Writing Skills
Writing is a vital skill in cybersecurity. Even those in highly technical roles will be required to write clear concise technical documentation, procedures, and playbooks. Those involved in the assessment of risk, threats, and vulnerabilities will benefit from strong report writing skills. Managers and Consultants have the greatest need to develop effective communication and persuasive writing abilities.
The resources listed on this page will help you develop your writing skills, no matter what your role and need. Please share with us anything that you found helpful. The most useful, clear, and authoritative resources will be added to this list.
Top 3
- Ten Steps to Help you Write Better Essays & Term Papers
- This book by Neil Sawer is concise and practical. It doesn’t make you learn theory, it tells you what actions to take, right now, to start writing. Then it tells you want you can do to edit your writing and improve it. While this book is focused on students, the advice applies generally to anyone suffering from writers block, or who finds themselves challenged to write more clearly or briefly.
- How to write Proposals, Sales Letters & Reports
- Also from Neil Sawer, this book uses some of the same writing advice from “Write Better Essays” and applies it to the business world. There is more emphasis on persuasive writing and on communicating with visuals, charts, etc.
Writing for Penetration Testers and Vulnerability Assessment
If you have additional or better examples, templates, or writing guides for pentration testers, please let us know!
Penetration Testers rarely start as excellent writers. Your observations and discoveries need to be communicated and understood if they are to be valued. If you have felt frustrated trying to find good resources on writing pentest reports, you are not alone. Standards for writing pentest reports are emerging and so is advince on good writing. If writing is new to you, remember it just takes practice, just like pentesting does.
Start with learning how to write a narrative report: the most common and easiest type of pentest report.
- Penetration Test Report
- Offensive Security has provided this template for use by their OSCP penetration testing students for years. It is intended to capture what activities you carried our in your pentest and the order you did them. While it does include recommendations the main focus is on capturing evidence.
Your clients will probably want more than a narrative report. Most want documented observations, risk assessment, and actionable recommendations. When you get good at writing your narrative reports, and consistently include verifiable proof of testing as well as verifiable findings, it will be time to practice writing more complete reports.
- Writing Penetration Testing Reports
- This is a paper from the SANS Institute’s Reading Room, submitted by a GIAC candidates paper for “GOLD” certification. It presents a fuller view of what a penetration testing report should look like. You will notice that it does not bear much resemblance to the Offensive Security “narrative” template. A narrative report would be an appendix to this type of report. This is what a client is looking for from a vulnerability report: background, risk assessment, and actionable recommendations.
Project Propoals and Statements of Work
If you work as a consultant you will need to write Statements of Work (SOWs) frequently. These are brief summaries that contain a Work Breakdown Structure (WBS) and estimated effort. They do not fully describe a Scope of Work, but are enough to authorize work when a client has trust and clear understanding.
Consultants and employees with initiative will have to write Project Proposals or Plans. These are larger detailed documents that explain the background and need for a project, the detailed scope, a Work Breakdown Structure, estimated effort, requirements for the project, roles of the parties involved, estimates of cost, and more.
- How to write Proposals, Sales Letters & Reports
- This book uses some of the same writing advice from “Write Better Essays” and applies it to the business world. There is more emphasis on persuasive writing and on communicating with visuals, charts, etc.