REVIEW: "InfoSec Career Hacking", Aaron W. Bayles et al
- BKINFCAH.RVW 20051106
"InfoSec Career Hacking", Aaron W. Bayles et al, 2005, 1-597490-11-3,
%A Aaron W. Bayles et al
%C 800 Hingham Street, Rockland, MA 02370
%I Syngress Media, Inc.
%O U$39.95/C$55.95 781-681-5151 fax: 781-681-3585 amy@...
%O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P 441 p.
%T "InfoSec Career Hacking: Sell Your Skillz, Not Your Soul"
The book seems to want to structure itself along the standard network
attack model, and therefore part one is reconnaissance. Chapter one
is supposed to define INFOSEC (information security as a career), but
seems to do so from the perspective of the Rainbow series books, thus
dating itself to the late 80s, and limiting the audience to the US
DoD. Standard advice on researching the company you want to work for
is given in chapter two. (The infosec specific advice is, again,
restricted to the US federal government.) "Enumerate" usually means
to collect detailed information on the basis of initial data, but
chapter three provides the normal advice on building "networks" of
contacts. Common resume, interview, and offer assessment advice is in
Part two moves on to technical skills. (When I wrote my first book,
and asked for advice from people who had done it before, I received
one suggestion that I should know what I was talking about first. At
the time I was a bit offended, but I've since realized that the
admonition was based in broad experience: an awful lot of people in
this field really don't know what they are talking about. If you need
the skills described in this book, you really have no business
pursuing a career in information security.) Chapter five talks about
security "laws;" basic security advice. (The text is not always
accurate: it is not necessary for properly engineered systems to
decrypt or decode passwords in order to perform access control.)
Questionable suggestions on tools for an attack lab are given in
chapter six, which we will charitably assume indicates an interest in
security research. (The content would be of very limited practical
value for a career.) Chapter seven contains an overly complex
discussion of disclosure. (It may be related to the research in six,
and networking in three, but otherwise wouldn't have much to do with a
career search.) A few types of attacks are listed in chapter eight.
Part three is supposedly about activities on the job. Chapter nine
provides miscellaneous system development and project management
counsel. Chapter ten is nominally about vulnerability remediation,
but concentrates on providing seminars for others, and getting extra
training yourself. Incident response, in chapter eleven, is
apparently equated with disaster recovery and an inventory of
vulnerability assessment tools. Chapter twelve finishes off with a
grab bag of leftover topics.
This book is full of pedestrian advice that is not terribly useful
regardless of where you are in your infosec career.
copyright Robert M. Slade, 2005 BKINFCAH.RVW 20051106
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
Why do so many of America's young schoolchildren kill each other?
We asked Charlton Heston!
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade