Re: Writing papers on Information Security

["Bob Radvanovsky" <rsradvan () unixworks net>]

I saw a few suggestions about SANS.  Now...a word of advise to you about
SANS.  If you submit something to them, they will claim ownership to it
REGARDLESS IF THEY USE IT OR NOT.  SANS provides alot of useful ideas and
topics for you to choose from.  Think about what it is that interests YOU
first, then move outward.  For example, if you have a clique that you often
hang out with, talk to your friends and worker colleagues that you wish to
pursue further endeavors and have thought about writing a few whitepapers.
You might be surprised as to what your friends and work colleagues might say
in return.  ;))

Also, for subject matter, believe it or not, C-net and EWEEK are really good
areas to think about.  There's LOTS of things to discuss about IT, comuter
technology, security, social impacts, etc. Alot depends on what YOU think is
relevant.  Remember: YOU are the writer.  The whole idea is to inform,
educate and entertain (not necessarily in that order, as some of your papers
may be entirely satirical, while others are VERY serious).

If you want some examples, visit my web site:
http://www.unixworks.com

Take a look at "r&d", which is where the whitepapers are currently:
http://www.unixworks.com/uw-research.html

Take some time and read them a bit.  Give you an idea of what and how a
whitepaper should convey.

You don't want to make it TOO TECHNICAL -- otherwise, you'll bore your
audience.  Aim for a high-school level (11th or 12th grade), and give *some*
technical details, but not too technical.  Also, if its something
worthwhile, you might want to hold off from publishing it and patent it
instead (just an idea).  If it is something questionable, disclaim it.
State that it's for "educational purposes only to information and educate";
if possible "sanitize" your examples so places that you've used aren't
unnecessarily hammered on by hackers.  ;))

Going back to as far as topics are concerned, think about what interests you
the most.  If you are interested in firewalls, then write up something on
firewalls.  Don't make "fictional" stuff.  And if it is, state clearly that
it's hypthetical or fictional in nature.  People don't like too many
surprises.  If you have issues at work about a particular system or
application that an annoyance, WITHOUT GIVING TOO MANY DETAILS THAT WOULD
GET YOU FIRED, think about what you'd like to see to improve that
application or system.  Or if it's a method that's bass ackwards in nature,
consider coming up with a possible scenario (or 2, or 3) and then develop a
possible solution.  Whitepapers aren't a "thesis"; that is, they don't
*need* to be proven -- just compelling.  You don't have to have a proof, but
you DO need a conclusion or summary at the end of your paper.  ;))

There are a few other places that I forgot to mention:

http://www.infosecwriters.com is an AWESOME place for ideas.  Also, just
because someone has written something doesn't mean that YOU can't write
about it, or even take some of other people's ideas and expand on them even
further.  WARNING: GIVE CREDIT WHERE CREDIT IS DUE.  If you take material
from other people, footnote it, and if you find that you're taking on ALOT
of their material, get their permission.  A good writer is ALWAYS honest -- 
up front.  If you snag material from other authors, and footnote, you
(usually) don't have pay for having a copy.  it's when you start charging
money for the paper that will turn people off, and get the writers that
you've taken their material from, pissed at you.

So...

C-NET
SANS
EWEEK
INFOSECWRITERS.COM

Check those out.  There are more -- much more.  Be creative, be open, and
let yourself be opened to possibilities.  Remember: YOU are the writer.  You
can write whatever the Heck you WANT to write.  It's entirely up to you!
;))

-rad

----- Original Message ----- 
From: "Vikas" <vikassinghyadav () gmail com>
To: "Bob Radvanovsky" <rsradvan () unixworks net>
Sent: Tuesday, November 22, 2005 2:21 PM
Subject: Re: Writing papers on Information Security


> Hello Bob,
>
> Thanks for the peace of advice .
> It was insightful, humorous and gave me what I wanted to know in a
nutshell
> It's well taken and I will start on those guidelines.
> This is for basic/interediate level topics
> The second part of my question was on how can I pick up a area to research
> on
> When I say research I mean something new as in a Phd(Doctorate) or a
Masters
> thesis  without doing one. I am in a job where I can spare time :-)
> How can I get topics in my area of Interest where I can research on some
> unexplored field
> If I was in a University some Professor could have guided me
> Where do I get this guidance from now.
> Any suggestions
>
> Regards
> Vikas
> ----- Original Message ----- 
> From: "Bob Radvanovsky" <rsradvan () unixworks net>
> To: <security-basics () securityfocus com>
> Cc: "Vikas" <vikassinghyadav () gmail com>
> Sent: Tuesday, November 22, 2005 9:17 PM
> Subject: Re: Writing papers on Information Security
>
>
> > Actually, it's quite simple.  To write an effective whitepaper, you will
> > need the following prior to beginning your writing endeavor:
> >
> > (1) Your favorite beverage (whether or not if it's alcoholic or not does
> > make some difference, esp. if you want people to actually understand
you;
> > I
> > prefer Red Bull mixed with vodka and a little cherry juice for flavor).
> >
> > (2) Your favorite munchie (chips, pretzels, cookies -- it's all the
same).
> > (3) Pick a day and time that you'll not be interrupted.  To write a
really
> > good whitepaper, you will need a few hours of serious thinking time.
> >
> > (4) Pick a topic that you feel compelled to write about.  Honeslty, it
> > doesn't matter what you wriet about, as you write complete sentences and
> > make a compelling statement or argument.  If you feel that you need to
> > write
> > for a caus,e then do so -- but remember that you will have thousands of
> > people reviewing your article.  You are making yourself known to people
> > throughout the ENTIRE WORLD -- via a shared medium which we call "The
> > Internet".  The topic shouldn't be so controversial that you want to
> > create
> > a rift in people choosing sides.  Rather, pick a topic that allows
people
> > to
> > *think* about something.  Tantalize them to want to come back to your
web
> > site to read more about you.  This is the recipe for the makings of a
> > great
> > writer.  ;))
> >
> > (5) Some ideas for a compelling topic should be "safe" insofar that you
> > don't pick on, or negatively reflect a manufacturer, service provider,
or
> > even your government.  You want people to read your material, and you
want
> > "return customers" to come back again, and again, and again.
> >
> > (6) As an "information security professional", you should avoid
seriously
> > criticizing anyone.  Most certifications out there have a Code of
Ethics.
> > By criticizing an organization, in most cases, you are in violation of
> > your
> > Code of Ethics, and if found probably, can be refused or denied your
> > certification, or (if you've already passed and been granted your
> > certification) might even have your certification revoked.  Be careful
in
> > how you choose your words.  If you don't care of the consequences, then
> > write away; otherwise, think before writing.  ;))
> >
> > (7) Some sample topics for you to consider: SCO vs. IBM lawsuit, the
> > future
> > of "open source", privacy issues, biometrics, intrusion systems,
> > firewalls,
> > best practices (this is often times a VERY good topic to use -- gives
some
> > "meat" that many people want), or even lessons learned practices (what
NOT
> > to do in case of ...).
> >
> > (8) Some sample topics to stay the Heck away from: blasting our
> > government,
> > blasting Microsoft, blasting any organization for lousy security
practices
> > or products, etc. -- you get the picture, right?
> >
> > (9) Make a compelling case.  Provide as much *fact* as possible before
> > making your aargument.  This makes a good recipe for "Debate 101", and
> > again, you want "return customers".  ;))
> >
> > (10) Write a whitepaper because you WANT to dit, not because to HAVE to,
> > or
> > are after money, power or control.  Those are the WRONG reasons for
> > writing
> > a whitepaper.
> >
> > (11) And most importantly -- HAVE FUN DOING IT!!!  You should *write* a
> > whitepaper because you WANT to write a whitepaper.  This will help make
> > you
> > known in certain circles and cliques out there.  You won't get famous
over
> > it, but people will begin to know who YOU are.
> >
> > If you remember these simple but useful tips, you will go far...  ;))
> >
> > Good luck!
> >
> > -rad
> >
> > ----- Original Message ----- 
> > From: "Vikas" <vikassinghyadav () gmail com>
> > To: <security-basics () securityfocus com>
> > Sent: Friday, November 18, 2005 12:28 PM
> > Subject: Writing papers on Information Security
> >
> >
> > > Can anyone guide me on how to write papers on topics of Inforamtion
> > Security
> > > and also
> > > If I want to research in this field how can I start off .
> > > I am just a system admin with some experience on security. I have done
> > some
> > > basic reading and would like to research on specific fields . How do i
> > > select these as I don't have any mentors or professors guiding me.
> > > Any help is welcome
> > > Thanks
> > >
> > > Vikas