InfoSec Career Hacking: Sell Your Skillz, Not Your Soul
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
InfoSec Career Hacking: Sell Your Skillz, Not Your Soul
Date of last review
100% of reviewers
Table of contents:
Part I Recon/Assessment
Chapter 1 The Targets -- What I Want to Be When I Grow Up (or at Least Get Older)
Chapter 2 Reconnaissance: Social Engineering for Profit
Chapter 3 Enumerate: Determine What's Out There
Chapter 4 First Strike: Basic Tactics for Successful Exploitation
Part II Technical Skills
Chapter 5 The Laws of Security
Chapter 6 No Place Like /home -- Creating an Attack Lab
Chapter 7 Vulnerability Disclosure
Chapter 8 Classes of Attack
Part III On the Job
Chapter 9 Don't Trip the Sensors: Integrate and Imitate
Chapter 10 Vulnerability Remediation -- Work Within the System
Chapter 11 Incident Response -- Putting Out Fires Without Getting Burned
Chapter 12 Rooting: Show Me the Money!
Would you recommend the product? yes | Price you paid?: None indicated | Rating: 8
lack of details
The biggest question I had when reading this book was 'What's the target audience?' To read it without problems you should have at least basic knowledge of networking, security (cryptography) and IT in general. If you have it, you know most of what's shown in chapters 5, 6 and 8 (the technical ones). Without any of them the whole book would be hard to read.
Part one is about Infosec and getting the job. It starts with a chapter that tries to define InfoSec and jobs of that field. Chapter 2 shows how to search. Then comes chapter 3 about education and making your name (mailing lists, forums, conferences). All the three chapters are very US-specific, many abbreviations may be unclear for someone from outside.
Part I of the book ends with chapter 4. It's about writing resume and interviews. In the resume part, a number of hints are given (you may agree with them or not), you should still check if there are special requirements in the company you're applying. Later the chapter covers interview. There are valuable fragments (like the things you should look into when you have the offer), but an advice on how to dress and how to behave is too much for me.
Part II is most technical of the three. It starts with a chapter about 'laws of security'. Somebody going into security should already know most of them (maybe in a different form). It's good to have them listed, however. They have deep reasoning and you should look carefully if you really understand them.
Chapter 6 shows how to build your own home lab. It discusses different OSes, hardware platforms and so on. Sometimes in too much details (example: what's in a certain software package - it takes more than a page), but many topics are not covered at all (line routers/switches).
Disclosure is the topic of the next chapter. It covers all the common models, but is very theoretical and has a number of graphs and number with no info what it really means and where is it taken from.
Chapter 8 is filled with a nice discussion about the classes of attacks, most of them with examples (it could be clearer what's important at the screenshots, however).
Part III assumes you already have the job and now want to advance your career or improve skills. The authors try to cover many topics. The result is not very deep and shows what you should know, no matter what position you have.
Chapter 9 covers basic project management (software engineering approach) with more security--related issues than there are usually in such texts, social issues (eg. when to talk and when leave your opinions to yourself) and time management. Next chapter lists ideas how to use your skills and give back (to your local community, to the InfoSec community and at your workplace).
Chapter 11 covers incident response. It's about plans and security software. There are too many tools mentiones, however, and most on them are covered by one paragraph only.
And finally, the last chapter covers basic things you should consider if you want to become independent consultant.
Overall, it's a nice thing. It could be much better, however, after defining the target audience and required knowledge. It means covering not as many topics, but in greater detail.