Effective Information Security Writing
I used to hate writing.
I got into security because I wanted to catch bad guys and break into things – not because I like writing reports.
I eventually learned that writing is an important part of every security job, and I embraced it. Fifteen years later, I’ve written five books and more security reports than I can count. During this time, I learned that effective writing in security is rare, but when done correctly, it’s one of the best tools in your arsenal.
Effective writing can be a tool that helps you advance your career, set yourself apart from your peers, get more business, and justify resources you need to make your network secure. What I’ve learned, however, is that good writing isn’t about grammar or the things you learned in fourth grade English. Good writing is about understanding your audience, being persuasive, and using a repeatable system that helps you achieve your goals. Effective Information Security Writing is the only online course dedicated to helping you become better at achieving your goals by using writing as a tool in your arsenal.
Whether you struggle with writing and you’re looking for a way to get better at it, or if you’re just looking to take your writing to the next level, you’ll find it in this course. You’ll learn:
- My repeatable system for faster, more effective information security writing.
- Techniques to bridge the gap between technical and non-technical audiences.
- How to tell a story and make your reader empathize with your needs.
- The critical components of a penetration testing report and how to write one so that network owners will finally take your findings and recommendations to heart.
- How to write compromise reports that aren’t boring, and help stakeholders understand the scope of an attack that has occurred.
- How to write more effective short-form communication, including e-mails, case notes, and chat messages.
I’ll also provide templates I use for writing penetration testing reports, case notes, and compromise reports. You’re free to use these as they are, or combine them with your current template. These are templates with a purposeful structure I’ve refined over many years.
The Effective Information Security Writing course is delivered using video lectures that are online and on-demand so you can proceed through it at your convenience. Once registered, you’ll be given immediate access and will have that access for six months. The course also includes a discussion forum where you can ask questions and share tips and tricks with other students. The estimated time to complete the course is ~5 hours.
This course has no prerequisites. It is delivered in English.
* Subject to change as things are added
Module 1: Telling a Story
- My system for effective writing
- Elements of a story
- Theme and plot in security
- The process of writing
Module 2: Writing Penetration Testing Reports
- Preparing for writing while performing the assessment
- Assessment report structure
- Describing findings and recommendations
- Going to extra mile to deliver value with pen test reports
Module 3: Forensic Writing
- A formula for writing case notes
- Compromise assessment structure
- Malware analysis report structure
Module 4: Most Common Writing Mistakes
- Aimless writing and how to recognize it
- Zombie words
- Common language mistakes
- Active vs. Passive voice
- Highlighting technical deficiencies without talking down to people
- Recognizing and eliminating unnecessary words
- Supporting conclusions with evidence
You can view the detailed syllabus here.
Effective Information Security Writing includes:
- Over 5 hours of video lectures. These videos will break down my writing process and how to effectively tell a story with your reports and communication.
- Hands-on exercises to develop your skills. I’ll provide writing prompts to help practice the concepts I describe.
- Multiple report templates. I’ve created penetration testing reports and incident reports to get you started. You can modify them for your use.
- Participation in our student charitable profit sharing program.A few times a year we designate a portion of our proceeds for charitable causes. AND students get to take part in nominating charities that are important to them to receive these donations.
- 6 months access to course video lectures. You can extend access later if you need more time.
- A Certification of Completion
- 8 Continuing Education Credits (CPEs/CEUs)
“This is a succinct course on how to write breach and penetration testing reports in a way that readers will understand and enable you as an analyst. The instructor, Chris Sanders is an excellent instructor and a clear communicator.” – Ben, Senior Analyst
“Effective Information Security Writing is a great course on how to make your technical reports come alive, flow better, and tell a story. This course significantly helped me put structure around good writing practices. I serve as the content/form layer of review, so these things are important for me to learn and apply.” – Bill, IT Manager
“The course helps an analyst structure the information they collect into reports valuable to management and lines of business. This course helped me understand a good order to write the different sections of the reports in – rather than always starting with the summary.” – Brianne, Analyst
“Effective Information Security Writing is a great course to learn how to write better and is a fantastic resource for blue teamers, red teamers, and security managers. We can make a big difference with better writing; the reports are the deliverables for our customers, better reports, more satisfied customers.” – Daniel Rodriguez, CISO
“This course approaches writing from a fresh perspective and removes some of the uncertainty of IS writing. This course will allow me to honestly evaluate my writing style and find areas of improvement.” – Matt
“It is very comprehensive, teaches good practices to ensure consistency. The structure of how I now write reports is more enjoyable/easier. It has helped me structure my reports better and I have learned to not always start writing from the executive summary” – Analyst
“It’s a course that provides a solid foundation and framework for writing analyst reports. It teaches valuable lessons that I’ve learned the hard way over years, in just a few hours.” – Robert Musser
“It was structured very well and I could tell from the start that Chris had done a lot of research on the topic. I loved the corresponding examples in each video: those examples really helped me to understand how to and how not-to write if one wants to write efficiently, succinctly and in a way that captures the audience.” – Albert Zsigovits
“Purchase this course if you or your team members are seeking to improve writing technique and report writing skills for cybersecurity.” – Eric Szatmary
“Take it, watch the videos, and do the exercises! It provided significantly more value than I expected for the price paid.” – Ben S. Knowles