index

Numerics

1, 3, 5 plan 157 – 158

A

academic cybersecurity programs 84 – 88

advanced research programs 87 – 88

degree programs 85 – 87

accomplishments

acknowledging and celebrating 146 – 147

diminishing 141 – 142

advanced research programs 87 – 88

anonymity 31 – 32

application, software, and product security discipline 25

architect roles 37

ARPANET (Advanced Research Projects Agency Network) 4

assessment 82

assets 5

associate roles 37

ATSs (applicant tracking systems) 96

authentic self 56 – 58

B

backlogs 41

BBSs (bulletin board systems) 10

behavioral-based questions 112

burnout 149 – 151

business world 5 – 8

C

capabilities gap 72 – 93

academic cybersecurity programs 84 – 88

advanced research programs 87 – 88

degree programs – 87

less formal skills building 88 – 92

community meetups 92

CTFs (capture-the-flags), playgrounds, personal labs 90 – 91

industry conferences 88 – 90

webinars, podcasts, and live-stream events 91 – 92

security certifications 77 – 84

acquiring 83 – 84

CEH (Certified Ethical Hacker) 82 – 83

CISSP (Certified Information Systems Security Professional) 79 – 80

CompTIA Security+ 80 – 81

overview 78 – 79

capabilities inventory 69 – 71, 160 – 161

capture-the-flags (CTFs) 55, 90 – 91

career

anonymity, considerations 31 – 32

building career strategy 154 – 158

building 1, 3, 5 plan 157 – 158

identifying personal growth needs 156 – 157

long-term vision 155 – 156

disciplines of cybersecurity 18 – 29

application, software, and product security 25

DFIR (digital forensics and incident response) 20 – 21

education and awareness 26 – 27

governance and compliance 26

leaders and executives 28 – 29

sales and sales support 27 – 28

security architecture and design 21 – 22

security assessment and verification 22 – 24

security operations 19 – 20

diversity and 16

security professional characteristics 29 – 31

compulsive learning 30

idealism 30 – 31

infosec rockstar 31

inventors and creators 29 – 30

obsessively inquisitive 30

CASB (cloud access security broker) 98

CEH (Certified Ethical Hacker) 82 – 83

CERT (Computer Emergency Response Team) 5

CEUs (continuing education units) 81

CFP (call for papers) 89

CISA (Cybersecurity and Infrastructure Security Agency) 9, 24

CISO (chief information security officer) 28

CISSP (Certified Information Systems Security Professional) 79 – 80

cloud and cloud native technology 41 – 42

collaboration 47

colleagues 144 – 145

community meetups 92

comparisons 140 – 141

competition 142 – 143

CompTIA Security+ 80 – 81

core skills 65 – 67

creators 29 – 30

cryptography 42

CTFs (capture-the-flags) 55, 90 – 91

CTSS (Compatible Time-Sharing System) 4

curiosity 45

CVE (Common Vulnerabilities and Exposures) database 24

cybersecurity 3 – 32

anonymity, considerations of 31 – 32

defined 4 – 5

disciplines of 18 – 29

application, software, and product security 25

DFIR (digital forensics and incident response) 20 – 21

education and awareness 26 – 27

governance and compliance 26

leaders and executives 28 – 29

sales and sales support 27 – 28

security architecture and design 21 – 22

security assessment and verification 22 – 24

security operations 19 – 20

human diversity and 14 – 16

career path 16

cybersecurity diversity gap 15

importance of 16

industry 12 – 14

effects of digital transformation 13

human element 13 – 14

IoT (Internet of Things) 14

reasons for 12 – 13

role of 5 – 9

defending society 8 – 9

in business world 5 – 8

security professional characteristics 29 – 31

compulsive learning 30

idealism 30 – 31

infosec rockstar 31

inventors and creators 29 – 30

obsessively inquisitive 30

values of 10 – 12

do no harm 12

open information sharing 11

privacy and liberty 10 – 11

Cybersecurity and Infrastructure Security Agency (CISA) 9, 24

cybersecurity industry, use of term 12

cybersecurity teams 12

D

DEF CON Groups 122

degree programs 54 – 55, 85 – 87

DevOps culture 25

DevSecOps 25

DFIR (digital forensics and incident response) 20 – 21

digital forensics 21

digital transformation 13

directors 38

diversity 14 – 16

career path 16

gap in cybersecurity 15

importance of 16

lack of representation 141

do no harm code 12

DoS (denial-of-service) attacks 7

doxing 32

E

EC-Council (International Council of E-Commerce Consultants) 82 – 83

ECEs (EC-Council continuing education) 82

education and awareness discipline 26 – 27

elevator pitches 96

emotional intelligence 47 – 48

empathy 47 – 48

employment agreements 115

EMR (electronic medical record) systems 6

enthusiasm 125

entry-level roles 37

cybersecurity degree programs 54 – 55

finding path to security 55 – 56

ethical hacker 12, 22

executives 28 – 29, 39

experience 62 – 63

F

fonts 97

formatting resumes 96 – 97

G

gatekeeping 151 – 152

goals 143 – 144

governance and compliance discipline 26

GPEN (SANS GIAC Penetration Tester) 84

H

Hacker Summer Camp 11

handles 11

headers 97

hiring manager interview 110

honesty 124

honeymoon phase 150

HR screen 108 – 109

HTB (Hack The Box) 91

human element 13 – 14

hybrid working environments 106 – 107

I

ICSs (industrial control systems) 43 – 44

idealism 30 – 31

impostor syndrome 134 – 147

career progression and 136 – 137

causes of 138 – 142

comparison to others 140 – 141

diminishing accomplishments 141 – 142

industry expectations 139 – 140

lack of representation 141

perfectionism 138 – 139

defined 135 – 136

overcoming 142 – 147

acknowledging and celebrating achievements 146 – 147

avoiding competition 142 – 143

being resource to others 145 – 146

setting goals and defining success 143 – 144

turning to colleagues and peers 144 – 145

recognizing 137 – 138

industry 12 – 14

conferences 88 – 90

effects of digital transformation 13

expectations and impostor syndrome 139 – 140

groups and networking events 121 – 123

DEF CON Groups 122

ISACA 123

OWASP 122

human element 13 – 14

IoT (Internet of Things) 14

reasons for 12 – 13

infosec rockstar 31

inquisitiveness 30

International Information System Security Certification Consortium (ISC)2 15, 79 – 80

interviews 107 – 113

hiring manager interview 110

recruiter or HR screen 108 – 109

technical interview 111 – 113

inventors 29 – 30

IoT (Internet of Things) 14

IR (incident response) personnel 20

ISACA 123

(ISC)2 (International Information System Security Certification Consortium) 15, 79 – 80

IT (information technology), defined 5

J

jobs

interviews 107 – 113

hiring manager interview 110

recruiter or HR screen 108 – 109

technical interview 111 – 113

offers 113 – 115

considering with time 114

employment agreements 115

negotiating for something better 114 – 115

openings 101 – 107

finding right roles 103 – 104

job seekers vs. 34 – 36

matching requirements 104 – 105

office, remote, or hybrid working environments 106 – 107

using job search tools 101 – 102

K

key terms 97 – 100

adding variations 100

frequency of 99

inventory of 98 – 99

matching 99 – 100

knowledge 63

L

Layer 8 89

leaders 28 – 29

learning, compulsive 30

liabilities 5

liberty 10 – 11

live-stream events 91 – 92

long-term vision 155 – 156

M

managers 38

mentorship 124 – 129

expectations from 125 – 126

mentor expectations 127 – 128

number of mentors 129

qualities of mentor 124 – 125

relationship 129 – 132

building 132

ending 132

forms of 129

structure of 130 – 131

MTUs (master terminal units) 44

multitasking 48

N

negative soft skills 73

negotiating 114 – 115

network communications and administration 41

networking 119 – 133

building professional network 120 – 124

industry groups and networking events 121 – 123

making network productive 123 – 124

social media 120 – 121

mentorship 124 – 129

expectations from 125 – 126

mentor expectations 127 – 128

number of mentors 129

qualities of mentor 124 – 125

relationship 129 – 132

noncompete clauses 115

nonsolicitation clauses 115

O

objectives 61

offensive security 40

offers, jobs 113 – 115

considering with time 114

employment agreements 115

negotiating for something better 114 – 115

office working environments 106 – 107

open information sharing 11

operations teams 7

organizational skills 48

OSINT (open source intelligence) 22 – 23

OWASP (Open Web Application Security Project) 122

P

passion 45, 58 – 60

peers 144 – 145

penetration testing 23

perfectionism 138 – 139

personal growth needs 156 – 157

personal labs 90 – 91

personal objective 60 – 62

phishing 43

physical penetration testers 43

physical security 23, 43

pivoting 72, 149, 158 – 161

capabilities inventory 160 – 161

recognize when change is needed 159 – 160

taking risks 161

playgrounds 90 – 91

PLCs (programmable logic controllers) 44

podcasts 91 – 92

positive soft skills 74

presentation skills 49

privacy 10 – 11

problem-solving 46 – 47

product security 25

professional network 120 – 124

industry groups and networking events 121 – 123

DEF CON Groups 122

ISACA 123

OWASP 122

making network productive 123 – 124

social media 120 – 121

programming 40 – 41

proofreading 100

purple teaming 23

pushing left 40

R

radio communications 44 – 45

ransomware attacks 8

recruiter screen 108 – 109

red teaming 23, 40

remote terminal units (RTUs) 44

remote working environments 106 – 107

research skills 45 – 46

resumes 95 – 100

formatting 96 – 97

key terms 97 – 100

adding variations 100

frequency of 99

inventory of 98 – 99

matching 99 – 100

multiple versions of 95 – 96

proofreading 100

risks 161

role progression 36 – 39

architect roles 37

entry-level roles 37

executive leadership 39

impostor syndrome and 136 – 137

security leadership 38

senior roles 37

RTUs (remote terminal units) 44

S

sales and sales support 27 – 28

SANS GIAC Penetration Tester (GPEN) 84

SCADA (supervisory control and data acquisition) 44

SDLC (software development life cycle) 25

section headings 97

security architect roles 37

security architecture and design discipline 21 – 22

security assessment and verification discipline 22 – 24

security certifications 77 – 84

acquiring 83 – 84

CEH 82 – 83

CISSP 79 – 80

CompTIA Security+ 80 – 81

overview 78 – 79

security leadership 38

security operations discipline 19 – 20

security operations teams 7

self-analysis 53 – 74

connect oneself 71 – 74

choosing focus discipline 71 – 72

identifying gaps and challenges 72 – 74

entry-level challenge 54 – 56

cybersecurity degree programs 54 – 55

finding path to security 55 – 56

know oneself 56 – 62

developing personal objective 60 – 62

finding passion 58 – 60

identifying authentic self 56 – 58

own oneself 62 – 71

capabilities inventory 69 – 71

core skills 65 – 67

soft skills 67 – 69

technical capabilities 63 – 64

senior-level positions 37

senior managers 38

senior roles 37

SIEM (security incident and event management) 21

skills 33 – 49

job seekers vs. job openings 34 – 36

role progression 36 – 39

architect roles 37

entry-level roles 37

executive leadership 39

security leadership 38

senior roles 37

soft skills 45 – 49

collaboration 47

empathy/emotional intelligence 47 – 48

multitasking and organizational skills 48

problem-solving 46 – 47

research skills 45 – 46

speaking and presentation skills 49

writing skills 48 – 49

technical skills 39 – 45

cloud and cloud native technology 41 – 42

cryptography 42

ICSs (industrial control systems) 43 – 44

network communications and administration 41

physical security 43

radio communications 44 – 45

social engineering 42 – 43

software development/programming 40 – 41

smart devices 14

social engineering 23, 42 – 43

social media 120 – 121

society 8 – 9

SOC (security operations center) 19

soft skills 45 – 49

collaboration 47

empathy/emotional intelligence 47 – 48

multitasking and organizational skills 48

problem-solving 46 – 47

research skills 45 – 46

self-assessing 67 – 69

speaking and presentation skills 49

writing skills 48 – 49

software development 40 – 41

software development life cycle (SDLC) 25

software security 25

speaking skills 49

sprints 41

stagnation 152 – 153

STAR method 112

success 143 – 144, 148 – 162

building career strategy 154 – 158

building 1, 3, 5 plan 157 – 158

identifying personal growth needs 156 – 157

long-term vision 155 – 156

overcoming challenges 149 – 153

burnout 149 – 151

gatekeeping 151 – 152

stagnation 152 – 153

pivoting 158 – 161

capabilities inventory 160 – 161

recognize when change is needed 159 – 160

taking risks 161

supervisory control and data acquisition (SCADA) 44

T

team leads 38

technical interview 111 – 113

technical skills 39 – 45

cloud and cloud native technology 41 – 42

cryptography 42

ICSs (industrial control systems) 43 – 44

network communications and administration 41

physical security 43

radio communications 44 – 45

self-assessing 63 – 64

social engineering 42 – 43

software development/programming 40 – 41

training 82

U

user stories 41

V

values 10 – 12

do no harm 12

open information sharing 11

privacy and liberty 10 – 11

villages 88

virtualization 91

vishing 43

vision 154

vulnerability management 24, 99

vulnerability scanning 23

W

webinars 91 – 92

writing skills 48 – 49

Z

zero-days 143