Review – InfoSec Rock Star: Because Geek Will Only Get You So Far
It only took me half a year since its UK release, but I’ve finally finished reading InfoSec Rock Star, a book written by one of my old SANS instructors that touches on everything from dress codes to negotiation tactics for cyber security professionals.
Disclaimer: Just so you’re aware before you read this review, the book’s author Ted Demopoulos was one of the instructors who taught me at the SANS Cyber Retraining Academy back at the beginning of 2017. He also led a morning InfoSec Rock Star session, so I did have some exposure to this material before reading the book.
When I think of information security rock stars, I think of the industry gurus who build cool personal brands, give great talks at conferences and events, and show off awesome work they’ve done (usually some cool hack or other). Specifically I think of James Lyne – probably because of his involvement with the SANS Cyber Retraining Academy, which was where Ted Demopoulos gave a half-day session on his InfoSec Rock Star theory.
Ted’s definition of “rock star” is a little wider than mine, so while I was expecting a strong focus on self-promotion and standing out from the crowd online, the session – and by extension the book – takes a more rounded look at what makes a model cyber security professional who can pursue their own interests, gain the respect of their colleagues, and develop the negotiation skills that will earn them the compensation they deserve.
For the most part, then, InfoSec Rock Star: How to Accelerate Your Career Because Geek Will Only Get You So Far is more a business book (and in some parts almost a self-help book) than it is a cyber security book. You won’t find any specifics on networking or pen testing here, but you will find plenty of useful material on presentation, business etiquette, management, leadership, negotiation, and marketing – all from a cyber security professional’s perspective.
While I suspect industry veterans will be familiar with most of the content, there’s plenty for those lower down the ladder to pick up here. Cyber security is an oddly-positioned industry in many ways – essential to modern business but requiring technical skills that are often picked up by tinkerers who aren’t fully integrated into the business world – and in the right hands this could really help to bridge the gap and help build a successful career.
InfoSec Rock Star is also far more readable than most business books I’ve picked up. Ted Demopoulos is an excellent speaker (his style really helped me pick up the SANS SEC201 and SEC401 subject matter quickly at the academy) and he writes in much the same way, breaking up the content with interesting stories and anecdotes that show the concepts in action.
Coupled with the rare chance to read about key business concepts through a cyber security lens, this makes InfoSec Rock Star a worthwhile read for anyone in the industry. Some might be familiar with much of the material, but the book is entertaining to read and there’s always a chance you might pick up a tip that inspires you to take your security career to the next level.