Writings

Write Well, Write Quick, Write Now

This goal of this page is to provide links to my writings, of which there have been many. My first professional publication appeared in 1987, a 600-page text on how to use a piece of database software called Reflex. That book, which I wrote and illustrated in 10 weeks, was the first of many practical guides to software and hardware that I produced in the late eighties and early nineties for various divisions of McGraw-Hill. The image on the right shows off some of my output during that time.

Along the way I came up with a technical writer's creed that my editors appreciated: Write Well, Write Quick, Write Now. Some of these books also sold well and quick. Sales of one particular title, Using Quattro Pro, hit 80,000 in the first few months of its publication, briefly achieving "bestseller" status in the "computer book" charts.

A more recent example of my writing would be: "Advancing Accurate and Objective Cybercrime Metrics," an article published in the Journal of National Security Law & Policy, in February of 2020, available to read and download here.

Some of my writings have been collected by sites like ResearchGate and Academia. I will be adding some annotated links to specific works in the near future.

Here is a sample of my writing from Getting to know CISOs: Challenging assumptions about closing the cybersecurity skills gap, a masters degree dissertation I wrote in 2016 (you can access the full document here).

While it can be argued that the problem of crime can never be solved, it can also be asserted that the better we understand crime, the better we are able to manage it and its effects, whether through prevention, deterrence, avoidance, or insurance. Without enough capable guardians of cyberspace, efforts to manage cybercrime are likely to fail. And the consequences of failure could be dire, with the likeliest scenario being one of the following: either the world limps along with successive generations of flawed technologies that are routinely abused by opportunistic cybercriminals; or the world’s economy becomes mired in endless recession because its citizens have collectively turned their back on the productivity promised by digital technologies, the benefits of which were finally eroded to the tipping point by rampant criminal abuse.

That the task of preventing predatory crime from undermining the internet-based opportunity structure is itself being undermined by a shortage of appropriately skilled people seems indisputable. Even as signs of hope appear, like elevated levels of attention paid to the problem, there are worrying indications that efforts to address it may be flawed. As the present research suggests, there appears to be a lack of due diligence on the part of those who are diverting substantial resources into luring people into the cybersecurity profession. That is, investments in cybersecurity workforce are being made with insufficient knowledge of what it takes to succeed in this new and still evolving line of work, or what kind of people will find the work rewarding enough to continue doing it long enough to be make the investment worthwhile (either to themselves personally, or to the institutions making an investment in them). The need for more research is urgent. Acquiring the knowledge needed to efficiently and effectively close the cybersecurity skills gap will not be easy, but the stakes are high and the effort must be made. Hopefully, this work has made a useful contribution to that effort.

When I feel like reminding people that it was already plain to me, back in the 1990s, that human behavior was the key to computer security, I point to these paragraphs at end of my PC and LAN Security book, published by McGraw-Hill in 1992.

The goal of personal computer security is to protect and foster the increased creativity and productivity made possible by a technology that has so far flourished with a minimum of controls. But this technology finds itself increasingly threatened by the very openness that led to its early success. To achieve this goal we must step from an age of trusting innocence into a new era of realism and responsibility, without lurching into paranoia and repression.

The most cost-effective long-term approach to personal computer security is the promotion of mature and responsible attitudes among users. Lasting security will not be achieved by technology, nor by constraints on those who use it. True security can only be achieved through the willing compliance of users with universally accepted principles of behavior. Such compliance will increase as society as a whole becomes increasingly computer literate, and users understand the personal value of the technology they use.