An information security professional or “InfoSec Pro” is responsible for protecting IT infrastructure including but not limited to devices, networks, software, and applications. InfoSec Pros are trained to find exploitable weaknesses and fix any potential issues to mitigate and minimize the risk of an attack.

However, the information security field is vast, and navigating a career as someone new or looking to explore other opportunities in the space can feel daunting and uncertain. From understanding enterprise operations, security engineering, and the cloud, to learning how to navigate the number of situations or blockers—these are some of the things you will encounter throughout your career in this industry.

When I was approached to create this book, I envisioned a guide full of practical and actionable advice to better help practitioners navigate the space. Whether you are curious and entry-level or have decades of experience, this book intends to help guide you through your journey by providing practical and technical knowledge you can put into practice starting today. It contains a collection of articles from a global set of information security practitioners, and provides readers with the best practices on solving shared security issues, valuable advice for navigating careers within this industry, and tools needed to solve everyday problems.

We hope that this book will help you better understand and put to practice:

  • How to get started, whether you are new to the space or want to pivot into a different path within Information Security.
  • How to assess an organization’s security posture, and build and scale an Information Security team and program.
  • How to understand and implement security and risk management controls.
  • How to effectively communicate the importance of Information Security to C-level executives and more.

This book was born, written, and edited in 2020-2021, during a global pandemic. I am deeply grateful to everyone who contributed during a very challenging time. I would personally like to thank each contributing author for sharing their expertise, wisdom, and time. I also want to thank everyone at O’Reilly for making this possible.

My goal is that the articles in this book help you in your career day to day and continue to inspire you to ask questions, challenge assumptions, remain curious, and navigate the journey with ease and grace.

I hope you enjoy it!

O’Reilly Online Learning


For more than 40 years, O’Reilly Media has provided technology and business training, knowledge, and insight to help companies succeed.

Our unique network of experts and innovators share their knowledge and expertise through books, articles, and our online learning platform. O’Reilly’s online learning platform gives you on-demand access to live training courses, in-depth learning paths, interactive coding environments, and a vast collection of text and video from O’Reilly and 200+ other publishers. For more information, visit

How to Contact Us

Please address comments and questions concerning this book to the publisher:

  • O’Reilly Media, Inc.
  • 1005 Gravenstein Highway North
  • Sebastopol, CA 95472
  • 800-998-9938 (in the United States or Canada)
  • 707-829-0515 (international or local)
  • 707-829-0104 (fax)

We have a web page for this book, where we list errata, examples, and any additional information. You can access this page at

Email to comment or ask technical questions about this book.

For news and information about our books and courses, visit

Find us on Facebook:

Follow us on Twitter:

Watch us on YouTube:

Get 97 Things Every Information Security Professional Should Know now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.