January 12, 2009, 3:45 PM — Joel Scambray, co-author of Hacking Exposed, 6th Ed. shares equal parts helpful technical tip, sage career advice, and interesting personal profile.
This is the first in a regular series that will highlight new books and their authors.
What I like best about computer security, says Joel Scambray, co-author of Hacking Exposed, 6th Ed., is the challenge of the attackers' advantage and the defenders' dilemma.
"Fortunately," says Scambray, "information security is one profession that anyone who uses a computer can learn about first-hand every day." His advice: "Take a little time regularly to explore the security features of the computer you use frequently, using the Internet as a resource for more information. If you want to take it up a level, create a separate computing environment from the one you use for personal or business use (for example, a set of virtual machines running a free operating system like Ubuntu) and try out the attacks and countermeasures described in Hacking Exposed. There's no better way to learn the theory and practice of information security "that's how the authors and thousands of readers have done it since 1999!"
- Define a security policy, even if it's short and simple.
- Get permission from and notify system owners before performing any testing.
- Be patient -- running the tool/test is the easiest part, interpreting the output is what differentiates the exceptional from the merely adept.
- Define the problem positively -- too often, security is regarded as "nothing happening is good." Set clear security objectives in advance, and think about how you will measure success or failure.
- Remember that security is about risk management, be practical in prioritizing the things you will fix and not fix (because you can't do it all).
5 classic mistakes