Tips on Cybersecurity Blog Writing

I love to write. For me it is a way to settle my thoughts, and also — for myself — to document the things I have been working on, and where…

Tips on Cybersecurity Blog Writing

I love to write. For me it is a way to settle my thoughts, and also — for myself — to document the things I have been working on, and where I can go back to them. I have been writing for years, and I used to mainly do it on LinkedIn. But, after LinkedIn kicked me off their network for quite a few days — and for me to appear as if I had disappeared from the Internet — for them thinking I was a bot for creating a couple of items that where too popular, I moved to Medium on 5 April 2018. Since then I’ve written 1,072 blog posts, and which is an average of nearly one blog post per day [first post]:

We all have a role in engaging others within our industry and also with those outside our disciplines and with the general public. In academia, we often define this as engagement and is the art of finding topics that interest others, and in trying to explain your art in an engaging way. Personally I used to use LinkedIn to write blog articles, but I was kicked-off twice for having too much interest in a post (the autobots in LinkedIn are quite sensitive in thinking you are a machine) and it is difficult to trace your articles [here]:

Along with this, your articles can dissappear (if you lose access and never be found again). So I switched to Medium in 2018, and write my articles there. For this, I can easily download them as an archive. While not perfect for managing blog posts, it’s an easy way to publish on line.

Few people have the true skill of engagement, and most of us are continually learning how to engage with different types of audiences. For some, it video blogs, others it’s an online blog, and for others, it’s social media. To me, there’s few like Bruce Schiener, Martin Gardner, Isaac Asimov and Bill Bryson. They have taken complex topics, and add new things, and then explain it to the general public. In Cybersecurity — generally — we still struggle in places, and in areas of Cloud Computing, we have barely engaged properly with the general public.

And so what actually engages people within technology?

Well, my posts are quite targeted on cybersecurity, cryptography and academia, but I thought I’d dive into my stats for my Medium blogging to see what really engages with people. Overall, my posts on Medium posts are at 1.67 million reads. I’ve listed the most reads in order, and then tried to classify them in terms of personal reflection, technical material, news items and so on [blog]:

1 As a PhD Examiner … My Top 25 Tips for PhD students.

Views: 356,000. Here. Fans: 424. Type: Personal reflections.

This article is basically just my thoughts on how I review my own PhD students and others. I think it is popular, as there is very little published how an external examiner of a PhD will typically review a thesis.

2. The Beginning of the End of WPA-2 — Cracking WPA-2 Just Got a Whole Lot Easier.

Views: 155,000. Here. Fans: 456. Type: Step-by-step.

It was published in August 2018, and, at the time, I just thought there was so little published on the weaknesses of the four-way handshake. I think this article works because it has practical bits that re-enforce the theory, along with a step-by-step guide.

3. Goodbye OpenSSL, and Hello To Google Tink.

Here: 33,000. Here. Fans: 304 Type: Technical coverage of new technology/news.

This story outlines how Google’s Tink library can replace OpenSSL. It has a long shelf life as a story, and it provides developers with a new item that they can read as an introduction. I tried to make it readable for software developers, but also relevant to cybersecurity professionals.

4. Cracking RSA — A Challenge Generator.

Reads: 32,000. Here. Fans: 86. Type: Technical coverage

Short, sharp and focused. It does what it says on the tin. I hope it teaches the reader in how RSA works, so rather than provide a long-winded explanation, I just go straight for the cracking of RSA. I thus show its weaknesses, while making it a bit more engaging, and useful for those creating CTFs (Capture The Flag) activities.

5. Doh! What My Encrypted Drive Can Be Unlocked By Anyone?

Views: 31,000. Here. Fans: 56. Type: Current news item.

This story related to the lack of hardware encryption on a range of disk drives, including with Samsung devices. It was a major story at the time and opened up a whole load of weaknesses at the core of security. The article is a good example of a new item that sparked interest. The key was probably to get in early with the story, and add something, and then for it to be picked up by others. Obviously, it only has a relatively short time that it is relevant (apart from documenting a piece of tech history).

6. The British Airways Hack: JavaScript Weakness Pin-pointed Through Time-lining.

Views: 30,000. Here. Fans: 161. Type: Current news.

This story has a short timeline of interest and outlined the BA hack. It shows an example of the timeline of a hack, but it is probably only useful as a way to remember key points in time for cybersecurity attacks. Sometimes I use it to remember major things when I am doing a presentation, and I can quickly recall the facts. So, it is probably more of a scratchpad than something that is useful in the longer term, and that people can build on.

7. Electronic Code Book (ECB) and Cipher Block Chaining (CBC).

Views: 27,000. Here. Fans: 30. Type: Technical.

Technical coverage of an area that is generally weak in the industry, and with a real-life example of the problems caused by ECB. Too many crypto articles just don’t outline a code example, so I tried to do this in this article.

8 The Fall of TrueCrypt and Rise of VeraCrypt

Views: 24,000. Here. Fans: 12. Type: Current news and history.

A long and strange tale that needs to be told. It involves crypto and open source, but there’s a mystery in there. So while I hooked it onto a news item around VeraCrypt, I tried to tell the story of why TrueCrypt existed, and what happened to it.

9. My Top 10 Things To Learn in 2019.

Views: 17,400. Here. Fans: 242. Type: Education

I’m a teacher, and I can’t help myself trying to get more people to continually study and learn. I tips included Python, Golang, Crypto, and Elliptic Curves, and I still would recommend these things, so not much has changed.

10. The Wonderful World of Elliptic Curve Cryptography.

Views: 16,500. Here. Fans: 92. Type: Technical.

When you finally learn something deeply and understand how something fits together, it’s important to try and explain it to others. Elliptic Curve Cryptography is a great passion of mine, and I’m keen for others to have the opportunity to learn all about it. While the article can be seen as highly specialised, there should be no barriers for accessing this for anyway who is interested.

And here’s some more:

11. If you’re struggling picking a Crypto suite … Fernet may be the answer

Views: 15,600. Type: Technical.

A highly technical article, but tries to build a bridge between cybersecurity and software development. A useful article in the long term for those starting in the industry too. I also pick up on some key cryptography elements, such as signing, in a practical way.

12. Can I derive the private key from the public key?

Views: 14,700. Here. Type: Technical coverage.

One of my most asked questiosns.

13. Cryptography With Google Tink.

Reads: 13,800. Here. Type: Technical coverage of new technology/news.

Another long-burner, and likely to be used as a starting point for those looking for a crypto library.

14. Wi-fi Signals Can Reveal Your Password.

Reads: 13,900. Here. Type: News/research paper.

Picking up on a research paper provides a great focus for new and interesting ideas. People often forget about the greatness of research, so these articles bring them to the fore.

15. Ephemeral Diffie-Hellman with RSA (DHE-RSA)

Reads: 13,500. Here. Type: Technical coverage

Conclusions

We should not build knowledge barriers around our topic, and at every turn, we should try and show other the wonderfulness of our art, and also where the core weaknesses are. So create your blog … and stimulate new ideas and debate.

Finally some of my top tips are:

  1. Have a good title, and have an aim for your blog. Make them interesting to others, and just focus on that. A focused article is much better than one that goes on and goes off-topic.
  2. Sum up at the end, if you can, and remind the reader what the point of the article actually was.
  3. Explain your art and a fun/interesting way, and show passion and belief.
  4. Dump that technical language and those horrible acronyms. I appreciate it is often difficult to do this, but try to explain new things as you go along, and don’t overload the reader with too many things at one time.
  5. “My Top 10 …” is good, but don’t overdo them. Try to focus on something you believe in, and see if others engage with your work. Some people will always criticise, so you need a thick skin sometimes, but stick with it, and you’ll learn each time what works.
  6. Hook onto a current article, but bring it round to your own viewpoint and the debate you wish to highlight.
  7. People do like to hear your inner thoughts, sometimes.
  8. Step-by-step guides are good, as they remind you how to do your steps, and show others how to follow something.
  9. Add a video for support. We are increasingly moving into a world of video, so give a little demo on YouTube. It might not work, but it will at least personalise it, and give you some experience in pitching to an audience which is not in front of you. Don’t be discouraged those view counts and those thumbs-down on YouTube, and use them as a benchmark for what works and what doesn’t.
  10. Show some code. There are lots of sites now that can integrate code into your page. Help the reader, and show an example of your code, and bring the topic alive.
  11. Read it out loud to yourself. Even better go it to someone else that does not know the topic, and let them read it. Ask them to be honest, and whether they understood it.
  12. Hooking onto new items is great, but there are lots of other people doing this at the same. Sometimes a great new research paper is a great foundation, as it will undercover new findings, that are possibly not covered elsewhere.
  13. Have a thick skin. Some people just love to criticise others, and there are lots of those people around. Be positive, and have belief in your messages. Someone will find them interesting, somewhere.
  14. Be a good editor. Grammarly is your friend, but knowing what to remove is an even better friend. The reader never sees what you have taken out, so stick to the aim of the article, and remove the things that just don’t fit fully with this.
  15. Time is short to engage online, and most people never read the full article, so get a great introduction, and get a conclusion at the end, and our point will be made.
  16. Get some diagrams … a picture tells a thousand words. I used to use Visio but now use Lucidcharts.
  17. You need to decide how best to disseminate it … who are the audience? Facebook users? Twitter? LinkedIn? And, then how do you frame the introduction to your article, in order to make it interesting?
  18. Write in a neutral way and not for the platform. What matters is your writing and not fancy formating.
  19. Don’t use sites with adverts!
  20. Enjoy writing, listen to others, and learn from them too!
  21. Write about what you love and are passionate about, rather than what you think people will like.
  22. Writing helps you to collect and organise your thoughts. The true art of writing is telling a story … it has a beginning (a point), the middle (the thing that is important), and an end (bring us back to the point that we started with).
  23. Get some photos, if relevant, but watch out for those copyrights. Unsplash is a good source of content for this.
  24. Try to get the minimum possible size of the article you can, and still get the point over in an engaging and interesting way. In research, we often have to take a 20-page research paper, and crunch it down to four pages for a conference — and for it to still cover the same material.
  25. Know when it is first person. The usage of “I” and “me” is often not good in more professional styles of writing, so avoid the first person, unless you want to be personal. The minute you make it person, you can become open to implying things.
  26. Find references and cite. They will guard against you over promising on things.
  27. Cite your diagrams. They are not yours, so give credit where credit is due.
  28. Have an anchor in the article. I haven’t mentioned industry surveys in the top reads for me, but using a recently published survey can make a good focus for an interesting blog post, especially where you bring new viewpoints.
  29. Support other great people and companies where you can, especially in innovation. A small innovation by a local company is often much more worthy than Google creating a quantum computer.
  30. Using your blogs to learn your topic deeply. If no-one reads it, at least you have advanced your knowledge.
  31. Focus on being great in one or two things, rather than doing lots of things in an ordinary way. People can spot when you are not really an expert, so watch you, or you’ll get caught expaining something that is not quite right.
  32. Be ready to rebut negative comments. Have faith in your writing. If there’s a constructive comment, say thanks, if not, give your viewpoint. But no when to stop debating, as there is often no point in debating something with someone who want change their viewpoint.
  33. Be careful. If you want to be contravertial, you need to watch that you are well covered, as anyone can pick up your writing on the Internet.
  34. Delete it, after its sell-by date. We improve as we go. If you have an old article, that’s not good, just delete it.
  35. Use it as a diary of your working life and thoughts. Your blog becomes a trace of “what I was thinking that week”. It’s a great way to make a scratch pad of ideas, that you can look back on.
  36. Keep refining. There’s nothing to stop you from taking a previous article, and put new things in it, and make it even better.