Learn a byte at a time.
About a month into the year, I’ve completed my first planned personal training goals: Chris Sanders’ Applied Network Defense course called Effective Information Security Writing.
This course is absolutely worth the cost!
Write Now, Reference Later
I’m a firm believer in capturing information while you’re attaining it with the goal of ultimately having a polished reference page or standard operating procedure. My process involves creating a lot of short & sweet OneNote pages as things are happening that I can revisit to combine, order, and edit later.
Writing things down is not a popular pastime among my peers. Events come in high volumes and move fast. Capturing details seems like a luxury. I never regretted having a slick wiki page to reference when I was on-call or entering an incident analysis cold. I figured no one was into using my help pages as much as me until I was contacted via LinkedIn by a colleague from a former job to thank me for writing guides five years earlier for a tool he just inherited without much time to get up to speed.
What worked for me?
The Effective Information Security Course offered a mix of videos, exercises, templates, and online discussion. I’d recommend it to anyone who is asked to write documentation, even if it is not the exact types of reports this course covers. The course is extremely relevant if you’re already writing reports for pen tests, vulnerability compromise reports, or case notes.
Taking time to see something through another person’s point of view often reveals your own biases and blocks to help you become aware of how you can improve. I learned that the executive summary is typically the last section of a report you write – not the first as I had been doing. This makes total sense. Get out the long parts first and then condense it down into the highlights. Seems so obvious but since it was logistically first int he report, it never occurred to me to write it at the end. Simple and impactful.
I thrive on courses that are flexible, and that don’t require me to be sitting a a computer the entire duration. I could take a walk and listen to a few lectures – then settle in at my desk to try the exercises. I finished the course in roughly 10 hours over a month of nights and weekends. I started both EISW and Practical Packet Analysis at about the same time since I knew the latter would require much more attention (and time). I had no trouble switching back and forth between the two courses while keeping track of the path and the ideas in the lessons.
Find out for yourself!
Check out the course details and consider adding this one to your own personal plan.