Cover image for 97 Things Every Information Security Professional Should Know

97 Things Every Information Security Professional Should Know

Release Date: 2021/09/01
ISBN: 9781098101381
Topic:
0%
51
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Whether you're searching for new or additional opportunities, information security can be vast and overwhelming. In this practical guide, author Christina Morillo introduces technical knowledge from a diverse range of experts in the infosec field. Through 97 concise and useful tips, you'll learn how to expand your skills and solve common issues by working through everyday security problems.

You'll also receive valuable guidance from professionals on how to navigate your career within this industry. How do you get buy-in from the C-suite for your security program? How do you establish an incident and disaster response plan? This practical book takes you through actionable advice on a wide variety of infosec topics, including thought-provoking questions that drive the direction of the field.

  • Continuously Learn to Protect Tomorrow's Technology--Alyssa Columbus
  • Fight in Cyber Like the Military Fights in the Physical--Andrew Harris
  • Keep People at the Center of Your Work--Camille Stewart
  • Infosec Professionals Need to Know Operational Resilience--Ann Johnson
  • Taking Control of Your Own Journey--Antoine Middleton
  • Security, Privacy, and Messy Data Webs: Taking Back Control in Third-Party Environments--Ben Brook
  • Every Information Security Problem Boils Down to One Thing--Ben Smith
  • Focus on the WHAT and the Why First, Not the Tool--Christina Morillo

Table of Contents

  1. Preface
    1. O’Reilly Online Learning
    2. How to Contact Us
  2. 1. Continuously Learn to Protect Tomorrow’s Technology
  3. 2. Fight in Cyber like the Military Fights in the Physical
  4. 3. Three Major Planes
  5. 4. InfoSec Professionals Need to Know Operational Resilience
  6. 5. Taking Control of Your Own Journey
  7. 6. Security, Privacy, and Messy Data Webs: Taking Back Control in Third-Party Environments
  8. 7. Every Information Security Problem Boils Down to One Thing
  9. 8. And in This Corner, It’s Security Versus the Business!
  10. 9. Don’t Overlook Prior Art from Other Industries
  11. 10. Powerful Metrics Always Lose to Poor Communication
  12. 11. “No” May Not Be a Strategic Word
  13. 12. Keep People at the Center of Your Work
  14. 13. Take a Beat: Thinking like a Firefighter for Better Incident Response
  15. 14. A Diverse Path to Better Security Professionals
  16. 15. It’s Not About the Tools
  17. 16. Four Things to Know About Cybersecurity
  18. 17. Vetting Resources and Having Patience When Learning Information Security Topics: It Matters!
  19. 18. Focus on the What and the Why First—Not the Tool
  20. 19. Insiders Don’t Care for Controls
  21. 20. Identity and Access Management: The Value of User Experience
  22. 21. Lessons from Cross-Training in Law
  23. 22. Ransomware
  24. 23. The Key to Success in Your Cloud Journey Begins with the Shared Responsibility Model
  25. 24. Why InfoSec Practitioners Need to Know About Agile and DevOps
  26. 25. The Business Is Always Right
  27. 26. Why Choose Linux as Your Secure Operating System?
  28. 27. New World, New Rules, Same Principles
  29. 28. Data Protection: Impact on Software Development
  30. 29. An Introduction to Security in the Cloud
  31. 30. Knowing Normal
  32. 31. All Signs Point to a Schism in Cybersecurity
  33. 32. DevSecOps Is Evolving to Drive a Risk-Based Digital Transformation
  34. 33. Availability Is a Security Concern Too
  35. 34. Security Is People
  36. 35. Penetration Testing: Why Can’t It Be Like the Movies?!
  37. 36. How Many Ingredients Does It Take to Make an Information Security Professional?
  38. 37. Understanding Open Source Licensing and Security
  39. 38. Planning for Incident Response Customer Notifications
  40. 39. Managing Security Alert Fatigue
  41. 40. Take Advantage of NIST’s Resources
  42. 41. Apply Agile SDLC Methodology to Your Career
  43. 42. Failing Spectacularly
  44. 43. The Solid Impact of Soft Skills
  45. 44. What Is Good Cyber Hygiene Within Information Security?
  46. 45. Phishing
  47. 46. Building a New Security Program
  48. 47. Using Isolation Zones to Increase Cloud Security
  49. 48. If It’s Remembered for You, Forensics Can Uncover It
  50. 49. Certifications Considered Harmful
  51. 50. Security Considerations for IoT Device Management
  52. 51. Lessons Learned: Cybersecurity Road Trip
  53. 52. Finding Your Voice
  54. 53. Best Practices with Vulnerability Management
  55. 54. Social Engineering
  56. 55. Stalkerware: When Malware and Domestic Abuse Coincide
  57. 56. Understanding and Exploring Risk
  58. 57. The Psychology of Incident Response
  59. 58. Priorities and Ethics/Morality
  60. 59. DevSecOps: Continuous Security Has Come to Stay
  61. 60. Cloud Security: A 5,000 Mile View from the Top
  62. 61. Balancing the Risk and Productivity of Browser Extensions
  63. 62. Technical Project Ideas Towards Learning Web Application Security
  64. 63. Monitoring: You Can’t Defend Against What You Don’t See
  65. 64. Documentation Matters
  66. 65. The Dirty Truth Behind Breaking into Cybersecurity
  67. 66. Cloud Security
  68. 67. Empathy and Change
  69. 68. Information Security Ever After
  70. 69. Don’t Check It In!
  71. 70. Threat Modeling for SIEM Alerts
  72. 71. Security Incident Response and Career Longevity
  73. 72. Incident Management
  74. 73. Structure over Chaos
  75. 74. CWE Top 25 Most Dangerous Software Weaknesses
  76. 75. Threat Hunting Based on Machine Learning
  77. 76. Get In Where You Fit In
  78. 77. Look Inside and See What Can Be
  79. 78. DevOps for InfoSec Professionals
  80. 79. Get Familiar with R&R (Risk and Resilience)
  81. 80. Password Management
  82. 81. Let’s Go Phishing
  83. 82. Vulnerability Management
  84. 83. Reduce Insider Risk Through Employee Empowerment
  85. 84. Fitting Certifications into Your Career Path
  86. 85. Phishing Reporting Is the Best Detection
  87. 86. Know Your Data
  88. 87. Don’t Let the Cybersecurity Talent Shortage Leave Your Firm Vulnerable
  89. 88. Comfortable Versus Confident
  90. 89. Some Thoughts on PKI
  91. 90. What Is a Security Champion?
  92. 91. Risk Management in Information Security
  93. 92. Risk, 2FA, MFA, It’s All Just Authentication! Isn’t It?...
  94. 93. Things I Wish I Knew Before Getting into Cybersecurity
  95. 94. Research Is Not Just for Paper Writing
  96. 95. The Security Practitioner
  97. 96. Threat Intelligence in Two Steps
  98. 97. Maintaining Compliance and Information Security with Blue Team Assistance
  99. Contributors
  100. Index
3.137.170.183