Whether you're searching for new or additional opportunities, information security can be vast and overwhelming. In this practical guide, author Christina Morillo introduces technical knowledge from a diverse range of experts in the infosec field. Through 97 concise and useful tips, you'll learn how to expand your skills and solve common issues by working through everyday security problems.

You'll also receive valuable guidance from professionals on how to navigate your career within this industry. How do you get buy-in from the C-suite for your security program? How do you establish an incident and disaster response plan? This practical book takes you through actionable advice on a wide variety of infosec topics, including thought-provoking questions that drive the direction of the field.

• Continuously Learn to Protect Tomorrow's Technology - Alyssa Columbus
• Fight in Cyber Like the Military Fights in the Physical - Andrew Harris
• Keep People at the Center of Your Work - Camille Stewart
• Infosec Professionals Need to Know Operational Resilience - Ann Johnson
• Taking Control of Your Own Journey - Antoine Middleton
• Security, Privacy, and Messy Data Webs: Taking Back Control in Third-Party Environments - Ben Brook
• Every Information Security Problem Boils Down to One Thing - Ben Smith
• Focus on the WHAT and the Why First, Not the Tool - Christina Morillo

Table of Contents

Chapter 1. Continuously Learn to Protect Tomorrow's Technology

Chapter 2. Fight in Cyber like the Military Fights in the Physical

Chapter 3. Three Major Planes

Chapter 4. lnfoSec Professionals Need to Know Operational Resilience

Chapter 5. Taking Cont rol of Your Own Journey

Chapter 6. Security, Privacy, and Messy Data Webs: Taking Back Control in Third-Party Environments

Chapter 7. Every Information Security Problem Boils Down to One Thing

Chapter 8. And in This Corner, It's Security Versus the Business1

Chapter 9. Don't Overlook Prior Art from Other Industries

Chapter 10. Powerful Metrics Always Lose to Poor Communication

Chapter 11. "No" May Not Be a Strategic Word

Chapter 12. Keep People at the Center of Your Work

Chapter 13. Take a Beat: Thinking Like a Firefighter for Better Incident Response

Chapter 14. A Diverse Path to Better Security Professionals

Chapter 15. It's Not About the Tools

Chapter 16. Four Things to Know About Cybersecurity

Chapter 17. Vetting Resources and Having Patience when Learning Information Security Topics

Chapter 18. Focus on the What and the Why First, Not the Tool

Chapter 19. Insiders Don't Care for Controls

Chapter 20. Identity and Access Management: The Value of User Experience

Chapter 21. Lessons from Cross-Training in Law

Chapter 22. Ransomware

Chapter 23. The Key to Success in Your Cloud Journey Begins with the Shared Responsibility Model

Chapter 24. Why lnfoSec Practitioners Need to Know About Agile and DevOps

Chapter 25. The Business Is Always Right

Chapter 26. Why Choose Linux as Your Secure Operating System?

Chapter 27. New World, New Rules, Same Principles

Chapter 28. Data Protection: Impact on Software Development

Chapter 29. An Introduction to Security in the Cloud

Chapter 30. Knowing Normal

Chapter 31. All Signs Point to a Schism in Cybersecurity

Chapter 32. DevSecOps Is Evolving to Drive a Risk-Based Digital Transformation

Chapter 33. Availability Is a Security Concern Too

Chapter 34. Security Is People

Chapter 35. Penetration Testing: Why Can't It Be Like the Movies?1

Chapter 36. How Many Ingredients Does It Take to Make an Information Security Professional?

Chapter 37. Understanding Open Source Licensing and Security

Chapter 38. Planning for Incident Response Customer Notifications

Chapter 39. Managing Security Alert Fatigue

Chapter 40. Take Advantage of NIST's Resources

Chapter 41. Apply Agile SDLC Methodology to Your Career

Chapter 42. Failing Spectacularly

Chapter 43. The Solid Impact of Soft Skills

Chapter 44. What Is Good Cyber Hygiene Within Information Security?

Chapter 45. Phishing

Chapter 46. Building a New Security Program

Chapter 47. Using Isolation Zones to Increase Cloud Security

Chapter 48. If It's Remembered for You, Forensics Can Uncover It

Chapter 49. Certifications Considered Harmful

Chapter 50. Security Considerations for loT Device Management

Chapter 51. Lessons Learned: Cybersecurity Road Trip

Chapter 52. Finding Your Voice

Chapter 53. Best Practices with Vulnerability Management

Chapter 54. Social Engineering

Chapter 55. Stalkerware: When Malware and Domestic Abuse Coincide

Chapter 56. Understanding and Exploring Risk

Chapter 57. The Psychology of Incident Response

Chapter 58. Priorit ies and Et hics/Morality

Chapter 59. DevSecOps: Continuous Security Has Come to Stay

Chapter 60. Cloud Security: A 5,000 Mile View from the Top

Chapter 61. Balancing the Risk and Productivity of Browser Extensions

Chapter 62. Technical Project Ideas Towards Learning Web Application Security

Chapter 63. Monitoring: You Can't Defend Against What You Don't See

Chapter 64. Documentation Matters

Chapter 65. The Dirty Truth Behind Breaking into Cybersecurity

Chapter 66. Cloud Security

Chapter 67. Empathy and Change

Chapter 68. Information Security Ever After

Chapter 69. Don't Check It ln1

Chapter 70. Threat Modeling for SIEM Alerts

Chapter 71. Security Incident Response and Career Longevity

Chapter 72. Incident Management

Chapter 73. Structure over Chaos

Chapter 74. CWE Top 25 Most Dangerous Software Weaknesses

Chapter 75. Threat Hunting Based on Machine Learning

Chapter 76. Get In Where You Fit In

Chapter 77. Look Inside and See What Can Be

Chapter 78. DevOps for lnfoSec Professionals

Chapter 79. Get Familiar with R&R (Risk and Resilience)

Chapter 80. Password Management

Chapter 81. Let's Go Phishing

Chapter 82. Vulnerability Management

Chapter 83. Reduce Insider Risk Through Employee Empowerment

Chapter 84. Fitting Certifications into Your Career Path

Chapter 85. Phishing Reporting Is the Best Detection

Chapter 86. Know Your Data

Chapter 87. Don't Let the Cybersecurity Talent Shortage Leave Your Firm Vulnerable

Chapter 88. Comfortable Versus Confident

Chapter 89. Some Thoughts on PKI

Chapter 90. What Is a Security Champion?

Chapter 91. Risk Management in Information Security

Chapter 92. Risk, 2FA, MFA, It's All Just Authentication1 Isn't It?

Chapter 93. Things I Wish I Knew Before Getting into Cybersecurity

Chapter 94. Research Is Not Just for Paper Writing

Chapter 95. The Security Practitioner

Chapter 96. Threat Intelligence in Two Steps

Chapter 97. Maintaining Compliance and Information Security with Blue Team Assistance

About the Author

Christina Morillo is an information security/cybersecurity and technology leader with expertise in enterprise security engineering, identity & access and cloud. Her extensive experience in enterprise security and identity, insider threat, cloud identity programs & deployments, have taken her to companies like Morgan Stanley, Fitch Ratings, AllianceBernstein, and Microsoft.

Christina advocates for and is passionate about meeting people and companies where they are. She is also a proponent of making security practical, accessible and easy to digest (sometimes with the help of basketball analogies).

In addition to her professional work, Christina co-leads Women in Security and Privacy's NYC Chapter, and volunteers with multiple organizations aligned with her mission of getting more women and underestimated folks into tech. In 2015, she also co-founded #WOCinTech Chat, the grassroots initiative best known for boosting visual representation through the open-source collection of stock photos featuring women of color technologists. With over 100 Million views and counting, the images have been used across countless mediums and have inspired other collections in the process.