Just Write It: An Infosec Author’s Perspective | Part 2

By |Published On: July 23rd, 2020|Tags: |

Hello again, everyone! This is a continuation of the Author’s Perspective series. In part one, I focused on the writing process itself, and I discussed things to be aware of before attempting to write a technical work, such as navigating intellectual property, allowing your work to evolve over time, and supplementing your book with multimedia options.

In today’s post, I’ll be focusing on the differences between traditional publishing and independent publishing as well as the financial side of book writing: Royalties.

Traditional vs. self-publishing

In June of 2017, I self-published the book Building Virtual Machine Labs: A Hands-On Guide. It was a long journey–about a year of writing and editing–with a number of detours along the way. I shared my experiences writing the book in part 1 of this series in the hopes that it’ll encourage others to write and share their knowledge and perspectives as well. After all, if I can write a book, I have no doubt that you can, too.

Are you feeling lucky?

Once you have a final draft, you have a difficult decision to make: Do you opt to self-publish or do you submit your work to a publishing company? This decision is not one to take lightly.

Let me share my story on what led to me self-publishing.

Ultimately, the decision to go with a traditional publisher vs. self-publishing may depend on whether or not you think your book is going to sell, assuming that book sales are your primary motivator.

Writing this book was something of a massive side project for me. Ultimately, I didn’t care whether or not my book sold any copies, I just wanted somewhere to dump all of my knowledge on virtual machines and lab environments into one place. My goal was to point IT and Information Security newbies to it and say, “Have fun! Lemme know if you have any questions.”

My primary motivator for self-publishing was creative freedom. By the time I had pulled the trigger and was ready to self-publish, I had been writing and re-writing the same book for over a year. To say I knew the message I wanted to convey and I wasn’t going to settle for having the work abridged, would be an understatement. I also wasn’t expecting my work to sell very well. When everything was done, I figured a few friends and colleagues might have bought it to support me (and maybe have me sign the inside cover), but really, I wasn’t expecting much.

While my royalties have trickled down considerably since I first published back in 2017, I’m still making more than I ever thought possible. A lot of it is due to luck and social media engagement.

I made the book free while I worked on it, I posted about it on multiple subreddits, and social media platforms, made edits available for free as I continued to work on it, and accepted feedback from anyone willing to provide it. I had the support of a lot of well-known cybersecurity professionals, and I’m pretty sure at some point, a number of social media contacts reported that my book had become curriculum for some college-level courses–which has done considerable things to stave off my imposter syndrome, let me tell you what.

On the other hand, if you’re not concerned about profit margins and just want the renown and prestige that comes from knowing your work was polished to a blinding sheen before being released in the best shape it could possibly be released in, then submit your work to a traditional publisher. You won’t make as much money in royalties, but if they accept your book proposal, they have a vested interest in your success and will provide resources to make that happen. Even if all you have for a book is a good idea, they can help you to shape that book, and make it the best it can be for a wide audience.

No matter what path you decide to take, give it your best and don’t be afraid to try. The Simpsons tell us that trying is the first step towards failure, but you also learn a lot more from those failures. I sincerely hope for your success.

Royalties for traditional publishing

Let’s be real. This is the part you wanted to know about.

In February of 2017, I had a rough draft that I was ready to move on to the next step. At the time, I was planning on attending Shmoocon where, it turns out, No Starch Press (NSP) was going to have a booth. If you’re not familiar with NSP, they’re a well-loved publisher in information security circles.

I had submitted my work to them and was hopeful to meet with them at the conference. Prior to doing so, however, I made sure to review their policy on earnings/royalties. If a publisher you plan on partnering with is any good, they’ll have all these details posted publicly.

As you can see, you’ll have a number of options to consider when it comes to royalties–cash advances in exchange for a lesser share of the royalties, digital distribution royalties, and revenue from selling the rights to translate your works. At most, with no cash advance whatsoever, you earn 15% of the royalties on physical books.

Let’s do a little comparison shopping. If you think 15% is low for traditional publishers, have a look at this blog post for the publisher O’Reilly Media. If you’re not familiar with O’Reilly, they’re pretty well-known for high quality reference textbooks. They’re known for including different animals on the covers of the books–their book on the SSH protocol has a snail on the cover, and their Perl programming language text features a camel. Some people will refer to their works just by the animal on the cover (e.g. The Perl book will simply be called “The camel book”).

Justin Garrison, an expert on cloud platforms and microservices, states that he co-authored a work that was published through O’Reilly in 2017, titled Cloud Native Infrastructure. He mentions that two authors for one book were getting 10% in physical book royalties and 22.5% of digital distribution royalties split between them. That amounted to $1.00 per physical book sale, $0.46 per digital copy sold, plus a little bit of money through the Safari ebooks platform.

Another well-known publisher for technology books is Wiley. One member of “ycombinator” claims that Wiley Publishing provided them with 12% of the physical book royalties and 25% of the royalties from digital distribution.

Let’s compare these numbers to the royalties I received through self-publishing.

By contrast: self-publishing options and royalties

The following sites offer self-publishing services that I’ve used. Here’s how their royalty programs break down:

Kindle Direct Publishing

Initially, I had chosen Amazon’s CreateSpace (now rolled into Kindle Direct Publishing, or KDP) to self-publish a physical copy of my book.

KDP grants you 60% of the book royalties, minus the printing cost for your book. KDP provides access to a calculation program that will tell you how much it costs to print your book. My book is 600 pages, printed in black ink. It costs a little over 8.00 to print a copy. That means I make 13 dollars per book sold. That doesn’t include digital distribution via Amazon Kindle. That’s 37 percent!

Digital distribution gets interesting because if you set the price of your book low–the current guidelines say your digital works have to be priced at 9.99 USD or below–you get 70% of the royalties (~7 dollars). However, I opted to make the digital edition the same price as the physical copy, so I make about 12-ish dollars per digital copy, or 35%.


Leanpub is a 100% digital distributor who offers an 80% share of the royalties. When combined with a “choose what you pay” slider where people can choose to pay as much for your title as they deem fit, this site allows for a lot of flexibility–and may net you sales that might not have been possible otherwise.

My work on Leanpub is currently listed at 20.00 USD with a slider that allows customers to set the minimum price to “free.” Assuming a customer pays the 20.00 USD for the title, that’s 16.00 in royalties that I make from that purchase. I get to charge less than I do for Kindle digital distribution, and I end up making more in royalties in the process!

How traditional publishing pays in different ways

Why is there such a huge difference in the amount of revenue one can make self-publishing vs. traditional publishing? Well, traditional publishers have wide distribution networks, technical writers, editors, cover artists, advertising/publicity, etc. This is in addition to the costs associated with printing the book itself. All of these things add up and eat into the profit margins for you and the book publisher.

If you choose to self-publish, then you’re responsible for cover art, which means hiring an artist or settling for a super basic cover for your work. You’re also responsible for editing the book. As you might imagine, editing is the most important part of publishing your work, so it’s important to get things right before submitting a final manuscript.

Just so you have an idea how expensive editing can be, BookBaby provides an editing service and lets you estimate how much it’ll cost to have your work checked by proofreaders and editors. For example, my work was estimated to cost 1800.00 USD just for proofreading. That’s pretty steep, so I opted to make due without editing services. There are probably grammatical errors all over the place, and I chose to live with it.

You may not get as big a cut of the pie if your work is picked up by a traditional publisher, but they provide you with tools, resources, and assistance to make your work the best it can be. After all, their financial success depends on the success of your work.

On taxes

If you’re a writer in the US–I can’t speak to other countries and how they handle royalties–make sure to save a sizable chunk of your royalties for when uncle Sam comes knocking during tax season: taxes are not withheld from your royalties. At the end of the year, you’ll get a 1099 tax form. 1099 forms essentially say ‘you made this much money’, and it’s left as an exercise to the user, the tax software you use, or the company you book your taxes with to figure out how much money you owe based on that income.

A good rule of thumb will be to save about 1/3rd of your royalties from every check to ensure you aren’t left with any nasty surprises at the end of the year. If it turns out you saved too much money, you can always hold on to the leftover money for a rainy day, or apply it towards a much-needed vacation.


In my opinion, information technology in general has a problem with documentation. I see writing books as a way to help bridge that gap and make various technologies more accessible to everyone.

We live in an age where technology has made self-publishing both easy and affordable, so even if you were to submit a work to a publisher, only to have it rejected, don’t get discouraged! Try self-publishing, instead. Your work and writing style might be the difference between someone “getting” a subject versus not understanding it at all. You could bring opportunities and understanding to so many people.

Thanks for taking the time to read my posts on this subject. If you’re on the fence about writing a work of your own, I hope these posts inspire you to take a chance. Good luck!

Share with your network!
Get monthly updates from Hurricane Labs
* indicates required

About Hurricane Labs

Hurricane Labs is a dynamic Managed Services Provider that unlocks the potential of Splunk and security for diverse enterprises across the United States. With a dedicated, Splunk-focused team and an emphasis on humanity and collaboration, we provide the skills, resources, and results to help make our customers’ lives easier.

For more information, visit www.hurricanelabs.com and follow us on Twitter @hurricanelabs.