Whether you're searching for new or additional opportunities, information security can be vast and overwhelming. In this practical guide, author Christina Morillo introduces technical knowledge from a diverse range of experts in the infosec field. Through 97 concise and useful tips, you'll learn how to expand your skills and solve common issues by working through everyday security problems.
You'll also receive valuable guidance from professionals on how to navigate your career within this industry. How do you get buy-in from the C-suite for your security program? How do you establish an incident and disaster response plan? This practical book takes you through actionable advice on a wide variety of infosec topics, including thought-provoking questions that drive the direction of the field.
• Continuously Learn to Protect Tomorrow's Technology - Alyssa Columbus
• Fight in Cyber Like the Military Fights in the Physical - Andrew Harris
• Keep People at the Center of Your Work - Camille Stewart
• Infosec Professionals Need to Know Operational Resilience - Ann Johnson
• Taking Control of Your Own Journey - Antoine Middleton
• Security, Privacy, and Messy Data Webs: Taking Back Control in Third-Party Environments - Ben Brook
• Every Information Security Problem Boils Down to One Thing - Ben Smith
• Focus on the WHAT and the Why First, Not the Tool - Christina Morillo
Author(s): Christina Morillo
Edition: 1
Publisher: O'Reilly Media
Year: 2021
Language: English
Commentary: Vector PDF
Pages: 266
City: Sebastopol, CA
Tags: DevOps;Linux;Cloud Computing;Security;Ethics;Psychology;Cybersecurity;Information Security;Penetration Testing;Internet of Things;Business;Privacy;Monitoring;Continual Learning;Best Practices;Risk Management;Empathy;Agile;Documentation;Incident Response;Social Engineering;Access Management;Communication;Identity Management;Phishing;Threat Models;Vulnerability Management;Soft Skills;Password Management;Forensics;Blue Team;Data Protection;Metrics;Certification;Ransomware;Stalkerware
Copyright
Table of Contents
Preface
O’Reilly Online Learning
How to Contact Us
Chapter 1. Continuously Learn to Protect Tomorrow’s Technology
Alyssa Columbus
Chapter 2. Fight in Cyber like the Military Fights in the Physical
Andrew Harris
The OODA Loop
Containment Helps to Prevent and Inform
Chapter 3. Three Major Planes
Andrew Harris
Not Focusing on Where the Planes Meet
Identity Versus Privileges
Not Applying Hypothetical Syllogism
Wrapping It Up
Chapter 4. InfoSec Professionals Need to Know Operational Resilience
Ann Johnson
Chapter 5. Taking Control of Your Own Journey
Antoine Middleton
Chapter 6. Security, Privacy, and Messy Data Webs: Taking Back Control in Third-Party Environments
Ben Brook
Establish Technical Visibility
Exercise Technical Stewardship
Chapter 7. Every Information Security Problem Boils Down to One Thing
Ben Smith
Chapter 8. And in This Corner, It’s Security Versus the Business!
Ben Smith
Chapter 9. Don’t Overlook Prior Art from Other Industries
Ben Smith
Chapter 10. Powerful Metrics Always Lose to Poor Communication
Ben Smith
Chapter 11. “No” May Not Be a Strategic Word
Brian Gibbs
Chapter 12. Keep People at the Center of Your Work
Camille Stewart
Chapter 13. Take a Beat: Thinking Like a Firefighter for Better Incident Response
Catherine J. Ullman
Chapter 14. A Diverse Path to Better Security Professionals
Catherine J. Ullman
Chapter 15. It’s Not About the Tools
Chase Pettet
Chapter 16. Four Things to Know About Cybersecurity
Chloé Messdaghi
Hackers Are Not Attackers
Vulnerability Disclosure Policies Strengthen Defenses
Burnout Is a Real Risk
Upskilling: Professional Growth
Chapter 17. Vetting Resources and Having Patience when Learning Information Security Topics
Christina Lang
Chapter 18. Focus on the What and the Why First, Not the Tool
Christina Morillo
“If All You Have Is a Hammer, Everything Looks like a Nail"
Understanding the Problem
Understanding Current Processes
You Cannot Solve for What You Do Not Understand
Chapter 19. Insiders Don’t Care for Controls
Damian Finol
Chapter 20. Identity and Access Management: The Value of User Experience
Dane Bamburry
Chapter 21. Lessons from Cross-Training in Law
Danny Moules
Chapter 22. Ransomware
David McKenzie
History
Types of Ransomware
Large-Scale Attacks
Should You Pay?
Chapter 23. The Key to Success in Your Cloud Journey Begins with the Shared Responsibility Model
Dominique West
What Is This Framework and Why Should It Apply?
How to Put This Framework into Action
Chapter 24. Why InfoSec Practitioners Need to Know About Agile and DevOps
Fernando Ike
Chapter 25. The Business Is Always Right
Frank McGovern
Chapter 26. Why Choose Linux as Your Secure Operating System?
Gleydson Mazioli da Silva
Chapter 27. New World, New Rules, Same Principles
Guillaume Blaquiere
Chapter 28. Data Protection: Impact on Software Development
Guy Lépine
Secure Development
Data Protection
Data at rest
Data in transit
Data in use
Ethical Data Access
Chapter 29. An Introduction to Security in the Cloud
Gwyneth Peña-Siguenza
Chapter 30. Knowing Normal
Gyle dela Cruz
Chapter 31. All Signs Point to a Schism in Cybersecurity
Ian Barwise
Attackers Have Always Had the Advantage
Chapter 32. DevSecOps Is Evolving to Drive a Risk-Based Digital Transformation
Idan Plotnik
Code Security Is Becoming “Security”
Shifting from Vulnerabilities to Risky Code Changes
Code Risk Is Multidimensional
DevSecOps Is Evolving
Chapter 33. Availability Is a Security Concern Too
Jam Leomi
Chapter 34. Security Is People
James Bore
Chapter 35. Penetration Testing: Why Can’t It Be Like the Movies?!
Jasmine M. Jackson
Chapter 36. How Many Ingredients Does It Take to Make an Information Security Professional?
Jasmine M. Jackson
Chapter 37. Understanding Open Source Licensing and Security
Jeff Luszcz
Chapter 38. Planning for Incident Response Customer Notifications
JR Aquino
Chapter 39. Managing Security Alert Fatigue
Julie Agnes Sparks
Chapter 40. Take Advantage of NIST’s Resources
Karen Scarfone
Chapter 41. Apply Agile SDLC Methodology to Your Career
Keirsten Brager
Secure Your Identity and Assets
Look for Unconventional Paths
Chapter 42. Failing Spectacularly
Kelly Shortridge
Chapter 43. The Solid Impact of Soft Skills
Kim Z. Dale
Chapter 44. What Is Good Cyber Hygiene Within Information Security?
Lauren Zink
Chapter 45. Phishing
Lauren Zink
Chapter 46. Building a New Security Program
Lauren Zink
Chapter 47. Using Isolation Zones to Increase Cloud Security
Lee Atchison
General Isolation Zone Architecture
Managing Communications Flow
Chapter 48. If It’s Remembered for You, Forensics Can Uncover It
Lodrina Cherne
Chapter 49. Certifications Considered Harmful
Louis Nyffenegger
Chapter 50. Security Considerations for IoT Device Management
Mansi Thakar
Chapter 51. Lessons Learned: Cybersecurity Road Trip
Mansi Thakar
Myth Versus Reality
Unleash Your Growth
Chapter 52. Finding Your Voice
Maresa Vermulst
Chapter 53. Best Practices with Vulnerability Management
Mari Galloway
Chapter 54. Social Engineering
Marina Ciavatta
Chapter 55. Stalkerware: When Malware and Domestic Abuse Coincide
Martijn Grooten
Chapter 56. Understanding and Exploring Risk
Dr. Meg Layton
Chapter 57. The Psychology of Incident Response
Melanie Ensign
Avoiding Panic
Anticipating Stakeholder Readiness
Teaching Stakeholders to Self-Regulate
Chapter 58. Priorities and Ethics/Morality
Michael Weber
Chapter 59. DevSecOps: Continuous Security Has Come to Stay
Michelle Ribeiro
Chapter 60. Cloud Security: A 5,000 Mile View from the Top
Michelle Taggart
Chapter 61. Balancing the Risk and Productivity of Browser Extensions
Mike Mackintosh
Chapter 62. Technical Project Ideas Towards Learning Web Application Security
Ming Chow
Build a Static Website Using HTML, CSS, JavaScript, and Amazon S3
Create a Blog Using WordPress
Build a Blog App Using a Web Application Framework
The Point of These Projects
Chapter 63. Monitoring: You Can’t Defend Against What You Don’t See
Mitch B. Parker
Chapter 64. Documentation Matters
Najla Lindsay
Chapter 65. The Dirty Truth Behind Breaking into Cybersecurity
Naomi Buckwalter
Chapter 66. Cloud Security
Nathan Chung
Chapter 67. Empathy and Change
Nick Gordon
Bringing Change
Mandates Only Work When Someone Is Watching
Write It Down
Chapter 68. Information Security Ever After
Nicole Dorsett
Chapter 69. Don’t Check It In!
Patrick Schiess
Chapter 70. Threat Modeling for SIEM Alerts
Phil Swaim
Chapter 71. Security Incident Response and Career Longevity
Priscilla Li
Chapter 72. Incident Management
Quiessence Phillips
Chapter 73. Structure over Chaos
Rob Newby
Chapter 74. CWE Top 25 Most Dangerous Software Weaknesses
Rushi Purohit
Chapter 75. Threat Hunting Based on Machine Learning
Saju Thomas Paul and Harshvardhan Parmar
Case Study
Chapter 76. Get In Where You Fit In
Sallie Newton
Chapter 77. Look Inside and See What Can Be
Sam Denard
Chapter 78. DevOps for InfoSec Professionals
Sasha Rosenbaum
Culture
Automation
Recommended Reading
Chapter 79. Get Familiar with R&R (Risk and Resilience)
Shinesa Cambric
Chapter 80. Password Management
Siggi Bjarnason
Chapter 81. Let’s Go Phishing
Siggi Bjarnason
Chapter 82. Vulnerability Management
Siggi Bjarnason
Chapter 83. Reduce Insider Risk Through Employee Empowerment
Stacey Champagne
Chapter 84. Fitting Certifications into Your Career Path
Steven Becker
Chapter 85. Phishing Reporting Is the Best Detection
Steven Becker
Chapter 86. Know Your Data
Steve Taylor
Known Knowns
Known Unknowns
Unknown Unknowns
Chapter 87. Don’t Let the Cybersecurity Talent Shortage Leave Your Firm Vulnerable
Tim Maliyil
Chapter 88. Comfortable Versus Confident
Tkay Rice
Is Lack of Confidence the New Imposter Syndrome?
Using Offensive/Sensitive Terms
Top Three Strategies for Displaying Confidence
Chapter 89. Some Thoughts on PKI
Tarah Wheeler
Chapter 90. What Is a Security Champion?
Travis F. Felder
What Is a Security Champion?
Why Does Your Company Need Security Champions?
What Do Security Champions Do?
How to Create a Security Champions Program?
Chapter 91. Risk Management in Information Security
Trevor Bryant
Chapter 92. Risk, 2FA, MFA, It’s All Just Authentication! Isn’t It?
Unique Glover
Chapter 93. Things I Wish I Knew Before Getting into Cybersecurity
Valentina Palacin
Chapter 94. Research Is Not Just for Paper Writing
Vanessa Redman
Chapter 95. The Security Practitioner
Wayne A. Howell Jr.
Chapter 96. Threat Intelligence in Two Steps
Xena Olsen
Step One: Understand Your Role
Step Two: Solve Someone Else’s Problem
Chapter 97. Maintaining Compliance and Information Security with Blue Team Assistance
Yasmin Schlegel
Contributors
Alyssa Columbus
Andrew Harris
Ann Johnson
Antoine Middleton
Ben Brook
Ben Smith
Brian Gibbs
Camille Stewart
Catherine J. Ullman
Chase Pettet
Chloé Messdaghi
Christina Lang
Christina Morillo (Author/Editor of This Book)
Damian Finol
Dane Bamburry
Danny Moules
David McKenzie
Dominique West
Fernando Ike
Frank McGovern
Gleydson Mazioli da Silva
Guillaume Blaquiere
Guy Lépine
Gwyneth Peña-Siguenza
Gyle dela Cruz
Harshvardhan Parmar
Ian Barwise
Idan Plotnik
Jam Leomi
James Bore
Jasmine M. Jackson
Jeff Luszcz
JR Aquino
Julie Agnes Sparks
Karen Scarfone
Keirsten Brager
Kelly Shortridge
Kim Z. Dale
Lauren Zink
Lee Atchison
Lodrina Cherne
Louis Nyffenegger
Mansi Thakar
Maresa Vermulst
Mari Galloway
Marina Ciavatta
Martijn Grooten
Dr. Meg Layton
Melanie Ensign
Michael Weber
Michelle Ribeiro
Michelle Taggart
Mike Mackintosh
Ming Chow
Mitchell Parker
Najla Lindsay
Naomi Buckwalter
Nathan Chung
Nick Gordon
Nicole Dorsett
Patrick Schiess
Phil Swaim
Priscilla Li
Quiessence Phillips
Rob Newby
Rushi Purohit
Saju Thomas Paul
Sallie Newton
Sam Denard
Sasha Rosenbaum
Shinesa Cambric
Siggi Bjarnason
Stacey Champagne
Steven Becker
Steve Taylor
Tarah Wheeler
Tim Maliyil
Tkay Rice
Travis F. Felder
Trevor Bryant
Unique Glover
Valentina Palacin
Vanessa Redman
Wayne A. Howell Jr.
Xena Olsen
Yasmin Schlegel
Index
About the Editor
Christina Morillo
