97 Things Every Information Security Professional Should Know

Book description

Whether you're searching for new or additional opportunities, information security can be vast and overwhelming. In this practical guide, author Christina Morillo introduces technical knowledge from a diverse range of experts in the infosec field. Through 97 concise and useful tips, you'll learn how to expand your skills and solve common issues by working through everyday security problems.

You'll also receive valuable guidance from professionals on how to navigate your career within this industry. How do you get buy-in from the C-suite for your security program? How do you establish an incident and disaster response plan? This practical book takes you through actionable advice on a wide variety of infosec topics, including thought-provoking questions that drive the direction of the field.

  • Continuously Learn to Protect Tomorrow's Technology - Alyssa Columbus
  • Fight in Cyber Like the Military Fights in the Physical - Andrew Harris
  • Keep People at the Center of Your Work - Camille Stewart
  • Infosec Professionals Need to Know Operational Resilience - Ann Johnson
  • Taking Control of Your Own Journey - Antoine Middleton
  • Security, Privacy, and Messy Data Webs: Taking Back Control in Third-Party Environments - Ben Brook
  • Every Information Security Problem Boils Down to One Thing - Ben Smith
  • Focus on the WHAT and the Why First, Not the Tool - Christina Morillo

Publisher resources

View/Submit Errata

Table of contents

  1. Preface
    1. O’Reilly Online Learning
    2. How to Contact Us
  2. 1. Continuously Learn to Protect Tomorrow’s Technology
    1. Alyssa Columbus
  3. 2. Fight in Cyber like the Military Fights in the Physical
    1. Andrew Harris
  4. 3. Three Major Planes
    1. Andrew Harris
  5. 4. InfoSec Professionals Need to Know Operational Resilience
    1. Ann Johnson
  6. 5. Taking Control of Your Own Journey
    1. Antoine Middleton
  7. 6. Security, Privacy, and Messy Data Webs: Taking Back Control in Third-Party Environments
    1. Ben Brook
  8. 7. Every Information Security Problem Boils Down to One Thing
    1. Ben Smith
  9. 8. And in This Corner, It’s Security Versus the Business!
    1. Ben Smith
  10. 9. Don’t Overlook Prior Art from Other Industries
    1. Ben Smith
  11. 10. Powerful Metrics Always Lose to Poor Communication
    1. Ben Smith
  12. 11. “No” May Not Be a Strategic Word
    1. Brian Gibbs
  13. 12. Keep People at the Center of Your Work
    1. Camille Stewart
  14. 13. Take a Beat: Thinking Like a Firefighter for Better Incident Response
    1. Catherine J. Ullman
  15. 14. A Diverse Path to Better Security Professionals
    1. Catherine J. Ullman
  16. 15. It’s Not About the Tools
    1. Chase Pettet
  17. 16. Four Things to Know About Cybersecurity
    1. Chloé Messdaghi
  18. 17. Vetting Resources and Having Patience when Learning Information Security Topics
    1. Christina Lang
  19. 18. Focus on the What and the Why First, Not the Tool
    1. Christina Morillo
  20. 19. Insiders Don’t Care for Controls
    1. Damian Finol
  21. 20. Identity and Access Management: The Value of User Experience
    1. Dane Bamburry
  22. 21. Lessons from Cross-Training in Law
    1. Danny Moules
  23. 22. Ransomware
    1. David McKenzie
  24. 23. The Key to Success in Your Cloud Journey Begins with the Shared Responsibility Model
    1. Dominique West
  25. 24. Why InfoSec Practitioners Need to Know About Agile and DevOps
    1. Fernando Ike
  26. 25. The Business Is Always Right
    1. Frank McGovern
  27. 26. Why Choose Linux as Your Secure Operating System?
    1. Gleydson Mazioli da Silva
  28. 27. New World, New Rules, Same Principles
    1. Guillaume Blaquiere
  29. 28. Data Protection: Impact on Software Development
    1. Guy Lépine
  30. 29. An Introduction to Security in the Cloud
    1. Gwyneth Peña-Siguenza
  31. 30. Knowing Normal
    1. Gyle dela Cruz
  32. 31. All Signs Point to a Schism in Cybersecurity
    1. Ian Barwise
  33. 32. DevSecOps Is Evolving to Drive a Risk-Based Digital Transformation
    1. Idan Plotnik
  34. 33. Availability Is a Security Concern Too
    1. Jam Leomi
  35. 34. Security Is People
    1. James Bore
  36. 35. Penetration Testing: Why Can’t It Be Like the Movies?!
    1. Jasmine M. Jackson
  37. 36. How Many Ingredients Does It Take to Make an Information Security Professional?
    1. Jasmine M. Jackson
  38. 37. Understanding Open Source Licensing and Security
    1. Jeff Luszcz
  39. 38. Planning for Incident Response Customer Notifications
    1. JR Aquino
  40. 39. Managing Security Alert Fatigue
    1. Julie Agnes Sparks
  41. 40. Take Advantage of NIST’s Resources
    1. Karen Scarfone
  42. 41. Apply Agile SDLC Methodology to Your Career
    1. Keirsten Brager
  43. 42. Failing Spectacularly
    1. Kelly Shortridge
  44. 43. The Solid Impact of Soft Skills
    1. Kim Z. Dale
  45. 44. What Is Good Cyber Hygiene Within Information Security?
    1. Lauren Zink
  46. 45. Phishing
    1. Lauren Zink
  47. 46. Building a New Security Program
    1. Lauren Zink
  48. 47. Using Isolation Zones to Increase Cloud Security
    1. Lee Atchison
  49. 48. If It’s Remembered for You, Forensics Can Uncover It
    1. Lodrina Cherne
  50. 49. Certifications Considered Harmful
    1. Louis Nyffenegger
  51. 50. Security Considerations for IoT Device Management
    1. Mansi Thakar
  52. 51. Lessons Learned: Cybersecurity Road Trip
    1. Mansi Thakar
  53. 52. Finding Your Voice
    1. Maresa Vermulst
  54. 53. Best Practices with Vulnerability Management
    1. Mari Galloway
  55. 54. Social Engineering
    1. Marina Ciavatta
  56. 55. Stalkerware: When Malware and Domestic Abuse Coincide
    1. Martijn Grooten
  57. 56. Understanding and Exploring Risk
    1. Dr. Meg Layton
  58. 57. The Psychology of Incident Response
    1. Melanie Ensign
  59. 58. Priorities and Ethics/Morality
    1. Michael Weber
  60. 59. DevSecOps: Continuous Security Has Come to Stay
    1. Michelle Ribeiro
  61. 60. Cloud Security: A 5,000 Mile View from the Top
    1. Michelle Taggart
  62. 61. Balancing the Risk and Productivity of Browser Extensions
    1. Mike Mackintosh
  63. 62. Technical Project Ideas Towards Learning Web Application Security
    1. Ming Chow
  64. 63. Monitoring: You Can’t Defend Against What You Don’t See
    1. Mitch B. Parker
  65. 64. Documentation Matters
    1. Najla Lindsay
  66. 65. The Dirty Truth Behind Breaking into Cybersecurity
    1. Naomi Buckwalter
  67. 66. Cloud Security
    1. Nathan Chung
  68. 67. Empathy and Change
    1. Nick Gordon
  69. 68. Information Security Ever After
    1. Nicole Dorsett
  70. 69. Don’t Check It In!
    1. Patrick Schiess
  71. 70. Threat Modeling for SIEM Alerts
    1. Phil Swaim
  72. 71. Security Incident Response and Career Longevity
    1. Priscilla Li
  73. 72. Incident Management
    1. Quiessence Phillips
  74. 73. Structure over Chaos
    1. Rob Newby
  75. 74. CWE Top 25 Most Dangerous Software Weaknesses
    1. Rushi Purohit
  76. 75. Threat Hunting Based on Machine Learning
    1. Saju Thomas Paul and Harshvardhan Parmar
  77. 76. Get In Where You Fit In
    1. Sallie Newton
  78. 77. Look Inside and See What Can Be
    1. Sam Denard
  79. 78. DevOps for InfoSec Professionals
    1. Sasha Rosenbaum
  80. 79. Get Familiar with R&R (Risk and Resilience)
    1. Shinesa Cambric
  81. 80. Password Management
    1. Siggi Bjarnason
  82. 81. Let’s Go Phishing
    1. Siggi Bjarnason
  83. 82. Vulnerability Management
    1. Siggi Bjarnason
  84. 83. Reduce Insider Risk Through Employee Empowerment
    1. Stacey Champagne
  85. 84. Fitting Certifications into Your Career Path
    1. Steven Becker
  86. 85. Phishing Reporting Is the Best Detection
    1. Steven Becker
  87. 86. Know Your Data
    1. Steve Taylor
  88. 87. Don’t Let the Cybersecurity Talent Shortage Leave Your Firm Vulnerable
    1. Tim Maliyil
  89. 88. Comfortable Versus Confident
    1. Tkay Rice
  90. 89. Some Thoughts on PKI
    1. Tarah Wheeler
  91. 90. What Is a Security Champion?
    1. Travis F. Felder
  92. 91. Risk Management in Information Security
    1. Trevor Bryant
  93. 92. Risk, 2FA, MFA, It’s All Just Authentication! Isn’t It?
    1. Unique Glover
  94. 93. Things I Wish I Knew Before Getting into Cybersecurity
    1. Valentina Palacin
  95. 94. Research Is Not Just for Paper Writing
    1. Vanessa Redman
  96. 95. The Security Practitioner
    1. Wayne A. Howell Jr.
  97. 96. Threat Intelligence in Two Steps
    1. Xena Olsen
  98. 97. Maintaining Compliance and Information Security with Blue Team Assistance
    1. Yasmin Schlegel
  99. Contributors
  100. Index
  101. About the Editor

Product information

  • Title: 97 Things Every Information Security Professional Should Know
  • Author(s): Christina Morillo
  • Release date: September 2021
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781098101398