O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Breaking into Information Security

Book Description

Whether you want to break into information security, move from one job to another, or transition into management, Breaking into Information Security will help. No other book surveys all the different jobs available in the industry, frankly discusses the positives and negatives of each, and what you need to learn to get into and out of each role.

Unlike books that focus on a specific skill set or on how to gain a certification or get a job, this book encompasses the "big picture," including why certifications, if any, are worthwhile for you. In a profession where new career paths aren’t always clear, Breaking into Information Security will teach you how to identify where you are in your career today, understand where you wish to go, and provide proven methods to get there.

From entry-level jobs to the extremely specific skills needed to be an InfoSec consultant, this book covers it all, including in-job skill building, working within the community, and building your skills after hours. If you are seeking to advance in the highly competitive field of information security, this book will give you the edge you need to break in.

  • The most practical guide to starting your career in information security, or advancing to the next level
  • Presented in a “level-up” gaming framework for career progression, with a “Learn, Do, Teach” approach through three tiers of InfoSec jobs
  • Provides examples of specific roles and career paths in each job tier so you can identify and max out skills for the role you want
  • Learn how to advance to management and training roles, as well as the specific skills you need to become an independent consultant
  • Find out about career "booster paths" to help you advance your career at high speed

Table of Contents

  1. Cover
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Author Biographies
  6. Acknowledgments
  7. Chapter 0.1: Introduction
    1. Abstract
    2. Introduction
    3. Who Should Read This Book
    4. How to Read This Book
    5. Notes from the Authors
  8. Chapter 0.2: Models
    1. Abstract
    2. Models
    3. Learn/Do/Teach
    4. Information Security Models
    5. Job Requirements
    6. Striking a Balance
  9. Chapter 0.3: Model Failures
    1. Abstract
    2. Barriers
    3. Human Resources
    4. Corporate Culture
  10. Chapter 1.0: Tier 1—Learn
    1. Abstract
    2. Learn/Do/Teach
    3. Why Learning Matters
    4. How to Learn
    5. Breaking Down to Break in
  11. Chapter 1.1: Tier 1—Log Reviewer
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
    7. Critical Warnings
  12. Chapter 1.2: Tier 1—Patch Management
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
    7. Critical Warnings
  13. Chapter 1.3: Tier 1—Help Desk
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
  14. Chapter 1.3.1: Tier 1—Help Desk—Story
    1. Jim Chan
  15. Chapter 1.4: Tier 1—Coder/Developer
    1. Abstract
    2. Introduction
    3. How to Break in—Preliminaries
    4. How to Break in—Beyond the Basics
    5. How to Improve Your Skills
    6. Recognizing When You’re Stuck
    7. How to Get out
    8. Critical Warnings
  16. Chapter 1.5: Tier 1—System Administrator
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
    7. Critical Warnings
  17. Chapter 1.5.1: Tier 1— System Administrator Story
    1. Alan Waggoner
  18. Chapter 1.6: Tier 1—Network Administrator
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
    7. Critical Warnings
  19. Chapter 1.6.1: Tier 1—Network Administrator
    1. David Henning
  20. Chapter 1.7: Tier 1—Security Coordinator
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
  21. Chapter 1.8: Tier 1—Trainer-Educator
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
  22. Chapter 1.8.1: Tier 1—Trainer-Educator
    1. Stephen Northcutt
  23. Chapter 1.9: Tier 1—Quality Tester
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
  24. Chapter 1.9.1: Tier 1—Quality Tester Story
    1. Mak Kolybabi
  25. Chapter 1.a: Tier 1—Subject Matter Specialist
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
  26. Chapter 2.0: Tier 2.0—Do
    1. Abstract
    2. Doing
    3. Test-Driven Development/Sprinting
    4. Information Security and Silos
    5. Other Career Paths
    6. Booster Paths
    7. How to Do
    8. Working with Others
    9. Making Mistakes Matters
  27. Chapter 2.1: Tier 2—Pen Tester
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
  28. Chapter 2.2: Tier 2—Vulnerability Management
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
  29. Chapter 2.3: Tier 2—Security Assessor
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
  30. Chapter 2.4: Tier 2—Risk Assessor
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
  31. Chapter 2.5: Tier 2—Auditor
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
  32. Chapter 2.6: Tier 2—Incident Responder
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
  33. Chapter 2.6.1: Tier 2—Incident Responder—Story
    1. John Meyers
  34. Chapter 2.7: Tier 2—Wildcard
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
  35. Chapter 2.7.1: Tier 2—Wildcard—Story
    1. Travis Abrams
  36. Chapter 2.8: Tier 2—Advanced Help Desk—Help Desk Supervisor
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
    7. Critical Warnings
  37. Chapter 2.9: Tier 2—Security Facilitator
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
  38. Chapter 2.9.1: Tier 2—Security Facilitator—Story
    1. Jimmy Vo
  39. Chapter 2.a: Tier 2—Policy Administrator
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
  40. Chapter 2.b: Tier 2—Trainer-Educator
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
  41. Chapter 2.c: Tier 2—Quality Assurance
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
  42. Chapter 2.d: Tier 2—Subject Matter Expert
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your skills
    5. Recognizing When You’re Stuck
    6. How to Get out
  43. Chapter 2.d.1: Tier 2—Subject Matter Expert—Story
    1. Michael Huber
  44. Chapter 2.e: Tier 2—Lateral: Physical Security
    1. Abstract
    2. Introduction—How This Applies
    3. What Skills This Gives You
    4. What Skills You Might Still Need
    5. How to Frame Your Skills
    6. Differences between Where You are and Information Security
  45. Chapter 2.f: Tier 2—Lateral: Military
    1. Abstract
    2. Introduction—How This Applies
    3. What Skills This Gives You
    4. What Skills You Might Still Need
    5. How to Frame Your Skills
    6. Differences between Where You are and Information Security
  46. Chapter 2.g: Tier 2—Lateral: Law Enforcement
    1. Abstract
    2. Introduction—How This Applies
    3. What Skills This Gives You
    4. What Skills You Might Still Need
    5. How to Frame Your Skills
    6. Differences between Where You are and Information Security
  47. Chapter 2.g.1: Tier 2—Lateral: Law Enforcement—Story
    1. Joshua Marpet
  48. Chapter 2.h: Tier 2—Lateral: Legal—Lawyers
    1. Abstract
    2. Introduction—How This Applies
    3. What Skills This Gives You
    4. What Skills You Might Still Need
    5. How to Frame Your Skills
    6. Differences between Where You are and Information Security
  49. Chapter 2.i: Tier 2—Lateral: Sales
    1. Abstract
    2. Introduction—How This Applies
    3. What Skills This Gives You
    4. What Skills You Might Still Need
    5. How to Frame Your Skills
    6. Differences between Where You are and Information Security
  50. Chapter 2.j: Tier 2—Lateral: Project Management
    1. Abstract
    2. Introduction—How This Applies
    3. What Skills This Gives You
    4. What Skills You Might Still Need
    5. How to Frame Your Skills
    6. Differences between Where You are and Information Security
  51. Chapter 2.k: Tier 2—Lateral: Non-IT Engineering—Architecture—Science
    1. Abstract
    2. Introduction—How This Applies
    3. What Skills This Gives You
    4. What Skills You Might Still Need
    5. How to Frame Your Skills
    6. Differences between Where You are and Information Security
  52. Chapter 2.l: Tier 2—Lateral: Accounting
    1. Abstract
    2. Introduction—How This Applies
    3. What Skills This Gives You
    4. What Skills You Might Still Need
    5. How to Frame Your Skills
    6. Differences between Where You are and Information Security
  53. Chapter 2.m: Tier 2—Lateral: Business Analyst
    1. Abstract
    2. Introduction—How This Applies
    3. What Skills This Gives You
    4. What Skills You Might Still Need
    5. How to Frame Your Skills
    6. Differences between Where You are and Information Security
  54. Chapter 3.0: Tier 3—Teach
    1. Abstract
    2. Why Teaching Matters
    3. Short-Term Teaching
    4. Long-Term Teaching
    5. Mentoring
  55. Chapter 3.1: Tier 3—Pen Test Lead
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Skills—Yours and Others
    5. Recognizing When You’re Stuck
    6. Role at a Glance—Penetration Testing Lead
  56. Chapter 3.2: Tier 3—Security Architect
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
    7. Critical Warnings
  57. Chapter 3.3: Tier 3—Lead Auditor
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
  58. Chapter 3.4: Tier 3—Lead Security-Risk Assessor
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Recognizing When You’re Stuck
    6. How to Get out
  59. Chapter 3.5: Tier 3—Tiger Team Member—Tiger Team Lead (Red Team)
    1. Abstract
    2. Introduction
    3. How to Break in
    4. Recognizing When You’re Stuck
    5. When Others are Stuck
  60. Chapter 3.6: Tier 3—Security Consultant
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Skills—Yours and Others
    5. Recognizing When You’re Stuck
    6. When Others are Stuck
    7. Rules of Thumb
  61. Chapter 3.7: Tier 3—Security Management (CSO, CISO, CPO)
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Skills—Yours and Others
    5. Recognizing When You’re Stuck
    6. Rules of Thumb
  62. Chapter 3.8: Tier 3—Lateral: CPA
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Break out
    5. Dealing with Differences
  63. Chapter 3.a: Tier 3—Lateral: General Management
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Break out
    5. Dealing with Differences
  64. Chapter 3.b: Tier 3—Lateral: Technical Architect
    1. Abstract
    2. Introduction
    3. How to Break in
    4. How to Improve Your Skills
    5. Critical Warnings
  65. Chapter 3.c: Tier 3—Lateral: Entrepreneur
    1. Abstract
    2. Introduction
    3. How to Break in
  66. Chapter 3.c.1: Tier 3—Lateral: Entrepreneur—Story
    1. Greg Sullivan
  67. Chapter 3.d: Tier 3—Lateral: Academia
    1. Abstract
    2. Introduction—How This Applies
    3. What Skills This Gives You
    4. What Skills You Might Still Need
    5. How to Frame Your Skills
    6. Differences between Where You are and Information Security
  68. Chapter 4.0: Boosting
    1. Abstract
    2. Introduction
    3. Separate Cycles
    4. Explorations
    5. Disadvantages of Boosting
  69. Chapter 4.1: Boosting—Author (Blogs, Magazines, Books)
    1. Abstract
    2. Introduction—What This Is
    3. Why You Might Want to Devote Time to This
    4. How This Might Cost You
    5. How to Get Started
    6. When You Might Want to Stop
    7. What Skills This Gives You
    8. What Skills You Might Still Need
  70. Chapter 4.2: Boosting—Developer (Open Source)
    1. Abstract
    2. Introduction—What This Is
    3. Why You Might Want to Devote Time to This
    4. How This Might Cost You
    5. How to Get Started
    6. When You Might Want to Stop
    7. What Skills This Gives You
    8. What Skills You Might Still Need
  71. Chapter 4.3: Boosting—Developer/Entrepreneur (Closed or Open Source)
    1. Abstract
    2. Introduction—What This Is
    3. Why You Might Want to Devote Time to This
    4. How This Might Cost You
    5. How to Get Started
    6. What Skills This Gives You
    7. What Skills You Might Still Need
  72. Chapter 4.4: Boosting—Evangelist (Security, Privacy)
    1. Abstract
    2. Introduction—What This Is
    3. Why You Might Want to Devote Time to This
    4. How This Might Cost You
    5. How to Get Started
    6. When You Might Want to Stop
    7. What Skills This Gives You
    8. What Skills You Might Still Need
  73. Chapter 4.5: Boosting—Researcher (Security, Vulnerability, Etc.)
    1. Abstract
    2. Introduction—What This Is
    3. Why You Might Want to Devote Time to This
    4. How This Might Cost You
    5. How to Get Started
    6. When You Might Want to Stop
    7. What Skills This Gives You
    8. What Skills You Might Still Need
  74. Chapter 4.6: Boosting—Speaker (Local Events, Podcasts, Webcasts, Etc.)
    1. Abstract
    2. Introduction—What This Is
    3. Why You Might Want to Devote Time to This
    4. How This Might Cost You
    5. How to Get Started
    6. When You Might Want to Stop
    7. What Skills This Gives You
    8. What Skills You Might Still Need
  75. Chapter 4.7: Community Support (Documentation, Bug Prioritization, Project Management)
    1. Abstract
    2. Introduction—What This Is
    3. Why You Might Want to Devote Time to This
    4. How This Might Cost You
    5. How to Get Started
    6. When You Might Want to Stop
    7. What Skills This Gives You
    8. What Skills You Might Still Need
  76. Chapter 4.8: Conference Support (Founding, Attending, Volunteering, Running, Leading)
    1. Abstract
    2. Introduction—What This Is
    3. Why You Might Want to Devote Time to This
    4. How This Might Cost You
    5. How to Get Started
    6. When You Might Want To Stop
    7. What Skills This Gives You
    8. What Skills You Might Still Need
  77. Chapter 4.9: User Group Support (Founding, Attending, Volunteering, Running, Leading)
    1. Abstract
    2. Introduction
    3. Why You Might Want to Devote Time to This
    4. How This Might Cost You
    5. How to Get Started
    6. When You Might Want To Stop
    7. What Skills This Gives You
    8. What Skills You Might Still Need
  78. Conclusion
  79. Appendix
  80. Subject Index
  81. Congratulations