Book description
“InfoSec Career Hacking starts out by describing the many, different InfoSec careers available including Security Engineer, Security Analyst, Penetration Tester, Auditor, Security Administrator, Programmer, and Security Program Manager. The particular skills required by each of these jobs will be described in detail, allowing the reader to identify the most appropriate career choice for them.Next, the book describes how the reader can build his own test laboratory to further enhance his existing skills and begin to learn new skills and techniques. The authors also provide keen insight on how to develop the requisite soft skills to migrate form the hacker to corporate world.
* The InfoSec job market will experience explosive growth over the next five years, and many candidates for these positions will come from thriving, hacker communities
* Teaches these hackers how to build their own test networks to develop their skills to appeal to corporations and government agencies
* Provides specific instructions for developing time, management, and personal skills to build a successful InfoSec career
Table of contents
- Cover image
- Title page
- Table of Contents
- Copyright
- Acknowledgments
- Author Dedication
- Lead Author and Technical Editor
- Contributing Authors
- Technical Reviewer
- Foreword Contributor
- Foreword
- Part I: Recon/Assessment
-
Part II: Technical Skills
-
Chapter 5: The Laws of Security
- Introduction
- Knowing the Laws of Security
- Client-Side Security Doesn’t Work
- You Cannot Securely Exchange Encryption Keys without a Shared Piece of Information
- Malicious Code Cannot Be 100 Percent Protected against
- Any Malicious Code Can Be Completely Morphed to Bypass Signature Detection
- Firewalls Cannot Protect You 100 Percent from Attack
- Any IDS Can Be Evaded
- Secret Cryptographic Algorithms Are Not Secure
- If a Key Is Not Required, You Do Not Have Encryption—You Have Encoding
- Passwords Cannot Be Securely Stored on the Client Unless There Is Another Password to Protect Them
- In Order for a System to Begin to Be Considered Secure, It Must Undergo an Independent Security Audit
- Security through Obscurity Does Not Work
- Summary
- Solutions Fast Track
- Frequently Asked Questions
- Chapter 6: No Place Like/home—Creating an Attack Lab
-
Chapter 7: Vulnerability Disclosure
- Introduction
- Vulnerability Disclosure and Cyber Adversaries
- “Free For All”: Full Disclosure
- Unfixed Vulnerability Attack Capability and Attack Inhibition Considerations
- Probability of Success Given an Attempt
- Probability of Detection Given an Attempt
- “Symmetric” Full Disclosure
- Responsible Restricted “Need to Know” Disclosure
- Responsible, Partial Disclosure and Attack Inhibition Considerations
- “Responsible” Full Disclosure
- Responsible, Full Disclosure Capability and Attack Inhibition Considerations
- Security Firm “Value Added” Disclosure Model
- Value-Add Disclosure Model Capability and Attack Inhibition Considerations
- Non-Disclosure
- The Vulnerability Disclosure Pyramid Metric
- Pyramid Metric Capability and Attack Inhibition
- Pyramid Metric and Capability—A Composite Picture Pyramid
- Comparison of Mean Inhibitor Object Element Values
- The Disclosure Food Chain
- Summary
- Frequently Asked Questions
- Chapter 8: Classes of Attack
-
Chapter 5: The Laws of Security
- Part III: On the Job
- Index
Product information
- Title: InfoSec Career Hacking: Sell Your Skillz, Not Your Soul
- Author(s):
- Release date: June 2005
- Publisher(s): Syngress
- ISBN: 9780080489032
You might also like
video
90 Minutes on Moving through Crisis to Recovery
Rarely does a crisis touch so many people so fast. Managing people right now has become …
book
Crafting the InfoSec Playbook
This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat …
book
Building a Pentesting Lab for Wireless Networks
Build your own secure enterprise or home penetration testing lab to dig into the various hacking …
book
CISSP Training Kit
Your 2-in-1 Self-Paced Training Kit EXAM PREP GUIDE Ace your preparation for Certified Information Systems Security …