97 Things Every Information Security Professional Should Know

Whether you're searching for new or additional opportunities, information security can be vast and overwhelming. In this practical guide, author Christina Morillo introduces technical knowledge from a diverse range of experts in the infosec field. Through 97 concise and useful tips, you'll learn how to expand your skills and solve common issues by working through everyday security problems. You'll also receive valuable guidance from professionals on how to navigate your career within this industry. How do you get buy-in from the C-suite for your security program? How do you establish an incident and disaster response plan? This practical book takes you through actionable advice on a wide variety of infosec topics, including thought-provoking questions that drive the direction of the field. Get started whether you're new to the infosec space or want to pivot onto a different path Assess your organization's security posture Understand and implement security and risk management controls Effectively communicate the importance of infosec to C-level executives Build and scale an infosec team and program Evaluate return on investment including progress, adoption, and risks mitigated, and relay this information back to stakeholders

As technology continues to advance and more business is conducted online, the potential attack surface increases exponentially and the need for strong application security measures become more and more crucial. This goes double for any organization that handles sensitive personal or financial information which is usually subject to government regulation. The consequences of a successful attack at the application level can be devastating for an organization, ranging from loss of revenue, to damaged reputation, to potential fines and other penalties. This book also introduces you to: What's considered application security and what security professionals should know What developers or software engineers should know about common application vulnerabilities How to design, develop, and test applications so that the application or software is able to defend against exploits and attacks Ways to provide readers with fresh perspectives, various insights, and many practical ways to address cyber security related to application development This advice can be applied in development for web, mobile, APIs or other software development, in different development languages, in waterfall and agile software development lifecycle (SDLC), and in the cloud.

Whether you're searching for new or additional opportunities, information security can be vast and overwhelming. In this practical guide, author Christina Morillo introduces technical knowledge from a diverse range of experts in the infosec field. Through 97 concise and useful tips, you'll learn how to expand your skills and solve common issues by working through everyday security problems. You'll also receive valuable guidance from professionals on how to navigate your career within this industry. How do you get buy-in from the C-suite for your security program? How do you establish an incident and disaster response plan? This practical book takes you through actionable advice on a wide variety of infosec topics, including thought-provoking questions that drive the direction of the field. Continuously Learn to Protect Tomorrow's Technology - Alyssa Columbus Fight in Cyber Like the Military Fights in the Physical - Andrew Harris Keep People at the Center of Your Work - Camille Stewart Infosec Professionals Need to Know Operational Resilience - Ann Johnson Taking Control of Your Own Journey - Antoine Middleton Security, Privacy, and Messy Data Webs: Taking Back Control in Third-Party Environments - Ben Brook Every Information Security Problem Boils Down to One Thing - Ben Smith Focus on the WHAT and the Why First, Not the Tool - Christina Morillo

Whether you're searching for new or additional opportunities, information security can be vast and overwhelming. In this practical guide, author Christina Morillo introduces technical knowledge from a diverse range of experts in the infosec field. Through 97 concise and useful tips, you'll learn how to expand your skills and solve common issues by working through everyday security problems. You'll also receive valuable guidance from professionals on how to navigate your career within this industry. How do you get buy-in from the C-suite for your security program? How do you establish an incident and disaster response plan? This practical book takes you through actionable advice on a wide variety of infosec topics, including thought-provoking questions that drive the direction of the field. Continuously Learn to Protect Tomorrow's Technology - Alyssa Columbus Fight in Cyber Like the Military Fights in the Physical - Andrew Harris Keep People at the Center of Your Work - Camille Stewart Infosec Professionals Need to Know Operational Resilience - Ann Johnson Taking Control of Your Own Journey - Antoine Middleton Security, Privacy, and Messy Data Webs: Taking Back Control in Third-Party Environments - Ben Brook Every Information Security Problem Boils Down to One Thing - Ben Smith Focus on the WHAT and the Why First, Not the Tool - Christina Morillo

If you create, manage, operate, or configure systems running in the cloud, you're a cloud engineer--even if you work as a system administrator, software developer, data scientist, or site reliability engineer. With this book, professionals from around the world provide valuable insight into today's cloud engineering role. These concise articles explore the entire cloud computing experience, including fundamentals, architecture, and migration. You'll delve into security and compliance, operations and reliability, and software development. And examine networking, organizational culture, and more. You're sure to find 1, 2, or 97 things that inspire you to dig deeper and expand your own career. "Three Keys to Making the Right Multicloud Decisions," Brendan O'Leary "Serverless Bad Practices," Manases Jesus Galindo Bello "Failing a Cloud Migration," Lee Atchison "Treat Your Cloud Environment as If It Were On Premises," Iyana Garry "What Is Toil, and Why Are SREs Obsessed with It?", Zachary Nickens "Lean QA: The QA Evolving in the DevOps World," Theresa Neate "How Economies of Scale Work in the Cloud," Jon Moore "The Cloud Is Not About the Cloud," Ken Corless "Data Gravity: The Importance of Data Management in the Cloud," Geoff Hughes "Even in the Cloud, the Network Is the Foundation," David Murray "Cloud Engineering Is About Culture, Not Containers," Holly Cummins

This how-to guide to good practices in the cloud is beginner-friendly but also takes a deep dive into topics such as architecting, scaling, and migrating. Author Emily Freeman covers topics including managing spend and measuring success. It's the ultimate guide for developers and DevOps engineers who have already started to work with cloud-based systems and those planning to make to leap. Topics include: Migrating to the cloud Securing your system Spending money fast Managing data in the cloud Automating yourself out of a job

Perimeter defenses guarding your network aren't as secure as you might think. Hosts behind the firewall have no defenses of their own, so when a host in the "trusted" zone is breached, access to your data center is not far behind. This practical book introduces you to the zero trust model, a method that treats all hosts as if they're internet-facing, and considers the entire network to be compromised and hostile. In this updated edition, the authors show you how zero trust lets you focus on building strong authentication, authorization, and encryption throughout, while providing compartmentalized access and better operational agility. You'll learn the architecture of a zero trust network, including how to build one using currently available technology. Explore fundamental concepts of a zero trust network, including trust engine, policy engine, and context aware agents Understand how this model embeds security within the system's operation, rather than layering it on top Use existing technology to establish trust among the actors in a network Migrate from a perimeter-based network to a zero trust network in production Examine case studies that provide insights into various organizations' zero trust journeys Learn about the various zero trust architectures, standards, and frameworks

As part of the Syngress Basics series, The Basics of Information Security provides you with fundamental knowledge of information security in both theoretical and practical aspects. Author Jason Andress gives you the basic knowledge needed to understand the key concepts of confidentiality, integrity, and availability, and then dives into practical applications of these ideas in the areas of operational, physical, network, application, and operating system security. The Basics of Information Security gives you clear-non-technical explanations of how infosec works and how to apply these principles whether you're in the IT field or want to understand how it affects your career and business. The new Second Edition has been updated for the latest trends and threats, including new material on many infosec subjects. Learn about information security without wading through a huge textbook Covers both theoretical and practical aspects of information security Provides a broad view of the information security field in a concise manner All-new Second Edition updated for the latest information security trends and threats, including material on incident response, social engineering, security awareness, risk management, and legal/regulatory issues