[ http://www.amazon.com/exec/obidos/ASIN/0471779873/c4iorg - WK]
Author: Chris Butler
Reviewer: Ben Rothke
Summary Good review for a pro, but not for newbies.
If you find information security challenging and either want a job in
the field or are looking for a better job in the field, the book will be
quite valuable. But for those looking for a hot security job, their
lackings will likely show through on in interview, even with the help of
As to the actual content, chapter 1 provides a good overview of how to
find, interview and get a security job. The chapter contains many bits
of helpful information, especially to those whose job seeking skills are
deficient. A good piece of advice the author's state is that one should
never pay a fee for headhunting services. There are many people that
call themselves recruiters, but are nothing more than fax servers who
charge for the service. The burden to pay is always on the hiring firm,
and a job seeker should be extremely suspicious of anyone requesting a
fee to find them a position.
I would hope that in future editions of the book, the authors expand on
chapter one. The chapter itself in fact could easily me made into a book
in its own right. As part of the job search process, many job searchers
often do not ask themselves enough fundamental questions if they are
indeed in the right place in their career. Such an approach is taken by
Lee Kushner, founder and CEO of the information security recruitment
firm LJ Kushner and Associates. Kushner formulated the following 7
questions that every information security job candidate should ask
1. What are my long and short term plans?
2. What are my strengths and weaknesses?
3. What skills do I need to develop?
4. Have I acquired a new skill during the past year?
5. What are my most significant career accomplishments and will I soon
achieve another one?
6. Have I been promoted over the past three years?
7. What investments have I made in my own career?
The other 9 chapters of the book all have the same format; an overview
of the topic, and then various questions and interviewer may pose. The
reality that these topics of network and security fundamentals,
firewalls, regulations, wireless, security tools, and more, are
essential knowledge for a security professional. Anyone trying to go
through a comprehensive information security interview and wing it by
reviewing the material will likely only succeed if the interviewer is
inept. Anyone attempting to mimic the questions and answers in the book
in a real-world interview will immediately be found to be a sham if the
interviewer deviates even slightly from the script, which should be
What really separates a good candidate from a great candidate is
hands-on, practical and real-world security experience. Such a candidate
won't need a question and answer format to showcase themselves in an
interview. Their experience should shine, and not their ability to
rattle of security acronyms.
If a company is serious about hiring qualified people, the interview
process should not be about short technical questions and acronym
definitions. It should entail an open discussion with significant give
and take. Having a candidate detail their methodology for deploying and
configuring a firewall should be given more credence than their ability
to define the TCP the three-way handshake.
Ultimately, the efficacy of the book is in the disposition of the
reader. For the security newbie who wants a crash course in security in
order to quickly land a security job, heaven help the company that would
hire such a person. While one should indeed not judge a book by its
cover; this book's cover and title may lead some readers to think that
the book is their golden ticket to a quick landing into a great career.
The breadth of information that a security professional needs to know
precludes and short of cramming or quick introductions. Those with a
lack of security experience attempting to use this book to hide their
shortcomings will only embarrass themselves on an interview.
On the other hand, for the reader who has a background in information
security who wants an update on network and security fundamentals, they
will find IT Security Interviews Exposed a helpful title. The book
contains a plethora of valuable information written in a clear and easy
to read style. In a little over 200 pages, the book is able to provide
the reader with a good review of what they know or may have forgotten.
Used in such a setting by such a reader makes the book a most helpful
tool for the serious security professional looking to advance their
Ben Rothke is a security consultant with BT INS and the author of
Computer Security: 20 Things Every Employee Should Know.
Visit InfoSec News