Book Review: Getting An Information Security Job for Dummies

First off, Getting an Information Job for Dummies took way to long for me to read. But that’s because of other commitments. I got the book in May, when a lot of people in the echo chamber were trashing it. I was also looking for advantages in trying to find a new job that went with my B.S. in Information Assurance and after 6 months was feeling desperate.

First, the book isn’t as good as it could have been. Second, it wasn’t as bad as people were making it out to be on Twitter. Third, the author uses too much of his own personal experience in it (something I’m guilty of with this blog). Fourth, he kept equating lock picking to crime. Which I didn’t like at all and being from Washington I thought he’d do better. They are legal there.

It’s a “for Dummies” book. This means they try to avoid jargon and make it easier for lay people to red. Don’t hold that part of the title against it.

The book was divided in to several parts that were well laid out.

Part 1 was a good survey of what Infosec is, beyond just the pen-testers. Part 1 starts with what infosec is, what cybercrime is, the rise of both. It then covers the different type of Infosec jobs, and finishes that part with what is driving those jobs (regulations, industry pushes, etc).

Part 2 is the basics that a person should know if they want to work in the industry. This isn’t giving away the secret sauce, it’s a road map builder. It talks about how to get the kind of education that will make a person a good Infosec practitioner.

Part 3 covers how to look for a job. Don’t just say you want to work in security, but actually know what you want to do in security. How can what you mapped out in part 2 be useful, and to who.

Part 4, I think this was the most biased part of the book, was about building your brand and your resume. How to use both to get the interview, and interview well enough to get the job. It also covered how to quit your current job without burning bridges.

The parts of 10, were mostly what the author thought was good organizations to join, places for keeping up to date, and being informed. It also contained the best part of the book. The questions to ask, when it is your turn to ask questions.

Over all, I think the book is a little too biased to the author’s experience and the book won’t be a one size fits all. As I said above, I think too many in the industry didn’t give it a fair shake (and based on comments didn’t read it). But if your having problems getting from IT in to Infosec full time, or want to have a better career path laid out, then the book was worth it.

 

Leave a Reply

Your email address will not be published. Required fields are marked *