Table of Contents
Part I: A Career in the Security Industry
Chapter 1: Choosing a Career in Information Security
Do You Want Job Security for Life?
Choosing Your Path: What Specializations Are Available?
The Complexity of Our Industry
Is There Any Standardization?
A Modern Categorization for Tech Companies
Career Paths Are Not Linear
Chapter 2: Cloud Security as a Career Path
The Rise of Cloud Security: Why Choose a Career in This Domain
So, What Exactly is Cloud Security?
Chapter 3: Understanding Career Levels
A Look at Progression Frameworks
Don't Take Titles Too Seriously...
...But Also, Titles Do Matter
Part II: Entering the Field
Chapter 4: What Skills Do You Really Need?
Is Formal Education Necessary?
Learn Foundational Computer Science
Learn To Code
Understand Software Design Principles
Get Familiar With at Least One Programming Language
Develop a Small Web Application
Learn Version Control
Learn Foundational Security Concepts
Learn General AppSec Concepts
Chapter 5: Tips for Effective Learning
Find Your Learning Style
Create a Learning Plan
Build a Knowledge Base
Avoid Relying on "AI" Chatbots
Chapter 6: What Does It Mean To Be At This Stage
The Experience Paradox
What's Expected of You
Observe and Learn
Be Curious
Cultivate a Growth Mindset
Be Slow But Steady
Learn How To Ask Questions
Avoid Making a Bad Impression
In Summary: Make Yourself an Easy Hire
Chapter 7: Working Towards the Next Stage
Do Your Job
Have Some Side Projects
Why Having Side Projects is Important
Need Some Inspiration?
Start Building Your Personal Brand
Be Consistent
Have a Personal Website
Have a LinkedIn Profile
Have a GitHub Profile
Have a Twitter Profile
Part III: Establishing Yourself
Chapter 8: The Essential Skills You Need To Learn
Improve Your Software Engineering Skills
Be Proficient With Git
Get Used To Treat Everything as Code
Pay Attention To Code Quality
Pay Attention To Your Writing Skills
Know Your Tools
Become Familiar With a Cloud Provider
Understand the Concept of Cloud Computing
Pick a Cloud Provider
Key Concepts To Comprehend
Understand the DevOps Philosophy
Learn How To Manage Servers
Learn Containers
The Basics
The Components
Working With Images
Learn Container Orchestration
Why What You Think You Know is Probably Wrong
Understanding Kubernetes Architecture & Components
Get Hands-On Experience
If You Want To Be “Production Ready”
Learn Container and Kubernetes Security
Learn Infrastructure as Code
Learn CI/CD
Next, Tackle DevSecOps
Embedding Security in the Development Process
A Modern DevSecOps Pipeline
Pay Attention To Secrets Management
Chapter 9: Tips for Effective Learning
Keep Focus
Practice, Practice, Practice
Certifications: How Important Are They?
Some Caveats To Consider
Certifications I Would Recommend for Cloud Security Engineers
Chapter 10: What Does It Mean To Be At This Stage
Working Towards the Senior Role
The Many Faces of the Senior Role
Being Considered a “Senior”
What's Expected From You
Technical Competence
Execute. Execute. Execute
Champion Technical Excellence
Be a Product Engineer
Have Excellent Communication Skills
Be a Professional
Be Reliable
Treat Others With Respect
Be a Manager of One
Chapter 11: Working Towards the Next Stage
Keep Growing Your Skills With Side Projects
First, Build a Lab
Then, Start Experimenting
Practice Shipping
Consider Open Source
Build Your Brand Internally Within Your Company
Market Yourself
Weekly Digests
Brag Documents
Tell Me About a Time Documents
Manage Up
Plan For Promotion
Keep Building Your Brand Externally Within The Industry
Keep Working on Your Personal Brand
Share Your Knowledge
Network
Speak at Conferences
Watch Out for Pitfalls
Part IV: Thrive
Chapter 12: The Skills You Need To Master To Be Well-Rounded
Dig Deeper in the Security Aspects of Cloud Providers
Work With Kubernetes Beyond the Basics
Refine Your Terraform Skills
Know How To Secure CI/CD Pipelines
Know About Supply Chain Security
Know About Security Logging and Monitoring
Other Topics You Should Know About
Chapter 13: Tips for Effective Learning
Learn From Others
Consider Investing in Professional Coaching
Own Your Career
Chapter 14: What Does It Mean To Be At This Stage
Reaching Staff+
What is a Staff+ Anyway?
Avoid Over-Specializing in a Niche
What's Expected From You
Technical Leadership
Consider Communication Your Primary Skill
Writing is Where You’ll Spend Most of Your Time
Public Speaking Can Help, Too
Be Able To Influence
Help Others Grow
Share Your Knowledge
Mentor Others
Cooperate With Management
Own Project Management
Consider a Stint in Management
Chapter 15: Final Tips for a Long Career
Your Brand is Your Most Important Asset
Stay Relevant
It's Time in the Game, Not Timing the Game
Part V: Interviewing and Choosing Your Next Company
Chapter 16: Pick Your Adventure
FAANG: For World-Scale Expertise
Startups: For Growing Quickly
BigCos: For Learning Solid Processes
Consultancies: For a Breadth of Knowledge
Non-Tech: Avoid Them If You Can
Government: For the Greater Good
Putting It All Together
Chapter 17: Where To Look for Jobs
Job Boards
Recruiters
Networking
Chapter 18: Get Ready for Interviewing
Polish Your CV
Polish Your Skills
Chapter 19: Managing the Interview Process and Securing Offers
Understanding the Different Stages of an Interview Process
Manage the Process
Dealing With Offers
Get the book