97 Things Every Information Security Professional Should Know: Practical and Approachable Advice from the Experts
- Length: 250 pages
- Edition: 1
- Language: English
- Publisher: O'Reilly Media
- Publication Date: 2021-10-19
- ISBN-10: 1098101391
- ISBN-13: 9781098101398
- Sales Rank: #299675 (See Top 100 Books)
Whether you’re searching for new or additional opportunities, information security can be vast and overwhelming. In this practical guide, author Christina Morillo introduces technical knowledge from a diverse range of experts in the infosec field. Through 97 concise and useful tips, you’ll learn how to expand your skills and solve common issues by working through everyday security problems.
You’ll also receive valuable guidance from professionals on how to navigate your career within this industry. How do you get buy-in from the C-suite for your security program? How do you establish an incident and disaster response plan? This practical book takes you through actionable advice on a wide variety of infosec topics, including thought-provoking questions that drive the direction of the field.
- Continuously Learn to Protect Tomorrow’s Technology–Alyssa Columbus
- Fight in Cyber Like the Military Fights in the Physical–Andrew Harris
- Keep People at the Center of Your Work–Camille Stewart
- Infosec Professionals Need to Know Operational Resilience–Ann Johnson
- Taking Control of Your Own Journey–Antoine Middleton
- Security, Privacy, and Messy Data Webs: Taking Back Control in Third-Party Environments–Ben Brook
- Every Information Security Problem Boils Down to One Thing–Ben Smith
- Focus on the WHAT and the Why First, Not the Tool–Christina Morillo
Preface O’Reilly Online Learning How to Contact Us 1. Continuously Learn to Protect Tomorrow’s Technology Alyssa Columbus 2. Fight in Cyber like the Military Fights in the Physical Andrew Harris 3. Three Major Planes Andrew Harris 4. InfoSec Professionals Need to Know Operational Resilience Ann Johnson 5. Taking Control of Your Own Journey Antoine Middleton 6. Security, Privacy, and Messy Data Webs: Taking Back Control in Third-Party Environments Ben Brook 7. Every Information Security Problem Boils Down to One Thing Ben Smith 8. And in This Corner, It’s Security Versus the Business! Ben Smith 9. Don’t Overlook Prior Art from Other Industries Ben Smith 10. Powerful Metrics Always Lose to Poor Communication Ben Smith 11. “No” May Not Be a Strategic Word Brian Gibbs 12. Keep People at the Center of Your Work Camille Stewart 13. Take a Beat: Thinking Like a Firefighter for Better Incident Response Catherine J. Ullman 14. A Diverse Path to Better Security Professionals Catherine J. Ullman 15. It’s Not About the Tools Chase Pettet 16. Four Things to Know About Cybersecurity Chloé Messdaghi 17. Vetting Resources and Having Patience when Learning Information Security Topics Christina Lang 18. Focus on the What and the Why First, Not the Tool Christina Morillo 19. Insiders Don’t Care for Controls Damian Finol 20. Identity and Access Management: The Value of User Experience Dane Bamburry 21. Lessons from Cross-Training in Law Danny Moules 22. Ransomware David McKenzie 23. The Key to Success in Your Cloud Journey Begins with the Shared Responsibility Model Dominique West 24. Why InfoSec Practitioners Need to Know About Agile and DevOps Fernando Ike 25. The Business Is Always Right Frank McGovern 26. Why Choose Linux as Your Secure Operating System? Gleydson Mazioli da Silva 27. New World, New Rules, Same Principles Guillaume Blaquiere 28. Data Protection: Impact on Software Development Guy Lépine 29. An Introduction to Security in the Cloud Gwyneth Peña-Siguenza 30. Knowing Normal Gyle dela Cruz 31. All Signs Point to a Schism in Cybersecurity Ian Barwise 32. DevSecOps Is Evolving to Drive a Risk-Based Digital Transformation Idan Plotnik 33. Availability Is a Security Concern Too Jam Leomi 34. Security Is People James Bore 35. Penetration Testing: Why Can’t It Be Like the Movies?! Jasmine M. Jackson 36. How Many Ingredients Does It Take to Make an Information Security Professional? Jasmine M. Jackson 37. Understanding Open Source Licensing and Security Jeff Luszcz 38. Planning for Incident Response Customer Notifications JR Aquino 39. Managing Security Alert Fatigue Julie Agnes Sparks 40. Take Advantage of NIST’s Resources Karen Scarfone 41. Apply Agile SDLC Methodology to Your Career Keirsten Brager 42. Failing Spectacularly Kelly Shortridge 43. The Solid Impact of Soft Skills Kim Z. Dale 44. What Is Good Cyber Hygiene Within Information Security? Lauren Zink 45. Phishing Lauren Zink 46. Building a New Security Program Lauren Zink 47. Using Isolation Zones to Increase Cloud Security Lee Atchison 48. If It’s Remembered for You, Forensics Can Uncover It Lodrina Cherne 49. Certifications Considered Harmful Louis Nyffenegger 50. Security Considerations for IoT Device Management Mansi Thakar 51. Lessons Learned: Cybersecurity Road Trip Mansi Thakar 52. Finding Your Voice Maresa Vermulst 53. Best Practices with Vulnerability Management Mari Galloway 54. Social Engineering Marina Ciavatta 55. Stalkerware: When Malware and Domestic Abuse Coincide Martijn Grooten 56. Understanding and Exploring Risk Dr. Meg Layton 57. The Psychology of Incident Response Melanie Ensign 58. Priorities and Ethics/Morality Michael Weber 59. DevSecOps: Continuous Security Has Come to Stay Michelle Ribeiro 60. Cloud Security: A 5,000 Mile View from the Top Michelle Taggart 61. Balancing the Risk and Productivity of Browser Extensions Mike Mackintosh 62. Technical Project Ideas Towards Learning Web Application Security Ming Chow 63. Monitoring: You Can’t Defend Against What You Don’t See Mitch B. Parker 64. Documentation Matters Najla Lindsay 65. The Dirty Truth Behind Breaking into Cybersecurity Naomi Buckwalter 66. Cloud Security Nathan Chung 67. Empathy and Change Nick Gordon 68. Information Security Ever After Nicole Dorsett 69. Don’t Check It In! Patrick Schiess 70. Threat Modeling for SIEM Alerts Phil Swaim 71. Security Incident Response and Career Longevity Priscilla Li 72. Incident Management Quiessence Phillips 73. Structure over Chaos Rob Newby 74. CWE Top 25 Most Dangerous Software Weaknesses Rushi Purohit 75. Threat Hunting Based on Machine Learning Saju Thomas Paul and Harshvardhan Parmar 76. Get In Where You Fit In Sallie Newton 77. Look Inside and See What Can Be Sam Denard 78. DevOps for InfoSec Professionals Sasha Rosenbaum 79. Get Familiar with R&R (Risk and Resilience) Shinesa Cambric 80. Password Management Siggi Bjarnason 81. Let’s Go Phishing Siggi Bjarnason 82. Vulnerability Management Siggi Bjarnason 83. Reduce Insider Risk Through Employee Empowerment Stacey Champagne 84. Fitting Certifications into Your Career Path Steven Becker 85. Phishing Reporting Is the Best Detection Steven Becker 86. Know Your Data Steve Taylor 87. Don’t Let the Cybersecurity Talent Shortage Leave Your Firm Vulnerable Tim Maliyil 88. Comfortable Versus Confident Tkay Rice 89. Some Thoughts on PKI Tarah Wheeler 90. What Is a Security Champion? Travis F. Felder 91. Risk Management in Information Security Trevor Bryant 92. Risk, 2FA, MFA, It’s All Just Authentication! Isn’t It? Unique Glover 93. Things I Wish I Knew Before Getting into Cybersecurity Valentina Palacin 94. Research Is Not Just for Paper Writing Vanessa Redman 95. The Security Practitioner Wayne A. Howell Jr. 96. Threat Intelligence in Two Steps Xena Olsen 97. Maintaining Compliance and Information Security with Blue Team Assistance Yasmin Schlegel Contributors Index About the Editor
How to download source code?
1. Go to: https://www.oreilly.com/
2. Search the book title: 97 Things Every Information Security Professional Should Know: Practical and Approachable Advice from the Experts
, sometime you may not get the results, please search the main title
3. Click the book title in the search results
3. Publisher resources
section, click Download Example Code
.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.