Gajus - Fotolia


How infosec professionals can improve their careers through writing

Writing can be one of the best ways to establish your reputation as an infosec professional. Expert Joshua Wright of the SANS Institute explains the best ways to do it.

The technology industry has no shortage of intelligent and skilled infosec professionals. Yet too often their brilliance often goes unrecognized outside of their immediate circles.

Many infosec professionals have amazing security stories and technical solutions to share. Yet their knowledge reaches a limited audience when shared via word of mouth.

Infosec professionals: It's time to emerge from your offices and cubicles to share your stories and lessons through writing. By becoming a writer, you can share your knowledge and contributions with a larger audience beyond your co-workers and customers. In doing so, others can build upon the information and continue to innovate, helping the infosec industry grow and mature.

Writing also can help boost your infosec career credentials. When you say, "I'm writing a book," you increase your credibility with your peers. Warranted or not, book authors hold a position of respect and trust.

Infosec writing: Getting started

Worried you have nothing to offer? Don't underestimate the audience for your skills and knowledge. There are many talented technologists and infosec professionals in the industry. If a topic or discovery is interesting to you, chances are it will be of interest to others.

Infosec writing also presents an excellent opportunity to research and learn more about a subject you are passionate about, thus increasing your expertise. Writing can even be a path for infosec career exploration: if you are interested in pursuing a career in a field, be it as a programmer, penetration tester or incident response analyst, writing on that topic will require you to immerse yourself in the field. Immersion in such topics will allow you to clearly identify if this field is for you, as well as help you determine the path to get there.

Writing isn't limited to books either; a book can be your long-term goal. Getting your feet wet by writing timely articles for technology journals and conferences is a great way to start. You can publish and then present on technical topics. Writing articles will help you develop your skill set and help position you as a skilled leader in your industry.

Once you choose a topic and you've done some prep writing to get your feet wet, you're ready to write a book. To help get you started, consider the following tips.

Tips for infosec writing success

First, set a schedule. Writing "when you have the time" rarely works. That time will never come if you don't plan it -- or if it does, because you aren't writing regularly, it will be difficult to pick up where you left off. Setting a schedule is important. Are you a morning person or a night owl? How many days a week do you want to commit to writing? Think about what works best for your lifestyle, set a schedule and commit to it.

Second, be aware of employer contractual poisoning. If you think you are going to work an hour during lunch in the office or go in early to write, think again. Many employers have a contract that states anything you produce during employment hours or on the employer's assets (i.e., computer) belongs to the employer. Therefore, it is a good idea not to write during work or on a work computer. The line should be very clear between what you own and what the employer owns.

Third, remove distractions. When you are struggling to find the words, an email message or spot on TV can take your mind even further away from the task at hand. Find a quiet space, without a TV or other distractions. A separate computer, just for writing, is highly recommended. This computer should be set up solely for writing -- no games, no work-related projects, no social media and so on. It should allow you to look up content on the internet for your research.

Getting the words out

Wouldn't it be nice if when we sat a keyboard, the words just started to flow? Typically, it doesn't work like that. Most writers, even highly seasoned writers, struggle with how to communicate their messages. Some people call this writer's block. I call this "Josh's fatal moments of self-deprecating doubt." This is normal. With a few simple strategies, you can work through it.

1. Plan big but think small. When you sit down to write, if you think about your book in its entirety, you won't get very far. Writing is much more manageable when broken down into bite-sized tasks. Think about the headline, a paragraph or even a sentence. This will help you get small tasks complete, which will inspire you to work on more tasks.

2. Choose subject keywords. Think about the subject you want to write about in keywords, without any sentence structure around the words. Write these words down -- Linux, kernel, memory management. Put your keywords in the order they would be discussed; this is the beginning structure of your book. From here you will have enough to develop an outline.

3. The outline should be at least five levels deep. It should capture what you are going to cover in great detail -- topic-level depth. An outline will help you see where you are going. It also allows you to tackle your writing in bite-sized pieces. You can work through the outline, then chapter one, chapter two and so on. The outline doesn't have to be static, and it can and should change as your book progresses, but it will give you the reference points for your work.

4. Polish your writing. As you get further along in the writing of your book, seeking feedback on your writing to show you where you can improve is recommended. The automated proofreader, Grammarly, is a great online resource. Grammarly will help you refine word choice and assist with sentence structure, punctuation and style. Be sure to read your writing out loud as well. Sometimes sentences sound good in your head, but when reading out loud they can sound very different.

5. Decide on a publishing route. Before you get too far along in your book, you must decide if you will self-publish or work with a publisher. A lot of people work with a traditional publisher for the name-brand recognition. People also think the publisher is there to publicize your book and to make it sell successfully. Sadly, this is rarely the case; the publisher will help accelerate your book if it sells well, but you are still responsible for promotion. If you chose to work with a publisher, you will need to share a sample chapter; the publisher will request this in a specific format. If you are too far along with your writing, chances are you'll end up doing a lot of rewriting and reformatting to meet the publisher's requirements.

The other option is to self-publish, where you are the sole party responsible for the product you are creating. If you are considering self-publishing, I highly recommend Guy Kawasaki's book on self-publishing called APE: Author, Publisher, Entrepreneur. The APE book is motivational and tactical, with great advice including how to navigate through the Amazon self-publishing platform.

By writing, you can differentiate yourself as an infosec professional and demonstrate your capabilities, which can help further your infosec career. When you publish, you get to take pride in your hard work, seeing and holding the thing you created. It's an amazing feeling, and worth every moment of effort put into it.

Editor's note: Joshua Wright will provide additional details during his keynote address, "Writing Tech: Career Advancement and You," on August 1 at SANS Boston 2016.

About the author: Joshua Wright is a senior instructor with the SANS Institute, a hacker and a published writer. Wright began writing professionally in 2003 as a contributing writer for technology magazines and has written a handful of books -- independently and with co-authors -- and has worked with several different publishers. Today, most of his writing is for SANS, where he has worked on several courses and taught those courses to thousands of students.

Next Steps

Find out if cybersecurity degrees can help with career advancement

Discover five ways to increase the talent pool of infosec professionals

Read more on how the industry can grow the cybersecurity workforce

Dig Deeper on Careers and certifications

Enterprise Desktop
Cloud Computing