Similar authors to follow
Manage your follows
About Shon Harris
Shon Harris, CISSP is the founder and CEO of Logical Security, a computer security consultant, a former engineer in the Air Force’s Information Warfare unit, an instructor and an author. She has authored three best selling CISSP books, was a contributing author to the book Hacker’s Challenge, a contributing author to the book Gray Hat Hacking, a contributing author to the Security Information and Event Management (SIEM) Implementation book and a technical editor for Information Security Magazine. Ms. Harris has developed a full digital information security product series for Pearson publishing.
Ms. Harris has consulted for several Fortune 500 companies in the U.S., including American Express, Warner Brothers, BridgestoneFirestone, CitiBank, CitiFinancial, AOL, Cisco and many more. Her competencies range from setting up risk management programs and developing enterprise network security architectures to constructing enterprise-wide security programs that connects computer security and business needs in a synergistic manner.
Ms. Harris has extensive knowledge and practical experience pertaining to legal and regulatory compliance. She has worked with the largest corporations within the U.S. to become compliant with OCC, SOX, GLBA, HIPAA, PCI and SAS70. Ms. Harris specializes in risk management, governance and the development of and implementation of security metrics.
Ms. Harris has taught information security to a wide range of clients, some of which have included Microsoft, Department of Defense, Department of Energy, National Security Agency, Bank of America, Defense Information Systems Agency, RSA, U.S. Military Academy at West Point, and many financial institutions.
Ms. Harris was recognized as one of the top 25 women in the Information Security field by Information Security Magazine.
Customers Also Bought Items By
A new edition of Shon Harris’ bestselling exam prep guide―fully updated for the 2021 version of the CISSP exam
Thoroughly updated for the latest release of the Certified Information Systems Security Professional exam, this comprehensive resource covers all objectives in the 2021 CISSP exam developed by the International Information Systems Security Certification Consortium (ISC)2®. CISSP All-in-One Exam Guide, Ninth Edition features learning objectives at the beginning of each chapter, exam tips, practice questions, and in-depth explanations. Written by leading experts in information security certification and training, this completely up-to-date self-study system helps you pass the exam with ease and also serves as an essential on-the-job reference.
Covers all 8 CISSP domains:
- Security and risk management
- Asset security
- Security architecture and engineering
- Communication and network security
- Identity and access management (IAM)
- Security assessment and testing
- Security operations
- Software development security
Online content includes:
- 1400+ practice exam questions
- Graphical question quizzes
- Test engine that provides full-length practice exams and customizable quizzes by chapter or exam domain
- Access to Flash cards
Cutting-edge techniques for finding and fixing critical security flaws
Fortify your network and avert digital catastrophe with proven strategies from a team of security experts. Completely updated and featuring 13 new chapters, Gray Hat Hacking, The Ethical Hacker’s Handbook, Fifth Edition explains the enemy’s current weapons, skills, and tactics and offers field-tested remedies, case studies, and ready-to-try testing labs. Find out how hackers gain access, overtake network devices, script and inject malicious code, and plunder Web applications and browsers. Android-based exploits, reverse engineering techniques, and cyber law are thoroughly covered in this state-of-the-art resource. And the new topic of exploiting the Internet of things is introduced in this edition.
•Build and launch spoofing exploits with Ettercap
•Induce error conditions and crash software using fuzzers
•Use advanced reverse engineering to exploit Windows and Linux software
•Bypass Windows Access Control and memory protection schemes
•Exploit web applications with Padding Oracle Attacks
•Learn the use-after-free technique used in recent zero days
•Hijack web browsers with advanced XSS attacks
•Understand ransomware and how it takes control of your desktop
•Dissect Android malware with JEB and DAD decompilers
•Find one-day vulnerabilities with binary diffing
•Exploit wireless systems with Software Defined Radios (SDR)
•Exploit Internet of things devices
•Dissect and exploit embedded devices
•Understand bug bounty programs
•Deploy next-generation honeypots
•Dissect ATM malware and analyze common ATM attacks
•Learn the business side of ethical hacking
Completely revised and updated for the 2015 CISSP body of knowledge, this new edition by Fernando Maymì continues Shon Harris’s bestselling legacy, providing a comprehensive overhaul of the content that is the leading chosen resource for CISSP exam success, and has made Harris the #1 name in IT security certification.
This bestselling self-study guide fully prepares candidates for the challenging Certified Information Systems Security Professional exam and offers 100% coverage of all eight exam domains. This edition has been thoroughly revised to cover the new CISSP 2015 Common Body of Knowledge, including new hot spot and drag and drop question formats, and more.
Each chapter features learning objectives, exam tips, practice questions, and in-depth explanations. Beyond exam prep, the guide also serves as an ideal on-the-job reference for IT security professionals. CISSP All-in-One Exam Guide, Seventh Edition provides real-world insights and cautions that call out potentially harmful situations.
- Fully updated to cover the 8 new domains in the 2015 CISSP body of knowledge
- Written by leading experts in IT security certification and training
- Features new hot spot and drag-and-drop question formats
- Electronic content includes 1400+ updated practice exam questions
Prepare for the 2015 CISSP exam with this up-to-date, money-saving study package
Designed as a complete self-study program, this collection offers a variety of proven, exam-focused resources to use in preparation for the 2015 CISSP exam. This set bundles the seventh edition of Shon Harris’ bestselling CISSP All-in-One Exam Guide and CISSP Practice Exams, FourthEdition. CISSP candidates will gain access to a variety of comprehensive resources to get ready for this challenging exam.
CISSP Boxed Set 2015 Common Body of Knowledge Edition fully covers the eight newly-revised exam domains and offers real-world insights from the authors’ professional experiences. More than 1250 accurate practice exam questions are provided, along with in-depth explanations of both the correct and incorrect answers.
Presents 100% coverage of the 2015 CISSP Common Body of Knowledge
Written by leading experts in IT security certification and training
This bundle is 12% cheaper than buying the books individually
Shon Harris, CISSP was the founder and CEO of Logical Security LLC, an information security consultant, a former engineer in the Air Force's Information Warfare unit, an instructor, and an author.
Fernando Maymí, Ph.D., CISSP, is a security practitioner with over 25 years of experience in the field.
Jonathan Ham, CISSP, GSEC, GCIA, GCIH, is an independent consultant who specializes in large-scale enterprise security issues. He is co-author of Network Forensics: Tracking Hackers through Cyberspace.
Cutting-edge techniques for finding and fixing critical security flaws
Fortify your network and avert digital catastrophe with proven strategies from a team of security experts. Completely updated and featuring 12 new chapters, Gray Hat Hacking: The Ethical Hacker's Handbook, Fourth Edition explains the enemy’s current weapons, skills, and tactics and offers field-tested remedies, case studies, and ready-to-deploy testing labs. Find out how hackers gain access, overtake network devices, script and inject malicious code, and plunder Web applications and browsers. Android-based exploits, reverse engineering techniques, and cyber law are thoroughly covered in this state-of-the-art resource.
- Build and launch spoofing exploits with Ettercap and Evilgrade
- Induce error conditions and crash software using fuzzers
- Hack Cisco routers, switches, and network hardware
- Use advanced reverse engineering to exploit Windows and Linux software
- Bypass Windows Access Control and memory protection schemes
- Scan for flaws in Web applications using Fiddler and the x5 plugin
- Learn the use-after-free technique used in recent zero days
- Bypass Web authentication via MySQL type conversion and MD5 injection attacks
- Inject your shellcode into a browser's memory using the latest Heap Spray techniques
- Hijack Web browsers with Metasploit and the BeEF Injection Framework
- Neutralize ransomware before it takes control of your desktop
- Dissect Android malware with JEB and DAD decompilers
- Find one-day vulnerabilities with binary diffing
Written by the #1 name in IT security certification training, fully revised for the latest exam release, and featuring 750+ practice questions plus 24 hours of audio lectures
CISSP Practice Exams, Second Edition is the ideal companion to Shon Harris’ bestselling CISSP All-in-One Exam Guide. Well-regarded for her engaging and informative style, Shon Harris is renowned as an IT security certification expert.
Designed as an exam-focused study-self aid and resource, CISSP Practice Exams, Second Edition provides 100% coverage of the 10 exam domains. Organized by these domains, the book allows you to focus on specific topics and tailor your study to your areas of expertise and weakness. To further aid in study and retention, each question in the book is accompanied by in-depth answer explanations for the correct and incorrect answer choices. Each chapter contains 25+ practice questions with an additional 500 practice questions hosted in a web-based environment. As an added bonus, you’ll get access to 24 hours of audio lectures featuring Harris conducting intensive review sessions. (Terms and conditions apply.)
Complete, authoritative coverage of the CISSP exam
Information Security Governance and Risk Management; Access Control; Security Architecture and Design; Physical (Environmental) Security; Telecommunications and Networking Security; Cryptography; Business Continuity and Disaster Recovery Planning; Legal, Regulations, Investigations, and Compliance; Software Development Security; Operations Security
Implement a robust SIEM system
Effectively manage the security information and events produced by your network with help from this authoritative guide. Written by IT security experts, Security Information and Event Management (SIEM) Implementation shows you how to deploy SIEM technologies to monitor, identify, document, and respond to security threats and reduce false-positive alerts. The book explains how to implement SIEM products from different vendors, and discusses the strengths, weaknesses, and advanced tuning of these systems. You’ll also learn how to use SIEM capabilities for business intelligence. Real-world case studies are included in this comprehensive resource.
- Assess your organization’s business models, threat models, and regulatory compliance requirements
- Determine the necessary SIEM components for small- and medium-size businesses
- Understand SIEM anatomy—source device, log collection, parsing/normalization of logs, rule engine, log storage, and event monitoring
- Develop an effective incident response program
- Use the inherent capabilities of your SIEM system for business intelligence
- Develop filters and correlated event rules to reduce false-positive alerts
- Implement AlienVault’s Open Source Security Information Management (OSSIM)
- Deploy the Cisco Monitoring Analysis and Response System (MARS)
- Configure and use the Q1 Labs QRadar SIEM system
- Implement ArcSight Enterprise Security Management (ESM) v4.5
- Develop your SIEM security analyst skills