Apart from the totally out-of-whack industry percentages (I think it's closer to 60% "other", the more I think about it), I think this is a really clearheaded and insightful post, which is unsurprising given that Dan Guido is hip deep in this industry.
For what it's worth, I found DDZ's Amazon list from this post and was motivated to write my own, which you can see at: http://amzn.to/cthr46
That reading list is a tall order, but still, a watered-down version of the "blackhat" curriculum.
Here is 'infosec' in a nutshell: love computers to death and become as good a developer and mathematician as the upper-division hackers working on core systems software, then give it all up to become a glorified human debugger, co-writing "papers" with bureaucrats and opportunistic, washedup, fear-mongering have-beens.
The training and experience required is just not commensurate with the glory that can be had elsewhere. Either in developing software, OR taking the other side of the infosec game ..
I'm curious. What part of the list is a tall order? I actually felt bad in the opposite direction; everybody in my field has read at least 3 of the top 4 there, and _The Practice..._, _...The Good Parts_, and _SQL for Dummies_ (only sort of a joke) are pretty basic.
_Windows Internals_ and _Internetworking with TCP/IP_ were, in a different form, on every Unix sysadmin's bookshelf in the 90s --- as "TCP/IP Illustrated" and "The Design And Implementation of the 4.4BSD Operating System" (both of which are also great books but are now very dated).
The only rough things on this list are _Network Algorithmics_, _Computational Structures_, and _Surreptitious Software_. None of them are required reading to get started.
I really wanted to add books on signal processing, RF, linear algebra, program trading, and compression, but I thought (a) it would sound self-aggrandizing and (b) there's no end to the domain-specific books I might inevitably end up adding.
You ignored the "watered down" and jumped on the "tall order".
For someone new to the industry (rather, 'scene') I think that booklist will take ~2 years just to grok. For an experienced hacker, specially one coming from systems programming, compiler hacking, binary analysis, emulation, or cryptography, specially one who spent his youth dipping into actual blackhat hacking and reversing, then the industry has absolutely no appeal. You can make more money writing an optimizer for an ARM processor for one phone model than you would working in the security industry.
My position is: security is not worth it, unless you're some government MCSE who ends up sent to seminars and conferences on Wireshark and IDA Pro. Infosec is churning out doe-eyed nobodies faster than Clown University. The people who actually matter, and make a difference, earned their stripes hacking out of their parents basement in their teens.
"I really wanted to add books on signal processing, RF, linear algebra, program trading, and compression, but I thought (a) it would sound self-aggrandizing and (b) there's no end to the domain-specific books I might inevitably end up adding."
You probably should add these anyway! I for one would find it useful.
For what it's worth, I found DDZ's Amazon list from this post and was motivated to write my own, which you can see at: http://amzn.to/cthr46