Getting Started or Published in the Security Field

I get asked a lot how to get started in the computer security field and how to become an author. I figured I would try to cover both questions in one article. This will probably be a “living document” with things being added or changed as time goes on. If you any questions, please let me know.

Learn the Craft

As with the normal IT field, the security field changes almost every day, so it is good to constantly be a student. There are a lot of outlets to learn from:

  • Local security groups have regular meetings
  • SANS classes are a great place to build your career, they also have free webinars
  • Pentester’s Academy, Cybrary
  • Youtube – Irongeek’s channel is awesome!
  • There are tons of technical books & classes available from publishers like Packt, O’Reilly, etc.
  • Capture the Flag practice sites & competitions
  • Magazines, like Hakin9, Pentest Magazine, etc.
  • There are also numerous Security Certifications you can pursue
  • Technical Schools, Colleges
  • Google is your friend!

As mentioned earlier, most security professionals have a blog, or video channel, check them out. For example, City College of San Francisco Security Professor Sam Bowne offers a lot of his class material to the public.

Follow & Network

Find people in the field that do what you want to do and follow their social media accounts, check out their books, blogs, watch their training or conference videos. Get connected with local security groups – there are multiple groups available, ISSA & OWASP are just a couple.  The security groups are normally very open to new comers and those willing to learn.

Many (not all) security leaders are willing to help people new to the field if they ask good questions. But realize they are very busy and may not answer if you ask a question that you could have easily Googled.

Start a Blog

Write about what you like, what you are learning, what interests you. On my blog I simply wrote about the new things that I was learning as I explored cyber security. It wasn’t long before I had a very popular security news site contact me and ask me to write regular posts for them.

From there I was contacted by a top security magazine and asked to write articles for them. After I wrote for them for a while, I was asked to join their “beta test” team, a group of individuals that tech review articles and classes for the publisher. Around the same time, I was contacted by a book publisher and asked to be on their tech review team.

Even though I am pretty busy now with writing my own books and training material I am still on the tech review team for both publishers. It is a great opportunity to help out people new to the field and provides a great chance to meet & network with other like-minded security professionals.

Get Real-world Experience

I am all for people moving from other IT jobs into the security field. I think the previous experience dealing with hardware, software and people really helps. I started in the IT field ages ago and worked up through the ranks. I think I have held or performed about every IT job possible, lol.

Things have changed a lot in the security field since then. It is pretty well formed now, and with the proper education/ experience it is possible to get an entry level security job. When I started in security everything was new and pretty fluid.

I was one of our city’s first Microsoft MCSE’s. I learned everything I could about server security and support. Later, I dived into Ethical Hacking after the IT field started going through some changes in NY. Even though I was well versed in networking, servers, Linux, and corporate IT security, many of the techniques were very foreign to me, and eye opening.

I’ll never forget the day that I had an interview with one of the top server support companies in an adjacent city. It was when I was trying to explain what ARP attacks were to their top server guy, and the “what in the world are you talking about” look on his face, that I realized that there was a huge need for Ethical Hacking training.

I have performed security research and consulting now for years and really enjoy it. It is kind of funny, having military knowledge, being a weightlifter & martial artist, along with a security trainer has really opened up some very interesting client opportunities for me. I would really advise – be yourself!

Write for a Magazine

If you have been established in the field for some time, and want to try to take the jump from a blogger or trainer to published author, go for it! If you have never published before I would highly recommend approaching a magazine publisher first.

Magazines like Hakin9 are always looking for new authors, and it is a great way to “test the water” to see how your articles are received. It is also great for marketing as it will put your material in front of a lot of people worldwide.

When you submit an article for publishing it is reviewed by their tech review team, and you are given feedback as to whether the article is a fit for publishing. The article tech review process will also provide you with invaluable feedback on any technical issues or improvements needed with the article. If you are turned down, take to heart the review feedback, make changes and try again!

Write a Book!

Writing for a book publisher is similar, but a more involved process. Usually the publishers are looking for specific themed books to be written, so they want authors with that experience, and will want you to write along with their topic. Some book publishers have tight deadlines, so you should be prepared to invest a lot of time into working with the publisher. The publisher will normally have a specific format that they want you to use, and as you complete each chapter, it will be submitted to a tech review team for feedback.

Use great pictures! A picture is worth a thousand words – Screenshots are always helpful, use large high contrast fonts (bold white text on black works great), and make sure the picture clearly shows what you are trying to do and that the text is easy to read. For example, don’t use a screenshot of the entire desktop when just a snip of the terminal line will do.

For technical procedures, write down every step that you do to produce the desired results. When done, go back over the procedure just using what you have written down to make sure it includes all of the steps and more importantly, that it actually works!  😊

Use layman, non-technical terms as often as possible. The best teachers can break down very technical procedures into common language that is easily understood. Still interested in writing for a book publisher? Reach out to them! Packt & NoStarch Press have “write for us” type webpages, or you can try the “contact us” links on the other publisher’s websites.

Self-Publishing

What if you want to write a book, but don’t want to write on a topic provided to you by a publisher? Services like Amazon’s Kindle Direct Publishing allows you to be your own publisher.

Self-publishing is a great option, but I will warn you from experience, it is a huge time sink – be prepared to set a lot of life aside to get this done. Book publishers provide you with a pre-existing format, editing & art services, and marketing. If you self-publish you will be doing all of this yourself, or will be paying for someone to do some or all of the steps for you.

Get a good editor, better yet, get three! I have been blessed with the help of an exceptional main editor. You have to love someone with multiple Doctorate degrees. Everything I write is run by him, and his input has been invaluable over the years. It is good though to have multiple people review your chapters for both technical and grammar issues.

Just remember, no matter what, mistakes will always make it through to the final book, so have a plan to deal with corrections. An errata/updates website for the book is always a good idea.

Plan your book covers – you will need graphics and a good layout for your book covers. Hire a graphics designer or do this yourself if you have the appropriate skills. But the book covers are usually something that are overlooked in self-publishing, until the last minute. It is good to work on them early and get them squared away, you can always tweak them later.

As you write, you will have self-doubts, and want to give up, this is normal, and usually the strongest when you start, at the mid-point and in the final crunch period. Believe in yourself and persevere, you will thank yourself when you are finished!

3 thoughts on “Getting Started or Published in the Security Field”

  1. hi
    i read your article and it got me thinking on where i am and where i want to be.

    i’m a digital forensics student (msc), but since i didn’t study cs, i continuously notice that there are so many basics i’m missing. so i get discouraged a lot. comparing yourself to others is a slippery slope for sure, but i feel incredibly inadequate and not smart enough regardless, since i’m not the fastest and need more time to pick up new skills. I’m aware, that if i want to get good at it, i have to “power through”, because it can’t be all about motivation – if it were, nothing would actually get done.

    i can’t bring myself to sit down. i feel like a failure (i think imposter syndrome wouldn’t be too far off either)

    now, i know how this sounds, like i’m procrastinating and maybe choose a different career altogether. except. this is what i want to do, i feel like it’s anxiety holding me back.

    how do you do it? when self-doubt plagues you? how do you keep pushing? how much time do you usually have to invest to acquire new skills?
    how many hours did you invest on a daily basis to go from zero in the forensics field to basics and onwards to expert level?

    hope to hear back!
    jesse

    1. Hi Jesse, thank you very much for your very open and honest comment.

      I think you are in a great place, you are pursuing what you actually want to do. 😊

      I consider myself an eternal newb. I am constantly learning, or trying to learn, lol. There are times when there will be a topic that I want to know, I just don’t understand it. I pour a ridiculous amount of time, effort and energy into trying to figure it out, I just plain and simple don’t get it. So, eventually I set it aside and look at other things. I come back to that same topic later, and many times, it will just click! Not sure if I just needed time to absorb info I had already learned about it, or maybe I needed to learn other things first, I am really not sure.

      I received some very important life advice from a good friend, who was homeless at one point in his life, and now has dual Doctorate Degrees and is hyper successful – his advice – “Fail, fail fast and fail often”. I didn’t get it at first, but I am learning. What he meant is that if you are not failing you are not trying new things and you are stagnant in your growth. You also learn important life lessons when you fail, if you learn from your mistakes. Don’t fear failure! Go after it, try your hardest, and if you fail, that’s awesome! It means that you are expanding and growing! Take your passion to learn that is inside you, get back up, and go after it again. The victory will be so much sweeter when you finally achieve your goal.

      I hope this helps! 😊
      Dan

      1. thanks for your reply.

        Are there specific learning methods you apply like the pomodoro technique? is there specific amount amount of time you invest regardless of motivation to understand new concepts, like say 1hr daily for at least 1 week?

Leave a Reply to Jesse Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.