InfoSec Career Hacking: Sell Your Skillz, Not Your Soul - 1st Edition - ISBN: 9781597490115, 9780080489032

InfoSec Career Hacking: Sell Your Skillz, Not Your Soul

1st Edition

Authors: Chris Hurley Johnny Long Aaron Bayles Ed Brindley
eBook ISBN: 9780080489032
Paperback ISBN: 9781597490115
Imprint: Syngress
Published Date: 2nd June 2005
Page Count: 448
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST
× DRM-Free

Easy - Download and start reading immediately. There’s no activation process to access eBooks; all eBooks are fully searchable, and enabled for copying, pasting, and printing.

Flexible - Read on multiple operating systems and devices. Easily read eBooks on smart phones, computers, or any eBook readers, including Kindle.

Open - Buy once, receive and download all available eBook formats, including PDF, EPUB, and Mobi (for Kindle).

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


“InfoSec Career Hacking” starts out by describing the many, different InfoSec careers available including Security Engineer, Security Analyst, Penetration Tester, Auditor, Security Administrator, Programmer, and Security Program Manager. The particular skills required by each of these jobs will be described in detail, allowing the reader to identify the most appropriate career choice for them.

Next, the book describes how the reader can build his own test laboratory to further enhance his existing skills and begin to learn new skills and techniques. The authors also provide keen insight on how to develop the requisite soft skills to migrate form the hacker to corporate world.

Key Features

  • The InfoSec job market will experience explosive growth over the next five years, and many candidates for these positions will come from thriving, hacker communities

  • Teaches these hackers how to build their own test networks to develop their skills to appeal to corporations and government agencies

  • Provides specific instructions for developing time, management, and personal skills to build a successful InfoSec career

Table of Contents


Author Dedication

Lead Author and Technical Editor

Contributing Authors

Technical Reviewer

Foreword Contributor


Part I: Recon/Assessment

Chapter 1: The Targets—What I Want to Be When I Grow Up (or at Least Get Older)


Understanding INFOSEC

Employment Opportunities

Defining the Jobs

Bringing Together the Skills

Advanced Skills

So Where Do I Match Up?



Solutions Fast Track

Frequently Asked Questions

Chapter 2: Reconnaissance: Social Engineering for Profit


Narrowing Your Choices

Digging for Information

Researching for Rewards

Making Contact



Solutions Fast Track

Links to Sites

Mailing Lists

Frequently Asked Questions

Chapter 3: Enumerate: Determine What’s Out There


What Should I Do First?

Is Education Important?

Certifications: Magic or Myth?

Getting Your Name Out There

Understanding Opportunities and Gaining Experience

Security Clearances


Solutions Fast Track

Links to Sites

Mailing Lists

Frequently Asked Questions

Chapter 4: First Strike: Basic Tactics for Successful Exploitation

Part II: Technical Skills

Chapter 5: The Laws of Security


Knowing the Laws of Security

Client-Side Security Doesn’t Work

You Cannot Securely Exchange Encryption Keys without a Shared Piece of Information

Malicious Code Cannot Be 100 Percent Protected against

Any Malicious Code Can Be Completely Morphed to Bypass Signature Detection

Firewalls Cannot Protect You 100 Percent from Attack

Any IDS Can Be Evaded

Secret Cryptographic Algorithms Are Not Secure

If a Key Is Not Required, You Do Not Have Encryption—You Have Encoding

Passwords Cannot Be Securely Stored on the Client Unless There Is Another Password to Protect Them

In Order for a System to Begin to Be Considered Secure, It Must Undergo an Independent Security Audit

Security through Obscurity Does Not Work


Solutions Fast Track

Frequently Asked Questions

Chapter 6: No Place Like/home—Creating an Attack Lab

Chapter 7: Vulnerability Disclosure


Vulnerability Disclosure and Cyber Adversaries

“Free For All”: Full Disclosure

Unfixed Vulnerability Attack Capability and Attack Inhibition Considerations

Probability of Success Given an Attempt

Probability of Detection Given an Attempt

“Symmetric” Full Disclosure

Responsible Restricted “Need to Know” Disclosure

Responsible, Partial Disclosure and Attack Inhibition Considerations

“Responsible” Full Disclosure

Responsible, Full Disclosure Capability and Attack Inhibition Considerations

Security Firm “Value Added” Disclosure Model

Value-Add Disclosure Model Capability and Attack Inhibition Considerations


The Vulnerability Disclosure Pyramid Metric

Pyramid Metric Capability and Attack Inhibition

Pyramid Metric and Capability—A Composite Picture Pyramid

Comparison of Mean Inhibitor Object Element Values

The Disclosure Food Chain


Frequently Asked Questions

Chapter 8: Classes of Attack


Identifying and Understanding the Classes of Attack

Identifying Methods of Testing for Vulnerabilities

Standard Research Techniques


Solutions Fast Track

Frequently Asked Questions

Part III: On the Job

Chapter 9: Don’t Trip the Sensors: Integrate and Imitate


Hacking the System

Hacking the Network

Escalating Your Privileges

Managing Your Time



Solutions Fast Track

Links to Sites

Mailing Lists

Frequently Asked Questions

Chapter 10: Vulnerability Remediation—Work Within the System


Giving Back to the (Local) Community

Contributing to the INFOSEC Community

Upgrading Your Skills

Upgrading Your Workplace



Solutions Fast Track

Links to Sites

Frequently Asked Questions

Chapter 11: Incident Response – Putting Out Fires Without Getting Burned


Chapter 12: Rooting: Show Me the Money!


Building Jumpstart InfoSec Services

Managing Hackers

Planning, Expanding, and Dominating


Solutions Fast Track

Links to Sites

Frequently Asked Questions



No. of pages:
© Syngress 2005
eBook ISBN:
Paperback ISBN:

About the Author

Chris Hurley

Chris Hurley is a Senior Penetration Tester in the Washington, DC area. He has more than 10 years of experience performing penetration testing, vulnerability assessments, and general INFOSEC grunt work. He is the founder of the WorldWide WarDrive, a four-year project to assess the security posture of wireless networks deployed throughout the world. Chris was also the original organizer of the DEF CON WarDriving contest. He is the lead author of WarDriving: Drive, Detect, Defend (Syngress Publishing, ISBN: 19318360305). He has contributed to several other Syngress publications, including Penetration Tester's Open Source Toolkit (ISBN: 1-5974490210), Stealing the Network: How to Own an Identity (ISBN: 1597490067), InfoSec Career Hacking (ISBN: 1597490113), and OS X for Hackers at Heart (ISBN: 1597490407). He has a BS from Angelo State University in Computer Science and a whole bunch of certifications to make himself feel important.

Affiliations and Expertise

Senior Penetration Tester, Washington, DC, USA

Johnny Long

Johnny Long is a Christian by grace, a professional hacker by trade, a pirate by blood, a ninja in training, a security researcher and author. He can be found lurking at his website ( He is the founder of Hackers For Charity(, an organization that provides hackers with job experience while leveraging their skills for charities that need those skills.

Affiliations and Expertise

Security Researcher

Aaron Bayles

Ed Brindley

Ratings and Reviews