Just Write It: An Infosec Author’s Perspective

By |Published On: July 20th, 2020|Tags: |

Writing books is a long, intense labor of love. Publishing is a perilous journey. Good luck, good fortune.

This blog post is the first part of a two-part series in which I share my experiences writing an information technology textbook. In this post, I will cover a variety of areas writers need to be aware of before and during the writing process.


The next few sections will cover the process of picking a subject, navigating intellectual property concerns, and understanding how your body of work will potentially evolve over time.

Picking a subject and dealing with multiple false starts

Long before I wrote my book, Building Virtual Machines: A Hands-On Guide, I attempted a variety of other works–including one on building a SOC on a shoestring budget and another focused on guiding readers through a malware analysis lab setup. At each point, I either lost interest or thought the subject matter was so saturated that nobody would care about another book on the subject.

The neat thing about writing, though, is it doesn’t matter how much other content has been created, you can still choose to write about a topic from your perspective.

The importance of intellectual property rights

Preceding Hurricane Labs, I experienced a dispute on accreditation and ownership of works I had co-authored, which is the reason I’m a little sensitive about intellectual property. When it comes to IT and infosec work, copyright gets complicated quickly. The biggest piece of advice I can offer is to make sure that you own the rights to works you produce.

If you’re employed somewhere and are seriously contemplating writing your own book, get human resources involved. Ask about your employment contract to determine whether or not side projects you produce are their property or yours. Ask if the terms of your employment contract can be renegotiated, if necessary. About to accept a job offer? Ask about copyright and intellectual property, and have the contract adjusted to protect yourself prior to signing if at all possible.

Prior to joining Hurricane Labs in the spring of 2016, I requested information about ownership of works. Fortunately, I was entering a workplace that was happy to have me working on my own side projects, as well as allowing me to keep ownership of my works. The only request: my coworkers get a free copy of the work when completed, which I was more than happy to oblige.

Beware, writing is a (very) iterative process

Your work will go through many transformations before you arrive at close enough. No matter how you slice it, this process is going to take a while, but it’s important, nonetheless.

In my case, the initial intention wasn’t even to publish my writing. This book started off as a documentation request–I was asked to show how to create a test environment using virtual machines (VM)–and it eventually transformed into more. I didn’t have much of an outline until I decided what I had written wasn’t sufficient and that I wanted to provide more material to make it feel complete. Eventually, I came to a point where I believed the content was good enough, but even then I still needed to re-iterate through the material.

I was fortunate to have a contact who served as a technical writer and proofreading volunteer. Even if you don’t have others available to check your work, I highly recommend reading your work out loud, and following the steps for any instructions you lay out to help uncover areas that have errors.

Heather Terry edits our posts on the Hurricane Labs blog. It’s why my posts aren’t a train wreck of horrifyingly bad grammar. She’s very gainfully employed with my better-good english.

Giving and taking control

Sometimes, writing a body of work is about knowing how you want things to be conveyed and settling for nothing less. Other times, it’s about giving control to your peers and beta readers and incorporating their feedback into your work to make it the best it can be.

In these next couple of sections, I describe my experience over material control when I self published, and how I solicited feedback from my peers while writing.

The creative process

After I had finished a rough draft of my work, I submitted it to the publisher, No Starch Press. Ultimately after a bit of back and forth, I opted to self-publish. They wanted me to cut a massive amount of material, which I felt defeated the entire purpose of the book. At that point, I thanked them for their time, and opted to self-publish instead.

From my research, I found most publishers don’t expect you to approach them with a finished product, but rather an outline and an understanding that you work on the idea over a period of time. The publisher then provides a timeline of deliverables that you write–sometimes with a co-author–and, after submitting your work, editors determine how everything will fit together.

The first 50-odd pages of my book is an intro to virtualization, virtual networking, hardware resources and how they affect VM performance, as well as recommendations for further training and knowledge students may wish to have before tackling the tasks the book throws at readers. There’s a good chance most of that content would have been cut because it directs readers to works from the competition and/or recommends free training resources that the publisher may also consider to be competition.

Self-publishers don’t need to care about any of that. The work can be as long and as in-depth as you like, and references to competing products can be made without worry.

Note: If you’re going to reference others’ work within your own, make sure to get permission. Most IT professionals are pleased to see their work included in a publication–all you have to do is ask.

Take advantage of the nature of the Internet

I can’t overstate how important it is to have a peer group and/or social media channel to share your work with–network, go to conferences, and share your work on any platform that will let you–especially if you choose to do self-publishing.

Throughout the writing process, I occasionally shared updates of my work for free. After creating a PDF with Google Docs, sharing it on my personal web server, and using social media to spread the news, I got thousands of downloads logged on my web server. It’s no secret that the Internet loves free stuff.

It’s also important to let everyone know feedback and constructive criticism is welcome–we all know people love offering their feedback. Think of it as applying reverse psychology to the Internet with the end-goal of making your work the best it can be.

One word of caution: make sure you have thick skin when you do this. People are going to have positive things to say, but others may be a bit more critical. If someone says your instructions are invalid, ask them to specify where. Someone tells you the configuration specified is impossible? Ask them how so. Spelling and grammar errors? Show me. Disregard any feedback that isn’t constructive. Thank strangers for their contributions to your work, and maybe consider giving them a dedication so that their contributions are remembered. If you continue to write and acknowledge those who offered you feedback, they’re usually happy to do so again in the future.

Supplemental content

After I finished my book, I was invited by Chris Sanders to convert my book to a video based training on networkdefense.io. It took me a fair amount of time to get comfortable with video recording and editing software, record the content, and edit it to my satisfaction.

If you’re willing to put in the extra work however, some video-based training platforms will pay you pretty well to produce videos and tutorials.

The neat thing? You just wrote a massive book, so the playbook is right in front of you! Shop your content around and see if anyone is interested! Be aware that if you live in the US, most of the time, the taxes will NOT be taken out of the royalties you earn. Most live and/or video-based training companies will provide you with a 1099 form at the end of the year that, depending on other income factors will determine how much you owe Uncle Sam at the end of the year. A good rule of thumb is to save one-third of your royalties to make sure that taxes aren’t painful at the end of the year.


In the next part of this series, I will cover some of the big differences between publishing your work through traditional publisher vs. self-publishing, as well as considerations related to royalties. Stay tuned, and good luck if you’ve been inspired to write your own works!

Share with your network!
Get monthly updates from Hurricane Labs
* indicates required

About Hurricane Labs

Hurricane Labs is a dynamic Managed Services Provider that unlocks the potential of Splunk and security for diverse enterprises across the United States. With a dedicated, Splunk-focused team and an emphasis on humanity and collaboration, we provide the skills, resources, and results to help make our customers’ lives easier.

For more information, visit www.hurricanelabs.com and follow us on Twitter @hurricanelabs.