Textbooks get reviewed primarily by trade publications, but every now and then I review choose to review an exceptional textbook. Some security professionals teach in an academic environment and it has been difficult to find good textbooks for their security courses. The run-of-the-mill textbooks contain the usual content, often presented somewhat better than the trade equivalent because of the pedagogical slant. Sadly, a number of them have been dumbed down to meet the needs of the current crop of college students.

When done well, textbooks are gems because the standard fare for them includes lots of extras that just do not appear in trade books. The teacher looking to reduce the burden of preparation is happy because presentation slides are included, along with review questions, projects for students, detailed chapter summaries and lots of definitions. Nothing is taken for granted, even in the middle of a chapter you find activities than can run for 10 minutes to 30 minutes to make sure that you understand the related concept.

This particular book extensively uses the work of several organizations, including the Institute for Security and Open Methodologies (ISECOM) and the Independent Computer Consultants Associations (ICCA). With many of the community colleges looking more like a certification organization, these organizations are important. As the field of hacking becomes mainstream, customers want to be assured that the professional being hired will not end up in prison for unethical behavior. Trust is important as is the use of standards with meaning. Simpson and ISECOM adhere to the Open Source Security Testing Methodology Manual.

The security students in college today were born about the same time as the Morris worm and were in grammar school when Netscape changed the World Wide Web forever. They are coming of age at time when law enforcement is struggling to keep up with a cyber crimes environment that is out of control. They need to have good technical resources, ethical standards and a sense of grounding in a virtual world.

This textbook aims at the advanced student who has, perhaps, a couple of public keys with certificates, a good understanding of networks and the elements of computer security. If you need a hacking textbook, this is it.