SANS Penetration Testing

Cybersecurity Writing: Hack the Reader

My new writing course for cybersecurity professionals, SEC402, teaches how you can write better reports, emails, and other content you regularly create. It captures my experience of writing in the field for over two decades and incorporates insights from other community members. (This is Lenny Zeltser writing, by the way, the author of SEC402.)

It's a course I wish I could've attended when I needed to improve my own writing skills. And it's especially useful for penetration testers, because of the critical role that the final report plays as part of the security assessment project.

I titled the course Cybersecurity Writing: Hack the Reader. Why "hack"? Because strong writers know how to find an opening to their readers' hearts and minds. SEC402 explains how you can break down your readers' defenses, and capture their attention to deliver your message?even if they're too busy or indifferent to others' writing.

Here are several examples of such "hacking" techniques from course sections that focus on the structure and look of successful security writing:

  • Headings: Use them to sneak in the gist of your message, so your can persuade your readers even if they don't read the rest of your text.
  • Lists: Rely on them to capture your readers' attention when they skim your message for key ideas.
  • Figure Captions: Include them to influence the conclusion your readers reach even if they only glance at the graphic.

This is an unusual opportunity to improve your writing skills without sitting through tedious lectures or writing irrelevant essays. Instead, as you learn how to avoid common pitfalls, you'll make your writing remarkable.

For instance, this slide opens the discussion about expressing ideas clearly, concisely, and correctly:

How would you improve this excerpt from a status report

SEC402 is grounded in the idea that you can become a better writer by learning how to spot common problems in others' writing. This is why the many examples are filled with delightful errors that are as much fun to find as they are to correct.

One of the practical takeaways from the course is a set of checklists you can use to eliminate issues related to your structure, look, words, tone, and information.

For example:

Rating Sheet for the Right Look

SEC402 will help you stand out from other cybersecurity professionals with similar technical skills. It will help you get your executives, clients, and colleagues to notice your contribution, accept your advice, and appreciate your input.

You'll benefit whether you are:

  • A manager or an individual team member
  • A consultant or an internally-focused employee
  • A defender or an attacker
  • An earthling or an alien

Starting around September 2019 you'll be able to take the course almost exclusively through the SANS OnDemand platform. Register here to be notified when the course is available OnDemand.

Reach out to me if you have any questions about the course. I'm easy to find online.

Lenny Zeltser

Post a Comment


* Indicates a required field.