What do you think?
Rate this book
97 Things Every Information Security Professional Should Know: Collective Wisdom from the Experts
Whether you're searching for new or additional opportunities, information security can be vast and overwhelming. In this practical guide, author Christina Morillo introduces technical knowledge from a diverse range of experts in the infosec field. Through 97 concise and useful tips, you'll learn how to expand your skills and solve common issues by working through everyday security problems. You'll also receive valuable guidance from professionals on how to navigate your career within this industry. How do you get buy-in from the C-suite for your security program? How do you establish an incident and disaster response plan? This practical book takes you through actionable advice on a wide variety of infosec topics, including thought-provoking questions that drive the direction of the field.
- GenresProgramming
264 pages, Paperback
Published October 19, 2021
20 people are currently reading
55 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 5 of 5 reviews
March 1, 2024
DNF. If you’re new to the field and you can get this on sale (I got it as part of a Humble Bundle) then it is maybe worth your time. There’s a few decent essays in here, but not many.
January 3, 2023
Short: Good idea, lost because of lack of effort from editor.
Long: I can see the thought - opinions differ, but really important topics appear again and again. Vox populis, vox deus, right? Gather ~100 professionals, ask them for a piece each and then distill ultimate wisdom. So far, so good.
And execution is where it falls apart and gives impression that complete lack of editorial effort makes this fold into a useless heap.
- No organization, no structure. How would you expect a book to be organized? From simple to complicated or from old to new, or by domains and then topics? How about alphabetically by contributor? Good luck trying to read this as a book.
- No filter. I lost my count on how many articles are about soft skills. How many are about importance of understanding business. How many try to explain what is cloud or DevSecOps. Not building upon previous one, not elaborating or covering different aspect, no, same thing again by different person. Sure, you can get some good ideas - but you could also get them quicker by trimming down extra 75% of fat. How many times you need to be told that tools alone magically won't fix your all problems?
- Some facts presented are just plain wrong or make no sense. One advertised against using unofficial sources because they can be, drum-roll, outdated. Like all official materials are magically up to date. One answered question about "Why Linux is so secure?" with "Most companies use it," as if it was a reason, not a consequence. Also add some "Lot of people says that cotton candy is much more durable than steel, but let me object".
- There is no level. One article is about importance of soft skills in overall life, other talks about very specific risk of browser extensions. One talks about cloud as something brand new. One is very philosophical, other gives you steps and instructions.
- Not every specialist is also great writer. Nor they need to be. However when someone decides to write/compile/arrange a book, they should have some idea of what they are doing beyond "I want some money."
Long: I can see the thought - opinions differ, but really important topics appear again and again. Vox populis, vox deus, right? Gather ~100 professionals, ask them for a piece each and then distill ultimate wisdom. So far, so good.
And execution is where it falls apart and gives impression that complete lack of editorial effort makes this fold into a useless heap.
- No organization, no structure. How would you expect a book to be organized? From simple to complicated or from old to new, or by domains and then topics? How about alphabetically by contributor? Good luck trying to read this as a book.
- No filter. I lost my count on how many articles are about soft skills. How many are about importance of understanding business. How many try to explain what is cloud or DevSecOps. Not building upon previous one, not elaborating or covering different aspect, no, same thing again by different person. Sure, you can get some good ideas - but you could also get them quicker by trimming down extra 75% of fat. How many times you need to be told that tools alone magically won't fix your all problems?
- Some facts presented are just plain wrong or make no sense. One advertised against using unofficial sources because they can be, drum-roll, outdated. Like all official materials are magically up to date. One answered question about "Why Linux is so secure?" with "Most companies use it," as if it was a reason, not a consequence. Also add some "Lot of people says that cotton candy is much more durable than steel, but let me object".
- There is no level. One article is about importance of soft skills in overall life, other talks about very specific risk of browser extensions. One talks about cloud as something brand new. One is very philosophical, other gives you steps and instructions.
- Not every specialist is also great writer. Nor they need to be. However when someone decides to write/compile/arrange a book, they should have some idea of what they are doing beyond "I want some money."
March 7, 2022
The occasional nugget of gold buried in mountains of dross
I guess if this book is the first you’ve heard of information security it would be good, but if you come from a technical background and are looking for a primer on infosec then a handful of the 75 are any use.
I guess if this book is the first you’ve heard of information security it would be good, but if you come from a technical background and are looking for a primer on infosec then a handful of the 75 are any use.
September 24, 2021
Hands down a MUST read for all Infosec Professionals, more so those that are just getting started!
This book covers the basics of all aspects of security, including risk management, application security, DevOps, GRC (governance, risk, & compliance), successfully interacting with business departments, effectively serving your end-users, and so much more!
You will find yourself bookmarking and highlighting very much!
This book covers the basics of all aspects of security, including risk management, application security, DevOps, GRC (governance, risk, & compliance), successfully interacting with business departments, effectively serving your end-users, and so much more!
You will find yourself bookmarking and highlighting very much!
June 3, 2025
Like other books in the "97 things" series: beginner-friendly
Displaying 1 - 5 of 5 reviews