Re: Writing papers on Information Security

From: Bob Radvanovsky (rsradvan_at_unixworks.net)
Date: 11/22/05

  • Next message: John Doe: "Re: Solaris/UNIX Network Performance & Security" 
    To: <security-basics@securityfocus.com>
Date: Tue, 22 Nov 2005 09:47:18 -0600

    Actually, it's quite simple. To write an effective whitepaper, you will
    need the following prior to beginning your writing endeavor:

    (1) Your favorite beverage (whether or not if it's alcoholic or not does
    make some difference, esp. if you want people to actually understand you; I
    prefer Red Bull mixed with vodka and a little cherry juice for flavor).

    (2) Your favorite munchie (chips, pretzels, cookies -- it's all the same).

    (3) Pick a day and time that you'll not be interrupted. To write a really
    good whitepaper, you will need a few hours of serious thinking time.

    (4) Pick a topic that you feel compelled to write about. Honeslty, it
    doesn't matter what you wriet about, as you write complete sentences and
    make a compelling statement or argument. If you feel that you need to write
    for a caus,e then do so -- but remember that you will have thousands of
    people reviewing your article. You are making yourself known to people
    throughout the ENTIRE WORLD -- via a shared medium which we call "The
    Internet". The topic shouldn't be so controversial that you want to create
    a rift in people choosing sides. Rather, pick a topic that allows people to
    *think* about something. Tantalize them to want to come back to your web
    site to read more about you. This is the recipe for the makings of a great
    writer. ;))

    (5) Some ideas for a compelling topic should be "safe" insofar that you
    don't pick on, or negatively reflect a manufacturer, service provider, or
    even your government. You want people to read your material, and you want
    "return customers" to come back again, and again, and again.

    (6) As an "information security professional", you should avoid seriously
    criticizing anyone. Most certifications out there have a Code of Ethics.
    By criticizing an organization, in most cases, you are in violation of your
    Code of Ethics, and if found probably, can be refused or denied your
    certification, or (if you've already passed and been granted your
    certification) might even have your certification revoked. Be careful in
    how you choose your words. If you don't care of the consequences, then
    write away; otherwise, think before writing. ;))

    (7) Some sample topics for you to consider: SCO vs. IBM lawsuit, the future
    of "open source", privacy issues, biometrics, intrusion systems, firewalls,
    best practices (this is often times a VERY good topic to use -- gives some
    "meat" that many people want), or even lessons learned practices (what NOT
    to do in case of ...).

    (8) Some sample topics to stay the Heck away from: blasting our government,
    blasting Microsoft, blasting any organization for lousy security practices
    or products, etc. -- you get the picture, right?

    (9) Make a compelling case. Provide as much *fact* as possible before
    making your aargument. This makes a good recipe for "Debate 101", and
    again, you want "return customers". ;))

    (10) Write a whitepaper because you WANT to dit, not because to HAVE to, or
    are after money, power or control. Those are the WRONG reasons for writing
    a whitepaper.

    (11) And most importantly -- HAVE FUN DOING IT!!! You should *write* a
    whitepaper because you WANT to write a whitepaper. This will help make you
    known in certain circles and cliques out there. You won't get famous over
    it, but people will begin to know who YOU are.

    If you remember these simple but useful tips, you will go far... ;))

    Good luck!

    -rad

    ----- Original Message -----
    From: "Vikas" <vikassinghyadav@gmail.com>
    To: <security-basics@securityfocus.com>
    Sent: Friday, November 18, 2005 12:28 PM
    Subject: Writing papers on Information Security

    > Can anyone guide me on how to write papers on topics of Inforamtion
    Security
    > and also
    > If I want to research in this field how can I start off .
    > I am just a system admin with some experience on security. I have done
    some
    > basic reading and would like to research on specific fields . How do i
    > select these as I don't have any mentors or professors guiding me.
    > Any help is welcome
    > Thanks
    >
    > Vikas
    >

  • Next message: John Doe: "Re: Solaris/UNIX Network Performance & Security"