Writing: Getting Started
Only recently have I started to write and I do rather enjoy it, but let me be clear, I am not an author.
A few people have approached me though and have asked for tips on writing. They said they’ve always wanted to write about their research or a recent incident they’ve worked on, but were not confident in doing so. Writing can be quite daunting when you’ve never done it, so I thought I would share what helps me to write. To start, here’s a quote that has inspired me from day one, and happens to be from my favourite author:
“Write. Start writing today. Start writing right now. Don’t write it right, just write it — and then make it right later”
— Tara Moss
It’s really common to get stuck in thoughts of “does this sound okay? Am I just repeating what other article’s have discussed? Will people understand it? Will they find it uninteresting?”. Well, if we continue to think these things, we will never write or publish anything, and that won’t help anyone. It is so important to share your thoughts and research because this is often how junior consultants/analysts learn, how others find a solution to something they’ve been googling for hours, or even how we develop as professionals ourselves.
With that first piece of advice out of the way, let’s get to the main suggestions. This will be tailored to writing blogs and research articles, but it certainly has its place when you’re writing technical reports for clients too.
Writing Your Content
- The first thing I do when I have an idea for an article or blog post is to make a list. This shouldn’t be too intensive, it’s just to get the ideas out of your head and onto a piece of paper (…or text file). You might find that once you start doing this, other thoughts may naturally flow out and you start to build an informal structure around your article. Some questions to get you going during this ‘ideation’ phase could be:
What do you want the article to be about?
What prompted you to want to write about this topic? Is there a lack of content online around this subject?
Any other thoughts you have, maybe a title for your article, links to other research etc.
2. Now that you have some ideas written down, its time to create an outline of your article. For now, this can just be the headings of each section that you will expand on while writing. You could also start to include a summary of the content you’re planning to write for each section too:
- Introduction — introduce your topic, key concept definitions, the objectives of the article
- Problem Statement— this articulates what your article is trying to address. This could include: “I’ve identified a gap in the market/knowledge”, “there’s a new tool that can be used for analysis”, “there’s a new vulnerability to exploit”
- Solution — this is the core of your article. Present your main idea, and the new tool/technique/knowledge that set you on the path to write about it in the first place
- Conclusion — review any new concepts or techniques that you have discussed in your article, reference any other resources for further learning
3. With the outline sorted, you can now break down your writing into small, manageable chunks. Not only does this let you mentally focus on one section at a time, it might also give you other ideas as you’re writing. For me, I also find this technique helpful on certain days when I don’t have too much time to dedicate to writing the article. I can quickly jump in and start working on the section that I feel like tackling at that point in time, such as something simple like the introduction.
4. Whilst you’re writing and doing some research to help add to your article, do not worry if there is already content out there on the same topic. Each individual has their own thoughts, perspective, and experience, so we all have something to contribute. I know when I’m researching a topic, I like to read several articles about it before I feel like I have the information I need. When you’re writing, just be yourself, and your content will naturally be original.
Writing Guide and Style
- Often when we come up with ideas for an article, there are a million thoughts running through our minds of what we can write about. It’s probably not a good idea to write a thesis either, so it’s important to set clear boundaries for yourself:
- What can you incorporate into this article, and what other information should be set aside for a part two or new article altogether?
- Define your target audience. Who do you want reading this article? What do you think they’d want to take away from the article?
- Irrespective of what you are writing or who your audience is, you cannot always control who will be reading it or their experience/skill level. I always like to define a term the first time I’m using it in an article, or provide a link to other resources that explain a concept further. This way, I cover all bases if my reader is inexperienced, and for those who have been in the field for quite some time.
- Effective writing comes down to capturing and maintaining the attention of your audience. Remember basic sentence and paragraph structure. A sentence should be no longer than 25 words, otherwise you will lose your readers focus or your point could get lost. If your sentence is getting lengthy, break it up with a comma or re-word it. Similarly, your paragraphs should be 4–5 sentences in length, all related to single topic.
- We all have different methods of reading and retaining information. For some, we’re fine to read 2000 words in a single block, but for others, they need visuals, graphics, to truly comprehend what they’re reading. It’s useful to add these visuals into your blog post to cater to varying learning styles, and has the added benefit of breaking up your text too.
5. If you are writing an incident, audit, or pentest report, your language should be formal. Do not use contractions or colloquial terms, and tailor your writing to whether your audience will be management/executives, or consultants like you who will understand technical concepts. Here’s a great presentation by Lenny Zelster on the Top 10 Writing Mistakes in Cybersecurity.
Review and Feedback
Whilst it’s one thing to write an awesome article, it won’t have the same impact if you don’t dedicate the time to thoroughly review it.
- When you think you’ve finished your article or a section of a report, it’s wise to do two proofreads. The first is to ensure everything makes sense, is well structured, and is readable. Try not to rush this part and really take the time to make sure your content flows well. The second proofread is to check for any grammatical or spelling errors.
- If this is your first blog post, or you feel nervous writing about a certain topic, ask a colleague or friend to read it before publishing. There’s no shame in asking for feedback.
- Once this is all done, step away from the computer. The following day, after you’ve worked on something else or cleared your mind, read your article again. This is a good technique to use to be certain you’re happy with what you’ve written, haven’t forgotten or missed any key points , and you are ready to hit that publish button.
For those who prefer structured learning and education, I must recommend Chris Sanders’ course on Effective Information Security Writing: https://www.networkdefense.co/courses/writing/. Whether you’re a pentester or a DFIR consultant, this course will help you become a better technical writer.
If you’re looking to write technical blog posts or reports that are rich in data (IOC’s/exploit snippets), go and read published articles to see how they’ve written their content. This is great for inspiration but it also gives you an idea of how content should be structured, what the writing style should be like, and how to use graphics/code snippets appropriately.
- Mandiant: INDUSTROYER.V2: Old Malware Learns New Tricks
- Trend Micro: Technical Analysis of CVE-2021–1732
In saying this, practice makes perfect. Don’t expect to get it right the first time. As Tara says, just start writing, and you will improve on your own and based on the feedback you get from your peers.