You are previewing InfoSec Career Hacking: Sell Your Skillz, Not Your Soul.
O'Reilly logo
InfoSec Career Hacking: Sell Your Skillz, Not Your Soul

Book Description

“InfoSec Career Hacking” starts out by describing the many, different InfoSec careers available including Security Engineer, Security Analyst, Penetration Tester, Auditor, Security Administrator, Programmer, and Security Program Manager. The particular skills required by each of these jobs will be described in detail, allowing the reader to identify the most appropriate career choice for them.

Next, the book describes how the reader can build his own test laboratory to further enhance his existing skills and begin to learn new skills and techniques. The authors also provide keen insight on how to develop the requisite soft skills to migrate form the hacker to corporate world.

* The InfoSec job market will experience explosive growth over the next five years, and many candidates for these positions will come from thriving, hacker communities

* Teaches these hackers how to build their own test networks to develop their skills to appeal to corporations and government agencies

* Provides specific instructions for developing time, management, and personal skills to build a successful InfoSec career

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Acknowledgments
  6. Author Dedication
  7. Lead Author and Technical Editor
  8. Contributing Authors
  9. Technical Reviewer
  10. Foreword Contributor
  11. Foreword
  12. Part I: Recon/Assessment
    1. Chapter 1: The Targets—What I Want to Be When I Grow Up (or at Least Get Older)
      1. Introduction
      2. Understanding INFOSEC
      3. Employment Opportunities
      4. Defining the Jobs
      5. Bringing Together the Skills
      6. Advanced Skills
      7. So Where Do I Match Up?
      8. Checklist
      9. Summary
      10. Solutions Fast Track
      11. Frequently Asked Questions
    2. Chapter 2: Reconnaissance: Social Engineering for Profit
      1. Introduction
      2. Narrowing Your Choices
      3. Digging for Information
      4. Researching for Rewards
      5. Making Contact
      6. Checklist
      7. Summary
      8. Solutions Fast Track
      9. Links to Sites
      10. Mailing Lists
      11. Frequently Asked Questions
    3. Chapter 3: Enumerate: Determine What’s Out There
      1. Introduction
      2. What Should I Do First?
      3. Is Education Important?
      4. Certifications: Magic or Myth?
      5. Getting Your Name Out There
      6. Understanding Opportunities and Gaining Experience
      7. Security Clearances
      8. Summary
      9. Solutions Fast Track
      10. Links to Sites
      11. Mailing Lists
      12. Frequently Asked Questions
    4. Chapter 4: First Strike: Basic Tactics for Successful Exploitation
  13. Part II: Technical Skills
    1. Chapter 5: The Laws of Security
      1. Introduction
      2. Knowing the Laws of Security
      3. Client-Side Security Doesn’t Work
      4. You Cannot Securely Exchange Encryption Keys without a Shared Piece of Information
      5. Malicious Code Cannot Be 100 Percent Protected against
      6. Any Malicious Code Can Be Completely Morphed to Bypass Signature Detection
      7. Firewalls Cannot Protect You 100 Percent from Attack
      8. Any IDS Can Be Evaded
      9. Secret Cryptographic Algorithms Are Not Secure
      10. If a Key Is Not Required, You Do Not Have Encryption—You Have Encoding
      11. Passwords Cannot Be Securely Stored on the Client Unless There Is Another Password to Protect Them
      12. In Order for a System to Begin to Be Considered Secure, It Must Undergo an Independent Security Audit
      13. Security through Obscurity Does Not Work
      14. Summary
      15. Solutions Fast Track
      16. Frequently Asked Questions
    2. Chapter 6: No Place Like/home—Creating an Attack Lab
    3. Chapter 7: Vulnerability Disclosure
      1. Introduction
      2. Vulnerability Disclosure and Cyber Adversaries
      3. “Free For All”: Full Disclosure
      4. Unfixed Vulnerability Attack Capability and Attack Inhibition Considerations
      5. Probability of Success Given an Attempt
      6. Probability of Detection Given an Attempt
      7. “Symmetric” Full Disclosure
      8. Responsible Restricted “Need to Know” Disclosure
      9. Responsible, Partial Disclosure and Attack Inhibition Considerations
      10. “Responsible” Full Disclosure
      11. Responsible, Full Disclosure Capability and Attack Inhibition Considerations
      12. Security Firm “Value Added” Disclosure Model
      13. Value-Add Disclosure Model Capability and Attack Inhibition Considerations
      14. Non-Disclosure
      15. The Vulnerability Disclosure Pyramid Metric
      16. Pyramid Metric Capability and Attack Inhibition
      17. Pyramid Metric and Capability—A Composite Picture Pyramid
      18. Comparison of Mean Inhibitor Object Element Values
      19. The Disclosure Food Chain
      20. Summary
      21. Frequently Asked Questions
    4. Chapter 8: Classes of Attack
      1. Introduction
      2. Identifying and Understanding the Classes of Attack
      3. Identifying Methods of Testing for Vulnerabilities
      4. Standard Research Techniques
      5. Summary
      6. Solutions Fast Track
      7. Frequently Asked Questions
  14. Part III: On the Job
    1. Chapter 9: Don’t Trip the Sensors: Integrate and Imitate
      1. Introduction
      2. Hacking the System
      3. Hacking the Network
      4. Escalating Your Privileges
      5. Managing Your Time
      6. Checklist
      7. Summary
      8. Solutions Fast Track
      9. Links to Sites
      10. Mailing Lists
      11. Frequently Asked Questions
    2. Chapter 10: Vulnerability Remediation—Work Within the System
      1. Introduction
      2. Giving Back to the (Local) Community
      3. Contributing to the INFOSEC Community
      4. Upgrading Your Skills
      5. Upgrading Your Workplace
      6. Checklist
      7. Summary
      8. Solutions Fast Track
      9. Links to Sites
      10. Frequently Asked Questions
    3. Chapter 11: Incident Response – Putting Out Fires Without Getting Burned
      1. Amanda
    4. Chapter 12: Rooting: Show Me the Money!
      1. Introduction
      2. Building Jumpstart InfoSec Services
      3. Managing Hackers
      4. Planning, Expanding, and Dominating
      5. Summary
      6. Solutions Fast Track
      7. Links to Sites
      8. Frequently Asked Questions
  15. Index