills chapter 8.
Part 3, 'On the Job', is for when you finally have the position and now you want to keep your job, advance your career, and improve your skills. Unfortunately, this section feels a bit undeveloped in too many places. There's a lot to cover, but the chapters here lack any significant depth to them, and it doesn't feel like they really deliver as strongly as they could.
This section opens with an approach to your career much like an intruder would take to advancing their compromise. Chapter 9 covers how to perform scouting of your new environment, how to get through meetings without messing up, landing your own projects and succeeding with basic project management. Thinking about striking out on your own? That's natural, and the next few chapters will help with that. Chapter 10 is a short list of ideas on how you can use your new knowledge and skills to benefit others, which can help you build a name for yourself and maybe even clients. Chapter 11 looks like it's trying to encourage you to become a local leader of information security knowledge, using that information specifically for incident response. In a crisis, everyone loves a hero, so why can't that be you? And finally, the book closes with a chapter on how to start looking at being an independent consultant. It's been said that you'll never succeed working for someone else, so why not work for yourself? This chapter introduces you to some of the possibilities here, along with some of the considerations. Overall, these chapters have some clear value to them, but because they try and cover so much, they feel underdeveloped and fail to really deliver a strong benefit to the reader.
One of my big concerns when I began reading this book was that it would encourage you to simply become another script kiddy type consultant, capable of downloading a few tools and use old hat techniques to deliver sub-par results. That's a crowded marketplace already, so I didn't want to see anyone encourage that. Instead, it tries to impart valuable career skills. My big complaint is that it tries to do so much that it can't possibly succeed in all of them. It does a decent job, but in some places it definitely lacks the solid landing to make it stick. Overall, though, this uncommon book is a nice twist on the old career guides, tuned for the information security market.
On the plus side, there is some good advice in ICH. The first four chapters (Part I) do contain some helpful suggestions for people who have no clue regarding the information security profession. Unfortunately, much of this material is found within poorly presented sections, and next to filler-oriented lists and questionable screen shots. For example, do we need a full listing of the DoD Rainbow Series (pp 7-9), 2004 FISMA grades (p 30), Google search results (p 35, 36, 65), SecurityFocus mailing lists (p 61), USA, Monster, and other job search results (pp 69, 70, 98, 99, 100, 101, 102), and so on? I thought the sample resume on pp 95-6 was poor -- and this is supposed to help people be hired!
With Part II, ICH gets worse. Ch 5 begins with "The Laws of Security," which seems to have nothing to do with the rest of the book. The reason is simple: this is a recycled chapter which appeared in two other Syngress books -- 2002's Hack Proofing Your Network, 2nd Ed (HPYN2E), and 2003's Stealing the Network: How to Own the Box. I though Ch 6, describing home lab components, was one of the better (if not best) chapters in ICH. The author stayed on target and delivered useful guidance on selecting equipment for a home lab. Ch 7 is a disaster like Ch 5. "Vulnerability Disclosure" is a reprint of a chapter from 2004's Cyber Adversary Characterization. And Ch 8? Another reprint, this time from Ch 3 of HPYN2E.
Part III resumes new material, but these chapters aren't worth reading. I got the impression that the authors thought they needed to be "technical," so they threw in short discussions of network architecture, incident response, intrusion detection, and other topics. I didn't waste time on these chapters, and neither should you.
Syngress publishes many great security books, and I've reviewed several recently; see Phishing Exposed or Software Piracy Exposed. If Syngress wants ICH to return in a second edition, they should bring in an editor who cuts out the three recycled chapters, the worthless screen shots, and other fluff, and directs the authors to deliver useful material.
Still the book deserves a flip through if you have a chance to pull it off your neighbor's shelf or check it out from a library. My favorite chapters were 3 and 4, if there is any chance you might be looking for a job, don't miss those.