Book description
“InfoSec Career Hacking starts out by describing the many, different InfoSec careers available including Security Engineer, Security Analyst, Penetration Tester, Auditor, Security Administrator, Programmer, and Security Program Manager. The particular skills required by each of these jobs will be described in detail, allowing the reader to identify the most appropriate career choice for them.Next, the book describes how the reader can build his own test laboratory to further enhance his existing skills and begin to learn new skills and techniques. The authors also provide keen insight on how to develop the requisite soft skills to migrate form the hacker to corporate world.
* The InfoSec job market will experience explosive growth over the next five years, and many candidates for these positions will come from thriving, hacker communities
* Teaches these hackers how to build their own test networks to develop their skills to appeal to corporations and government agencies
* Provides specific instructions for developing time, management, and personal skills to build a successful InfoSec career
Table of contents
- Cover image
- Title page
- Table of Contents
- Copyright
- Acknowledgments
- Author Dedication
- Lead Author and Technical Editor
- Contributing Authors
- Technical Reviewer
- Foreword Contributor
- Foreword
- Part I: Recon/Assessment
-
Part II: Technical Skills
-
Chapter 5: The Laws of Security
- Introduction
- Knowing the Laws of Security
- Client-Side Security Doesn’t Work
- You Cannot Securely Exchange Encryption Keys without a Shared Piece of Information
- Malicious Code Cannot Be 100 Percent Protected against
- Any Malicious Code Can Be Completely Morphed to Bypass Signature Detection
- Firewalls Cannot Protect You 100 Percent from Attack
- Any IDS Can Be Evaded
- Secret Cryptographic Algorithms Are Not Secure
- If a Key Is Not Required, You Do Not Have Encryption—You Have Encoding
- Passwords Cannot Be Securely Stored on the Client Unless There Is Another Password to Protect Them
- In Order for a System to Begin to Be Considered Secure, It Must Undergo an Independent Security Audit
- Security through Obscurity Does Not Work
- Summary
- Solutions Fast Track
- Frequently Asked Questions
- Chapter 6: No Place Like/home—Creating an Attack Lab
-
Chapter 7: Vulnerability Disclosure
- Introduction
- Vulnerability Disclosure and Cyber Adversaries
- “Free For All”: Full Disclosure
- Unfixed Vulnerability Attack Capability and Attack Inhibition Considerations
- Probability of Success Given an Attempt
- Probability of Detection Given an Attempt
- “Symmetric” Full Disclosure
- Responsible Restricted “Need to Know” Disclosure
- Responsible, Partial Disclosure and Attack Inhibition Considerations
- “Responsible” Full Disclosure
- Responsible, Full Disclosure Capability and Attack Inhibition Considerations
- Security Firm “Value Added” Disclosure Model
- Value-Add Disclosure Model Capability and Attack Inhibition Considerations
- Non-Disclosure
- The Vulnerability Disclosure Pyramid Metric
- Pyramid Metric Capability and Attack Inhibition
- Pyramid Metric and Capability—A Composite Picture Pyramid
- Comparison of Mean Inhibitor Object Element Values
- The Disclosure Food Chain
- Summary
- Frequently Asked Questions
- Chapter 8: Classes of Attack
-
Chapter 5: The Laws of Security
- Part III: On the Job
- Index
Product information
- Title: InfoSec Career Hacking: Sell Your Skillz, Not Your Soul
- Author(s):
- Release date: June 2005
- Publisher(s): Syngress
- ISBN: 9780080489032
You might also like
book
Hacking Healthcare
Ready to take your IT skills to the healthcare industry? This concise book provides a candid …
book
Cyber Forensics: From Data to Digital Evidence
An explanation of the basic principles of data This book explains the basic principles of data …
book
EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition
The official, Guidance Software-approved book on the newest EnCE exam! The EnCE exam tests that computer …
book
Infosec Management Fundamentals
Infosec Management Fundamentals is a concise overview of the Information Security management concepts and techniques, providing …