BKINFCAH.RVW 20051106
"InfoSec Career Hacking", Aaron W. Bayles et al,
2005, 1-597490-11-3,
U$39.95/C$55.95
%A Aaron W. Bayles et al
%C 800 Hingham Street, Rockland, MA 02370
%D 2005
%G 1-597490-11-3
%I Syngress Media, Inc.
%O U$39.95/C$55.95 781-681-5151 fax: 781-681-3585 amy syngress.com
%O http://www.amazon.com/exec/obidos/ASIN/1597490
113/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/159
7490113/robsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASIN/159749011
3/robsladesin03-20
%O Audience i- Tech 1 Writing 1 (see revfaq.htm for
explanation)
%P 441 p.
%T "InfoSec Career Hacking: Sell Your Skillz, Not
Your Soul"
The book seems to want to structure itself along the
standard network
attack model, and therefore part one is reconnaissance.
Chapter one
is supposed to define INFOSEC (information security as a
career), but
seems to do so from the perspective of the Rainbow series
books, thus
dating itself to the late 80s, and limiting the audience to
the US
DoD. Standard advice on researching the company you want to
work for
is given in chapter two. (The infosec specific advice is,
again,
restricted to the US federal government.)
"Enumerate" usually means
to collect detailed information on the basis of initial
data, but
chapter three provides the normal advice on building
"networks" of
contacts. Common resume, interview, and offer assessment
advice is in
chapter four.
Part two moves on to technical skills. (When I wrote my
first book,
and asked for advice from people who had done it before, I
received
one suggestion that I should know what I was talking about
first. At
the time I was a bit offended, but I've since realized that
the
admonition was based in broad experience: an awful lot of
people in
this field really don't know what they are talking about.
If you need
the skills described in this book, you really have no
business
pursuing a career in information security.) Chapter five
talks about
security "laws;" basic security advice. (The text
is not always
accurate: it is not necessary for properly engineered
systems to
decrypt or decode passwords in order to perform access
control.)
Questionable suggestions on tools for an attack lab are
given in
chapter six, which we will charitably assume indicates an
interest in
security research. (The content would be of very limited
practical
value for a career.) Chapter seven contains an overly
complex
discussion of disclosure. (It may be related to the
research in six,
and networking in three, but otherwise wouldn't have much to
do with a
career search.) A few types of attacks are listed in
chapter eight.
Part three is supposedly about activities on the job.
Chapter nine
provides miscellaneous system development and project
management
counsel. Chapter ten is nominally about vulnerability
remediation,
but concentrates on providing seminars for others, and
getting extra
training yourself. Incident response, in chapter eleven, is
apparently equated with disaster recovery and an inventory
of
vulnerability assessment tools. Chapter twelve finishes off
with a
grab bag of leftover topics.
This book is full of pedestrian advice that is not terribly
useful
regardless of where you are in your infosec career.
copyright Robert M. Slade, 2005 BKINFCAH.RVW 20051106
====================== (quote inserted randomly by Pegasus
Mailer)
rsladevcn.bc.ca sladevictoria.tc.ca
rsladesun.soci.niu.edu
Why do so many of America's young schoolchildren kill each
other?
We asked Charlton Heston!
http://victoria.tc.ca/t
echrev or http://sun.soci.niu.e
du/~rslade
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://g
roups.yahoo.com/group/CISSP-Discuss/
<*> To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.c
om/info/terms/
|