When we try to learn a new fact or start to indulge in a new topic, we are a lot of times naive about this new subject. We realize that we do not know that much about it but what we do not realize is who to listen to and who not to listen to. We just do not know enough about the topic yet to be able to make that distinction. So we tend to listen to everything that we hear. This leads to us listening to both good and bad advice. It is not until we get better at our new found craft that we know whose information was crap and who actually knew what they were talking about.
There is a lot of money to be made in information books, DVDs, and audio. So much so that people who have no knowledge on the subject will pretend as if they do so they can make money. Or they have been in the new field for a very short time but they speak to you as if they are professionals. This is starting to happen in the computer security community a lot these days. There are too many people who only have a little bit knowledge when it comes to the field speaking as if their words are the gospel to the industry.
The facts are, before you buy a book or any other products from anyone in the computer security industry make sure you read up on them. Make sure that they are a respected member of the community. Anyone who is writing a book about security should be well known by the other security pros or hackers that are out there. If they have never heard of this person, either on the white hat or black hat side, then there is a good chance that you should ignore the book. Any book that is worth it will be praised by the security/hacker community.
The computer security community is the rare community where knowledge is held in such high esteem. If you have someone who is trying to pass of being knowledgeable in the field when they are not, you will see them get called out on it. Listen to the community’s advice.
P.S. I don’t have a security book and I’m not an expert myself!