Breaking into Information Security
Crafting a Custom Career Path to Get the Job You Really Want
- 1st Edition - December 19, 2015
- Imprint: Syngress
- Authors: Josh More, Anthony J. Stieber, Chris Liu
- Language: English
- Paperback ISBN:9 7 8 - 0 - 1 2 - 8 0 0 7 8 3 - 9
- eBook ISBN:9 7 8 - 0 - 1 2 - 8 0 0 9 8 9 - 5
Whether you want to break into information security, move from one job to another, or transition into management, Breaking into Information Security will help. No other book surv… Read more
Purchase options
Whether you want to break into information security, move from one job to another, or transition into management, Breaking into Information Security will help. No other book surveys all the different jobs available in the industry, frankly discusses the positives and negatives of each, and what you need to learn to get into and out of each role.
Unlike books that focus on a specific skill set or on how to gain a certification or get a job, this book encompasses the "big picture," including why certifications, if any, are worthwhile for you. In a profession where new career paths aren’t always clear, Breaking into Information Security will teach you how to identify where you are in your career today, understand where you wish to go, and provide proven methods to get there.
From entry-level jobs to the extremely specific skills needed to be an InfoSec consultant, this book covers it all, including in-job skill building, working within the community, and building your skills after hours. If you are seeking to advance in the highly competitive field of information security, this book will give you the edge you need to break in.
- The most practical guide to starting your career in information security, or advancing to the next level
- Presented in a “level-up” gaming framework for career progression, with a “Learn, Do, Teach” approach through three tiers of InfoSec jobs
- Provides examples of specific roles and career paths in each job tier so you can identify and max out skills for the role you want
- Learn how to advance to management and training roles, as well as the specific skills you need to become an independent consultant
- Find out about career "booster paths" to help you advance your career at high speed
Junior-level Information Security practitioners, consultants, and IT professionals looking to make the switch into the InfoSec field. An academic audience among information security, computer science, and other IT majors.
- Author Biographies
- Acknowledgments
- Chapter 0.1: Introduction
- Abstract
- Introduction
- Who Should Read This Book
- How to Read This Book
- Notes from the Authors
- Chapter 0.2: Models
- Abstract
- Models
- Learn/Do/Teach
- Information Security Models
- Job Requirements
- Striking a Balance
- Chapter 0.3: Model Failures
- Abstract
- Barriers
- Human Resources
- Corporate Culture
- Chapter 1.0: Tier 1—Learn
- Abstract
- Learn/Do/Teach
- Why Learning Matters
- How to Learn
- Breaking Down to Break in
- Chapter 1.1: Tier 1—Log Reviewer
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Critical Warnings
- Chapter 1.2: Tier 1—Patch Management
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Critical Warnings
- Chapter 1.3: Tier 1—Help Desk
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Chapter 1.3.1: Tier 1—Help Desk—Story
- Jim Chan
- Chapter 1.4: Tier 1—Coder/Developer
- Abstract
- Introduction
- How to Break in—Preliminaries
- How to Break in—Beyond the Basics
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Critical Warnings
- Chapter 1.5: Tier 1—System Administrator
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Critical Warnings
- Chapter 1.5.1: Tier 1— System Administrator Story
- Alan Waggoner
- Chapter 1.6: Tier 1—Network Administrator
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Critical Warnings
- Chapter 1.6.1: Tier 1—Network Administrator
- David Henning
- Chapter 1.7: Tier 1—Security Coordinator
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Chapter 1.8: Tier 1—Trainer-Educator
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Chapter 1.8.1: Tier 1—Trainer-Educator
- Stephen Northcutt
- Chapter 1.9: Tier 1—Quality Tester
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Chapter 1.9.1: Tier 1—Quality Tester Story
- Mak Kolybabi
- Chapter 1.a: Tier 1—Subject Matter Specialist
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Chapter 2.0: Tier 2.0—Do
- Abstract
- Doing
- Test-Driven Development/Sprinting
- Information Security and Silos
- Other Career Paths
- Booster Paths
- How to Do
- Working with Others
- Making Mistakes Matters
- Chapter 2.1: Tier 2—Pen Tester
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Chapter 2.2: Tier 2—Vulnerability Management
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Chapter 2.3: Tier 2—Security Assessor
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Chapter 2.4: Tier 2—Risk Assessor
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Chapter 2.5: Tier 2—Auditor
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Chapter 2.6: Tier 2—Incident Responder
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Chapter 2.6.1: Tier 2—Incident Responder—Story
- John Meyers
- Chapter 2.7: Tier 2—Wildcard
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Chapter 2.7.1: Tier 2—Wildcard—Story
- Travis Abrams
- Chapter 2.8: Tier 2—Advanced Help Desk—Help Desk Supervisor
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Critical Warnings
- Chapter 2.9: Tier 2—Security Facilitator
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Chapter 2.9.1: Tier 2—Security Facilitator—Story
- Jimmy Vo
- Chapter 2.a: Tier 2—Policy Administrator
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Chapter 2.b: Tier 2—Trainer-Educator
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Chapter 2.c: Tier 2—Quality Assurance
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Chapter 2.d: Tier 2—Subject Matter Expert
- Abstract
- Introduction
- How to Break in
- How to Improve Your skills
- Recognizing When You’re Stuck
- How to Get out
- Chapter 2.d.1: Tier 2—Subject Matter Expert—Story
- Michael Huber
- Chapter 2.e: Tier 2—Lateral: Physical Security
- Abstract
- Introduction—How This Applies
- What Skills This Gives You
- What Skills You Might Still Need
- How to Frame Your Skills
- Differences between Where You are and Information Security
- Chapter 2.f: Tier 2—Lateral: Military
- Abstract
- Introduction—How This Applies
- What Skills This Gives You
- What Skills You Might Still Need
- How to Frame Your Skills
- Differences between Where You are and Information Security
- Chapter 2.g: Tier 2—Lateral: Law Enforcement
- Abstract
- Introduction—How This Applies
- What Skills This Gives You
- What Skills You Might Still Need
- How to Frame Your Skills
- Differences between Where You are and Information Security
- Chapter 2.g.1: Tier 2—Lateral: Law Enforcement—Story
- Joshua Marpet
- Chapter 2.h: Tier 2—Lateral: Legal—Lawyers
- Abstract
- Introduction—How This Applies
- What Skills This Gives You
- What Skills You Might Still Need
- How to Frame Your Skills
- Differences between Where You are and Information Security
- Chapter 2.i: Tier 2—Lateral: Sales
- Abstract
- Introduction—How This Applies
- What Skills This Gives You
- What Skills You Might Still Need
- How to Frame Your Skills
- Differences between Where You are and Information Security
- Chapter 2.j: Tier 2—Lateral: Project Management
- Abstract
- Introduction—How This Applies
- What Skills This Gives You
- What Skills You Might Still Need
- How to Frame Your Skills
- Differences between Where You are and Information Security
- Chapter 2.k: Tier 2—Lateral: Non-IT Engineering—Architecture—Science
- Abstract
- Introduction—How This Applies
- What Skills This Gives You
- What Skills You Might Still Need
- How to Frame Your Skills
- Differences between Where You are and Information Security
- Chapter 2.l: Tier 2—Lateral: Accounting
- Abstract
- Introduction—How This Applies
- What Skills This Gives You
- What Skills You Might Still Need
- How to Frame Your Skills
- Differences between Where You are and Information Security
- Chapter 2.m: Tier 2—Lateral: Business Analyst
- Abstract
- Introduction—How This Applies
- What Skills This Gives You
- What Skills You Might Still Need
- How to Frame Your Skills
- Differences between Where You are and Information Security
- Chapter 3.0: Tier 3—Teach
- Abstract
- Why Teaching Matters
- Short-Term Teaching
- Long-Term Teaching
- Mentoring
- Chapter 3.1: Tier 3—Pen Test Lead
- Abstract
- Introduction
- How to Break in
- How to Improve Skills—Yours and Others
- Recognizing When You’re Stuck
- Role at a Glance—Penetration Testing Lead
- Chapter 3.2: Tier 3—Security Architect
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Critical Warnings
- Chapter 3.3: Tier 3—Lead Auditor
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Chapter 3.4: Tier 3—Lead Security-Risk Assessor
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Recognizing When You’re Stuck
- How to Get out
- Chapter 3.5: Tier 3—Tiger Team Member—Tiger Team Lead (Red Team)
- Abstract
- Introduction
- How to Break in
- Recognizing When You’re Stuck
- When Others are Stuck
- Chapter 3.6: Tier 3—Security Consultant
- Abstract
- Introduction
- How to Break in
- How to Improve Skills—Yours and Others
- Recognizing When You’re Stuck
- When Others are Stuck
- Rules of Thumb
- Chapter 3.7: Tier 3—Security Management (CSO, CISO, CPO)
- Abstract
- Introduction
- How to Break in
- How to Improve Skills—Yours and Others
- Recognizing When You’re Stuck
- Rules of Thumb
- Chapter 3.8: Tier 3—Lateral: CPA
- Abstract
- Introduction
- How to Break in
- How to Break out
- Dealing with Differences
- Chapter 3.a: Tier 3—Lateral: General Management
- Abstract
- Introduction
- How to Break in
- How to Break out
- Dealing with Differences
- Chapter 3.b: Tier 3—Lateral: Technical Architect
- Abstract
- Introduction
- How to Break in
- How to Improve Your Skills
- Critical Warnings
- Chapter 3.c: Tier 3—Lateral: Entrepreneur
- Abstract
- Introduction
- How to Break in
- Chapter 3.c.1: Tier 3—Lateral: Entrepreneur—Story
- Greg Sullivan
- Chapter 3.d: Tier 3—Lateral: Academia
- Abstract
- Introduction—How This Applies
- What Skills This Gives You
- What Skills You Might Still Need
- How to Frame Your Skills
- Differences between Where You are and Information Security
- Chapter 4.0: Boosting
- Abstract
- Introduction
- Separate Cycles
- Explorations
- Disadvantages of Boosting
- Chapter 4.1: Boosting—Author (Blogs, Magazines, Books)
- Abstract
- Introduction—What This Is
- Why You Might Want to Devote Time to This
- How This Might Cost You
- How to Get Started
- When You Might Want to Stop
- What Skills This Gives You
- What Skills You Might Still Need
- Chapter 4.2: Boosting—Developer (Open Source)
- Abstract
- Introduction—What This Is
- Why You Might Want to Devote Time to This
- How This Might Cost You
- How to Get Started
- When You Might Want to Stop
- What Skills This Gives You
- What Skills You Might Still Need
- Chapter 4.3: Boosting—Developer/Entrepreneur (Closed or Open Source)
- Abstract
- Introduction—What This Is
- Why You Might Want to Devote Time to This
- How This Might Cost You
- How to Get Started
- What Skills This Gives You
- What Skills You Might Still Need
- Chapter 4.4: Boosting—Evangelist (Security, Privacy)
- Abstract
- Introduction—What This Is
- Why You Might Want to Devote Time to This
- How This Might Cost You
- How to Get Started
- When You Might Want to Stop
- What Skills This Gives You
- What Skills You Might Still Need
- Chapter 4.5: Boosting—Researcher (Security, Vulnerability, Etc.)
- Abstract
- Introduction—What This Is
- Why You Might Want to Devote Time to This
- How This Might Cost You
- How to Get Started
- When You Might Want to Stop
- What Skills This Gives You
- What Skills You Might Still Need
- Chapter 4.6: Boosting—Speaker (Local Events, Podcasts, Webcasts, Etc.)
- Abstract
- Introduction—What This Is
- Why You Might Want to Devote Time to This
- How This Might Cost You
- How to Get Started
- When You Might Want to Stop
- What Skills This Gives You
- What Skills You Might Still Need
- Chapter 4.7: Community Support (Documentation, Bug Prioritization, Project Management)
- Abstract
- Introduction—What This Is
- Why You Might Want to Devote Time to This
- How This Might Cost You
- How to Get Started
- When You Might Want to Stop
- What Skills This Gives You
- What Skills You Might Still Need
- Chapter 4.8: Conference Support (Founding, Attending, Volunteering, Running, Leading)
- Abstract
- Introduction—What This Is
- Why You Might Want to Devote Time to This
- How This Might Cost You
- How to Get Started
- When You Might Want To Stop
- What Skills This Gives You
- What Skills You Might Still Need
- Chapter 4.9: User Group Support (Founding, Attending, Volunteering, Running, Leading)
- Abstract
- Introduction
- Why You Might Want to Devote Time to This
- How This Might Cost You
- How to Get Started
- When You Might Want To Stop
- What Skills This Gives You
- What Skills You Might Still Need
- Conclusion
- Appendix
- Subject Index
- Congratulations
- Edition: 1
- Published: December 19, 2015
- Imprint: Syngress
- Language: English
JM
Josh More
Josh has over fifteen years of experience in IT, and ten years working in Security. Though today, he primarily works as a security consultant, he has also worked in roles ranging from user to developer to system administrator. He holds several security and technical certifications and serves in a leadership position on several security-focused groups. He writes a blog on security at www.starmind.org and www.rjssoftware.com. As security works best from a holistic approach, he works all angles: risk assessments, posture analysis, incident response, malware analysis, infrastructure defense, system forensics, employee training and business strategy. Josh More works at RJS Software Systems, a national data management and security company.
Affiliations and expertise
Senior Security Consultant, RJS Smart Security (CISSP, GIAC-GCIH, GIAC-GSLC)AS
Anthony J. Stieber
Anthony J. Stieber has over 18 years of experience in the information technology industry working in academia, banks, retail, and insurance; designing enterprise security architectures, installing military and commercial firewalls; engineering medical diagnostic systems; reverse-engineering Internet stores; encrypting Fortune 100 enterprises; providing expertise for court cases; speaking at information security conferences; becoming an apprentice locksmith and a published writer.
Affiliations and expertise
has over 18 years of experience in the information technology industryCL
Chris Liu
Chris Liu has over 15 years of information technology experience, a CISSP, CISM, and no idea how he ended up where is. He has been a help desk technician, network administrator, quality assurance engineer, release manager, IT manager, instructor, developer, consultant, and product development manager, and is currently an information security professional. He is proof that careers sometimes only make sense in retrospect.
Affiliations and expertise
15 years of information technology experience, a CISSP and CISM.Read Breaking into Information Security on ScienceDirect