Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "InfoSec Career Hacking", Aaron W. Bayles et al

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKINFCAH.RVW 20051106 InfoSec Career Hacking , Aaron W. Bayles et al, 2005, 1-597490-11-3, U$39.95/C$55.95 %A Aaron W. Bayles et al %C 800 Hingham
    Message 1 of 1 , Jan 27, 2006
      BKINFCAH.RVW 20051106

      "InfoSec Career Hacking", Aaron W. Bayles et al, 2005, 1-597490-11-3,
      %A Aaron W. Bayles et al
      %C 800 Hingham Street, Rockland, MA 02370
      %D 2005
      %G 1-597490-11-3
      %I Syngress Media, Inc.
      %O U$39.95/C$55.95 781-681-5151 fax: 781-681-3585 amy@...
      %O http://www.amazon.com/exec/obidos/ASIN/1597490113/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/1597490113/robsladesin03-20
      %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
      %P 441 p.
      %T "InfoSec Career Hacking: Sell Your Skillz, Not Your Soul"

      The book seems to want to structure itself along the standard network
      attack model, and therefore part one is reconnaissance. Chapter one
      is supposed to define INFOSEC (information security as a career), but
      seems to do so from the perspective of the Rainbow series books, thus
      dating itself to the late 80s, and limiting the audience to the US
      DoD. Standard advice on researching the company you want to work for
      is given in chapter two. (The infosec specific advice is, again,
      restricted to the US federal government.) "Enumerate" usually means
      to collect detailed information on the basis of initial data, but
      chapter three provides the normal advice on building "networks" of
      contacts. Common resume, interview, and offer assessment advice is in
      chapter four.

      Part two moves on to technical skills. (When I wrote my first book,
      and asked for advice from people who had done it before, I received
      one suggestion that I should know what I was talking about first. At
      the time I was a bit offended, but I've since realized that the
      admonition was based in broad experience: an awful lot of people in
      this field really don't know what they are talking about. If you need
      the skills described in this book, you really have no business
      pursuing a career in information security.) Chapter five talks about
      security "laws;" basic security advice. (The text is not always
      accurate: it is not necessary for properly engineered systems to
      decrypt or decode passwords in order to perform access control.)
      Questionable suggestions on tools for an attack lab are given in
      chapter six, which we will charitably assume indicates an interest in
      security research. (The content would be of very limited practical
      value for a career.) Chapter seven contains an overly complex
      discussion of disclosure. (It may be related to the research in six,
      and networking in three, but otherwise wouldn't have much to do with a
      career search.) A few types of attacks are listed in chapter eight.

      Part three is supposedly about activities on the job. Chapter nine
      provides miscellaneous system development and project management
      counsel. Chapter ten is nominally about vulnerability remediation,
      but concentrates on providing seminars for others, and getting extra
      training yourself. Incident response, in chapter eleven, is
      apparently equated with disaster recovery and an inventory of
      vulnerability assessment tools. Chapter twelve finishes off with a
      grab bag of leftover topics.

      This book is full of pedestrian advice that is not terribly useful
      regardless of where you are in your infosec career.

      copyright Robert M. Slade, 2005 BKINFCAH.RVW 20051106

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Why do so many of America's young schoolchildren kill each other?
      We asked Charlton Heston!
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.