Synopses & Reviews
A Technical Guide to Landing (and Keeping) a Job in the Information Security Field
Do you analyze every packet that crosses your home network just because you can? Do you spend countless hours coding applications for the sheer joy and challenge? Do you have a coin jar labeled Trip to DEFCON/Black Hat Fund? If you want to refine those skills to land a top InfoSec job and employer-funded trip to Vegas next year, you've come to the right place. The authors of this book have all succeeded in applying their inherent hacker skills to build successful InfoSec careers. From them you will learn about the variety of available jobs and the skills required to excel in each one. Also, the authors provide advice on how to develop the necessary management and personal skills required to hack your way to the top.
Determine What You Want to Be When You Grow Up (or at Least Get Older)See how the InfoSec field has matured, and decide if this is the life for you.
Social Engineering for ProfitUse both your people and research skills to perform reconnaissance on the InfoSec job market.
Choose the Right PathLearn what certifications, work experience, and education are required (or not) to land your dream job.
There's No Place Like Home for a Test Lab!Build a fully functional test lab and attack machine in your basement to fine-tune both your attack and defense skills.
Learn the Laws of SecurityMaster the ten guiding principles of information security to outwit malicious hackers in the real world.
Know Your EnemiesIdentify and understand the classes of attack: denial of service, information leakage, regular file access, misinformation, special file/database access, remote arbitrary codeexecution, elevation of privileges.
Feeling Vulnerable?Navigate the dangerous waters of vulnerability disclosure from nondisclosure to full disclosure.
Don't Trip the SensorsUse your l337 H4x0r skillz to assimilate into the workplace and hack the corporate ladder.
Master Incident ResponseDevelop contingency plans to put out fires in the workplace without getting burned.
Install Your Career RootkitSince you got there, you might as well stay there!
Part I: Recon/Assessment
Chapter 1: The Targets-What I Want to Be When I Grow Up (or at Least Get Older)
Chapter 2: Reconnaissance: Social Engineering for Profit
Chapter 3: Enumerate: Determine What's Out There
Chapter 4: First Strike: Basic Tactics for Successful Exploitation
Part II: Technical Skills
Chapter 5: The Laws of Security
Chapter 6: No Place Like /home-Creating an Attack Lab
Chapter 7: Vulnerability Disclosure
Chapter 8: Classes of Attack
Part III: On the Job
Chapter 9: Don't Trip the Sensors: Integrate and Imitate
Chapter 10: Vulnerability Remediation--Work Within the System
Chapter 11: Incident Response--Putting Out Fires Without Getting Burned
Chapter 12: Rooting: Show Me the Money!
Synopsis
“InfoSec Career Hacking” starts out by describing the many, different InfoSec careers available including Security Engineer, Security Analyst, Penetration Tester, Auditor, Security Administrator, Programmer, and Security Program Manager. The particular skills required by each of these jobs will be described in detail, allowing the reader to identify the most appropriate career choice for them.
Next, the book describes how the reader can build his own test laboratory to further enhance his existing skills and begin to learn new skills and techniques. The authors also provide keen insight on how to develop the requisite soft skills to migrate form the hacker to corporate world.
* The InfoSec job market will experience explosive growth over the next five years, and many candidates for these positions will come from thriving, hacker communities
* Teaches these hackers how to build their own test networks to develop their skills to appeal to corporations and government agencies
* Provides specific instructions for developing time, management, and personal skills to build a successful InfoSec career
About the Author
Chris Hurley is a Senior Penetration Tester in the Washington, DC area. He has more than 10 years of experience performing penetration testing, vulnerability assessments, and general INFOSEC grunt work. He is the founder of the WorldWide WarDrive, a four-year project to assess the security posture of wireless networks deployed throughout the world. Chris was also the original organizer of the DEF CON WarDriving contest. He is the lead author of WarDriving: Drive, Detect, Defend (Syngress Publishing,
Table of Contents
Defining InfoSec Jobs ; Analyzing Your Skill ; Corporate vs. Government Careers ; Building Your Own Attack Test Lab ; Translating Your Hacking Skills to Career Skills ; Selling Your Skills ; Applying Your Skills to Your New Job ; Problem Solving on the Job ; Climbing the Corporate Ladder