InfoSec Career Hacking: Sell Your Skillz, Not Your Soul

InfoSec Career Hacking: Sell Your Skillz, Not Your Soul

1st Edition - June 2, 2005

Write a review

  • Authors: Chris Hurley, Johnny Long, Aaron Bayles, Ed Brindley
  • eBook ISBN: 9780080489032

Purchase options

Purchase options
DRM-free (EPub, Mobi, PDF)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order

Description

“InfoSec Career Hacking” starts out by describing the many, different InfoSec careers available including Security Engineer, Security Analyst, Penetration Tester, Auditor, Security Administrator, Programmer, and Security Program Manager. The particular skills required by each of these jobs will be described in detail, allowing the reader to identify the most appropriate career choice for them. Next, the book describes how the reader can build his own test laboratory to further enhance his existing skills and begin to learn new skills and techniques. The authors also provide keen insight on how to develop the requisite soft skills to migrate form the hacker to corporate world.

Key Features

* The InfoSec job market will experience explosive growth over the next five years, and many candidates for these positions will come from thriving, hacker communities

* Teaches these hackers how to build their own test networks to develop their skills to appeal to corporations and government agencies

* Provides specific instructions for developing time, management, and personal skills to build a successful InfoSec career

Table of Contents

  • Acknowledgments

    Author Dedication

    Lead Author and Technical Editor

    Contributing Authors

    Technical Reviewer

    Foreword Contributor

    Foreword

    Part I: Recon/Assessment

    Chapter 1: The Targets—What I Want to Be When I Grow Up (or at Least Get Older)

    Introduction

    Understanding INFOSEC

    Employment Opportunities

    Defining the Jobs

    Bringing Together the Skills

    Advanced Skills

    So Where Do I Match Up?

    Checklist

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 2: Reconnaissance: Social Engineering for Profit

    Introduction

    Narrowing Your Choices

    Digging for Information

    Researching for Rewards

    Making Contact

    Checklist

    Summary

    Solutions Fast Track

    Links to Sites

    Mailing Lists

    Frequently Asked Questions

    Chapter 3: Enumerate: Determine What’s Out There

    Introduction

    What Should I Do First?

    Is Education Important?

    Certifications: Magic or Myth?

    Getting Your Name Out There

    Understanding Opportunities and Gaining Experience

    Security Clearances

    Summary

    Solutions Fast Track

    Links to Sites

    Mailing Lists

    Frequently Asked Questions

    Chapter 4: First Strike: Basic Tactics for Successful Exploitation

    Part II: Technical Skills

    Chapter 5: The Laws of Security

    Introduction

    Knowing the Laws of Security

    Client-Side Security Doesn’t Work

    You Cannot Securely Exchange Encryption Keys without a Shared Piece of Information

    Malicious Code Cannot Be 100 Percent Protected against

    Any Malicious Code Can Be Completely Morphed to Bypass Signature Detection

    Firewalls Cannot Protect You 100 Percent from Attack

    Any IDS Can Be Evaded

    Secret Cryptographic Algorithms Are Not Secure

    If a Key Is Not Required, You Do Not Have Encryption—You Have Encoding

    Passwords Cannot Be Securely Stored on the Client Unless There Is Another Password to Protect Them

    In Order for a System to Begin to Be Considered Secure, It Must Undergo an Independent Security Audit

    Security through Obscurity Does Not Work

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Chapter 6: No Place Like/home—Creating an Attack Lab

    Chapter 7: Vulnerability Disclosure

    Introduction

    Vulnerability Disclosure and Cyber Adversaries

    “Free For All”: Full Disclosure

    Unfixed Vulnerability Attack Capability and Attack Inhibition Considerations

    Probability of Success Given an Attempt

    Probability of Detection Given an Attempt

    “Symmetric” Full Disclosure

    Responsible Restricted “Need to Know” Disclosure

    Responsible, Partial Disclosure and Attack Inhibition Considerations

    “Responsible” Full Disclosure

    Responsible, Full Disclosure Capability and Attack Inhibition Considerations

    Security Firm “Value Added” Disclosure Model

    Value-Add Disclosure Model Capability and Attack Inhibition Considerations

    Non-Disclosure

    The Vulnerability Disclosure Pyramid Metric

    Pyramid Metric Capability and Attack Inhibition

    Pyramid Metric and Capability—A Composite Picture Pyramid

    Comparison of Mean Inhibitor Object Element Values

    The Disclosure Food Chain

    Summary

    Frequently Asked Questions

    Chapter 8: Classes of Attack

    Introduction

    Identifying and Understanding the Classes of Attack

    Identifying Methods of Testing for Vulnerabilities

    Standard Research Techniques

    Summary

    Solutions Fast Track

    Frequently Asked Questions

    Part III: On the Job

    Chapter 9: Don’t Trip the Sensors: Integrate and Imitate

    Introduction

    Hacking the System

    Hacking the Network

    Escalating Your Privileges

    Managing Your Time

    Checklist

    Summary

    Solutions Fast Track

    Links to Sites

    Mailing Lists

    Frequently Asked Questions

    Chapter 10: Vulnerability Remediation—Work Within the System

    Introduction

    Giving Back to the (Local) Community

    Contributing to the INFOSEC Community

    Upgrading Your Skills

    Upgrading Your Workplace

    Checklist

    Summary

    Solutions Fast Track

    Links to Sites

    Frequently Asked Questions

    Chapter 11: Incident Response – Putting Out Fires Without Getting Burned

    Amanda

    Chapter 12: Rooting: Show Me the Money!

    Introduction

    Building Jumpstart InfoSec Services

    Managing Hackers

    Planning, Expanding, and Dominating

    Summary

    Solutions Fast Track

    Links to Sites

    Frequently Asked Questions

    Index

Product details

  • No. of pages: 448
  • Language: English
  • Copyright: © Syngress 2005
  • Published: June 2, 2005
  • Imprint: Syngress
  • eBook ISBN: 9780080489032

About the Authors

Chris Hurley

Chris Hurley is a Senior Penetration Tester in the Washington, DC area. He has more than 10 years of experience performing penetration testing, vulnerability assessments, and general INFOSEC grunt work. He is the founder of the WorldWide WarDrive, a four-year project to assess the security posture of wireless networks deployed throughout the world. Chris was also the original organizer of the DEF CON WarDriving contest. He is the lead author of WarDriving: Drive, Detect, Defend (Syngress Publishing, ISBN: 19318360305). He has contributed to several other Syngress publications, including Penetration Tester's Open Source Toolkit (ISBN: 1-5974490210), Stealing the Network: How to Own an Identity (ISBN: 1597490067), InfoSec Career Hacking (ISBN: 1597490113), and OS X for Hackers at Heart (ISBN: 1597490407). He has a BS from Angelo State University in Computer Science and a whole bunch of certifications to make himself feel important.

Affiliations and Expertise

Senior Penetration Tester, Washington, DC, USA

Johnny Long

Johnny Long is a Christian by grace, a professional hacker by trade, a pirate by blood, a ninja in training, a security researcher and author. He can be found lurking at his website (http://johnny.ihackstuff.com). He is the founder of Hackers For Charity(http://ihackcharities.org), an organization that provides hackers with job experience while leveraging their skills for charities that need those skills.

Affiliations and Expertise

Security Researcher, Founder of Hackers For Charity

Aaron Bayles

Ed Brindley

Ratings and Reviews

Write a review

There are currently no reviews for "InfoSec Career Hacking: Sell Your Skillz, Not Your Soul"