LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Reviews > Books > Other
User Name
Password

Notices

Search · Register · Submit New Review · Download your favorite Linux Distributions ·
 

InfoSec Career Hacking: Sell Your Skillz, Not Your Soul
Reviews Views Date of last review
1 26489 01-19-2006
spacer
Recommended By Average Price Average Rating
100% of reviewers None indicated 8.0
spacer


Description: Table of contents:
Part I Recon/Assessment
Chapter 1 The Targets -- What I Want to Be When I Grow Up (or at Least Get Older)
Chapter 2 Reconnaissance: Social Engineering for Profit
Chapter 3 Enumerate: Determine What's Out There
Chapter 4 First Strike: Basic Tactics for Successful Exploitation
Part II Technical Skills
Chapter 5 The Laws of Security
Chapter 6 No Place Like /home -- Creating an Attack Lab
Chapter 7 Vulnerability Disclosure
Chapter 8 Classes of Attack
Part III On the Job
Chapter 9 Don't Trip the Sensors: Integrate and Imitate
Chapter 10 Vulnerability Remediation -- Work Within the System
Chapter 11 Incident Response -- Putting Out Fires Without Getting Burned
Chapter 12 Rooting: Show Me the Money!
Keywords: security career infosec
Publisher:
ISBN: 1-597490-11-3


Author
Post A Reply 
Old 01-19-2006, 05:41 PM   #1
Mara
 
Registered: Feb 2002
Distribution: Debian
Posts: 9,536

Rep: Reputation:
Would you recommend the product? yes | Price you paid?: None indicated | Rating: 8

Pros: unique
Cons: lack of details



The biggest question I had when reading this book was 'What's the target audience?' To read it without problems you should have at least basic knowledge of networking, security (cryptography) and IT in general. If you have it, you know most of what's shown in chapters 5, 6 and 8 (the technical ones). Without any of them the whole book would be hard to read.

Part one is about Infosec and getting the job. It starts with a chapter that tries to define InfoSec and jobs of that field. Chapter 2 shows how to search. Then comes chapter 3 about education and making your name (mailing lists, forums, conferences). All the three chapters are very US-specific, many abbreviations may be unclear for someone from outside.

Part I of the book ends with chapter 4. It's about writing resume and interviews. In the resume part, a number of hints are given (you may agree with them or not), you should still check if there are special requirements in the company you're applying. Later the chapter covers interview. There are valuable fragments (like the things you should look into when you have the offer), but an advice on how to dress and how to behave is too much for me.

Part II is most technical of the three. It starts with a chapter about 'laws of security'. Somebody going into security should already know most of them (maybe in a different form). It's good to have them listed, however. They have deep reasoning and you should look carefully if you really understand them.

Chapter 6 shows how to build your own home lab. It discusses different OSes, hardware platforms and so on. Sometimes in too much details (example: what's in a certain software package - it takes more than a page), but many topics are not covered at all (line routers/switches).

Disclosure is the topic of the next chapter. It covers all the common models, but is very theoretical and has a number of graphs and number with no info what it really means and where is it taken from.

Chapter 8 is filled with a nice discussion about the classes of attacks, most of them with examples (it could be clearer what's important at the screenshots, however).

Part III assumes you already have the job and now want to advance your career or improve skills. The authors try to cover many topics. The result is not very deep and shows what you should know, no matter what position you have.

Chapter 9 covers basic project management (software engineering approach) with more security--related issues than there are usually in such texts, social issues (eg. when to talk and when leave your opinions to yourself) and time management. Next chapter lists ideas how to use your skills and give back (to your local community, to the InfoSec community and at your workplace).

Chapter 11 covers incident response. It's about plans and security software. There are too many tools mentiones, however, and most on them are covered by one paragraph only.

And finally, the last chapter covers basic things you should consider if you want to become independent consultant.

Overall, it's a nice thing. It could be much better, however, after defining the target audience and required knowledge. It means covering not as many topics, but in greater detail.
 




  



All times are GMT -5. The time now is 05:53 AM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration