Re: Writing papers on Information Security

["Bob Radvanovsky" <rsradvan () unixworks net>]

Actually, it's quite simple.  To write an effective whitepaper, you will
need the following prior to beginning your writing endeavor:

(1) Your favorite beverage (whether or not if it's alcoholic or not does
make some difference, esp. if you want people to actually understand you; I
prefer Red Bull mixed with vodka and a little cherry juice for flavor).

(2) Your favorite munchie (chips, pretzels, cookies -- it's all the same).

(3) Pick a day and time that you'll not be interrupted.  To write a really
good whitepaper, you will need a few hours of serious thinking time.

(4) Pick a topic that you feel compelled to write about.  Honeslty, it
doesn't matter what you wriet about, as you write complete sentences and
make a compelling statement or argument.  If you feel that you need to write
for a caus,e then do so -- but remember that you will have thousands of
people reviewing your article.  You are making yourself known to people
throughout the ENTIRE WORLD -- via a shared medium which we call "The
Internet".  The topic shouldn't be so controversial that you want to create
a rift in people choosing sides.  Rather, pick a topic that allows people to
*think* about something.  Tantalize them to want to come back to your web
site to read more about you.  This is the recipe for the makings of a great
writer.  ;))

(5) Some ideas for a compelling topic should be "safe" insofar that you
don't pick on, or negatively reflect a manufacturer, service provider, or
even your government.  You want people to read your material, and you want
"return customers" to come back again, and again, and again.

(6) As an "information security professional", you should avoid seriously
criticizing anyone.  Most certifications out there have a Code of Ethics.
By criticizing an organization, in most cases, you are in violation of your
Code of Ethics, and if found probably, can be refused or denied your
certification, or (if you've already passed and been granted your
certification) might even have your certification revoked.  Be careful in
how you choose your words.  If you don't care of the consequences, then
write away; otherwise, think before writing.  ;))

(7) Some sample topics for you to consider: SCO vs. IBM lawsuit, the future
of "open source", privacy issues, biometrics, intrusion systems, firewalls,
best practices (this is often times a VERY good topic to use -- gives some
"meat" that many people want), or even lessons learned practices (what NOT
to do in case of ...).

(8) Some sample topics to stay the Heck away from: blasting our government,
blasting Microsoft, blasting any organization for lousy security practices
or products, etc. -- you get the picture, right?

(9) Make a compelling case.  Provide as much *fact* as possible before
making your aargument.  This makes a good recipe for "Debate 101", and
again, you want "return customers".  ;))

(10) Write a whitepaper because you WANT to dit, not because to HAVE to, or
are after money, power or control.  Those are the WRONG reasons for writing
a whitepaper.

(11) And most importantly -- HAVE FUN DOING IT!!!  You should *write* a
whitepaper because you WANT to write a whitepaper.  This will help make you
known in certain circles and cliques out there.  You won't get famous over
it, but people will begin to know who YOU are.

If you remember these simple but useful tips, you will go far...  ;))

Good luck!

-rad

----- Original Message ----- 
From: "Vikas" <vikassinghyadav () gmail com>
To: <security-basics () securityfocus com>
Sent: Friday, November 18, 2005 12:28 PM
Subject: Writing papers on Information Security


> Can anyone guide me on how to write papers on topics of Inforamtion
Security
> and also
> If I want to research in this field how can I start off .
> I am just a system admin with some experience on security. I have done
some
> basic reading and would like to research on specific fields . How do i
> select these as I don't have any mentors or professors guiding me.
> Any help is welcome
> Thanks
>
> Vikas