Crazy idea - honest opinions please

jonwinterburn

Hi all,

As the proud holder of CISSP (recently endorsed) and SSCP, and over 15 years of IT and InfoSec experience, I'm at the point in life where I don't know what to do. Do I progress from InfoSec analyst into security management? Or perhaps continue down the technical route? Maybe GRC is the right path? I really have no idea which path to follow. I'm approaching 40, so perhaps this is the start of my mid-life crisis.

A lifelong dream for me is to write a book. I'm under no illusions; I'm not JK Rowling. Having said that, years of experience of writing technical guides and **** sheets for users has made it clear to me that I can write for people when I put my mind to it.

With the sad passing of Shon Harris, I see an opening in the market for a fresh view on the CISSP Study Guide. Sure, there's a few others out there, but none of them covered everything you need to know the way Shon's books did.

What do you think? Does the community need a new CISSP study guide? Or is there another InfoSec exam/speciality that you feel lacks representation in the market? Has anyone else here seriously considered doing something similar?

Thanks!

Jon

Itrimble

I'm always encouraged when I see a new opportunity. If you have found one, I say take it. You'll be kicking yourself if you never tried.

E Double U

jonwinterburn wrote: »

I'm approaching 40, so perhaps this is the start of my mid-life crisis.

This is very likely, but you should always give your crazy ideas a try

P.S. People usually regret taking my advice

tiagotavares

Yeah, this is a crazy idea. But genius buddies were considered crazy or idiots before they have success.

tiagotavares

Why dont you start to write a blog just for test?

kalkan999

I am writing a book. I can even get you in touch with a solid publisher.

E Double U

kalkan999 wrote: »

I am writing a book.

Get Your CISSP At All Costs - Don't Listen To Beads

jonwinterburn

kalkan999 wrote: »

I am writing a book. I can even get you in touch with a solid publisher.

Interesting. Are you writing a CISSP book? Or a different subject?

beads

Please report to the short bus for transport to your new living facility.

E Double U wrote: »

Get Your CISSP At All Costs - Don't Listen To Beads

"As the proud holder of CISSP (recently endorsed) and SSCP, and over 15 years of IT and InfoSec experience, I'm at the point in life where I don't know what to do. Do I progress from InfoSec analyst into security management? Or perhaps continue down the technical route? Maybe GRC is the right path? I really have no idea which path to follow. I'm approaching 40, so perhaps this is the start of my mid-life crisis."

The gentleman has stated he's been endorsed. How dense are you? Wait! I get it.

We may disagree on opinions or even beliefs, that's fine but lets try to keep the protracted insults to a minimum - shall we? I think we can agree to disagree on another thread and keep it there.

(*Off to the store to stock up on CISSP llort biscuits*)

See you under the bridge.

@jonwinterburn;

Not a crazy idea. Start with a blog and write a peer reviewed white paper. SANS reading room has plenty of material to peruse as well. If you have something really interesting I'd suggest a presentation at a conference. You want to see how your message is received? Presenting at a conference will tell you how much stomach you really have for rejection or adulation, cause your peers are going to tell you to your face.

Congratulations on the SSCP an CISSP, by the way.

kalkan999

Information Security book. Choosing a subject that is technical, but I am also going down the road as a 'story teller.' I figured since I am a pretty positive and motivational person who actively volunteered his time with the CyberPatriot program (Google it), and formerly taught and inspired a lot of very disheartened and permanently injured 'Wounded Warriors' through the project of the same name (not actively doing it this year as I haven't the grant money from WWP), why not write a book that people who are aspiring Information Security technicians, analysts, consultants and managers, etc., might actually enjoy reading, while also learning a lot at the same time.
While I won't give the subject away, it does have a lot to do with where CISSP, CISM, CISA, and the plethora of SANS courses fit in as History lessons, how they fit presently, and how they can help one further down the road via continuing education paths as well as my 'take' on InfoSec and the future.

Kalkan

f0rgiv3n

Do it. Take the chance you have and go all in on writing that book. Enjoy the process, soak in every experience as you go through all the steps. Make sure you force yourself to enjoy it otherwise you won't finish it nor will you want to do it again . I absolutely agree that there is a need for more options for CISSP materials. The staple book that Shon had written was a very good book but difficult to go through as we all know due to the level
of detail in there.

There are lots of publishing options, you can either go the traditional route with contacting a real publisher or even just self-publish through a number of services.

I'll buy it!!

E Double U

beads wrote: »

Please report to the short bus for transport to your new living facility.

The gentleman has stated he's been endorsed. How dense are you? Wait! I get it.

Tranquilo, I was cracking a joke on kalkan which is why I quoted him lol. Don't take yourself too seriously

beads

E Double U;

I should get you in touch with my Inbox on this board. Seems your the only one with a sense of humor.

jonwinterburn

Thank you all for your comments and suggestions. This forum is amazing, I've never known another like it. I'm proud to be a part of this community, which is quick to respond and provide advice, but slow to criticise. Thanks!

GForce75

Good stuff Jon! It's amazing where life will take you. Best of luck in whatever path you take!

dustervoice

Go for it!!!

jonwinterburn

I had a thought a couple days ago: why don't I start by writing an eBook guide to scoring your first InfoSec job, based upon my own experience? How to write your CV/resume, prepare for interviews, what certs are best for which roles, things you absolutely must know and so on. If that's well received, then I can expand upon it and write the CISSP study guide.

So I made a start on building the framework for the book. Today I had a look on Amazon to see if there's anything similar out there - there wasn't last time I looked (about a year ago). Alas, 3 days ago I was beaten to it! There's a dummies guide just out: http://www.amazon.co.uk/Getting-Information-Security-Job-Dummies/dp/1119002818/

Damn! Should I bother trying to compete with such a big brand? The only difference between my idea and this Dummies guide, is that I was planning on making the book free on Kindle and all open ePub formats. I figure it's a chance to give back to the community, gives me a ton of CPEs and also gets my name out there.

What do you think? Worth pursuing?

Thanks!

Jon

philz1982

How about this? What if you did a blog book. Meaning you posted each chapter to your blog and you built up a following then you consolidate the book and keep it up to date with versioning.

Your blog readers are involved with you writing it and its a proven fact that people like what they help create.

jonwinterburn

philz1982 wrote: »

How about this? What if you did a blog book. Meaning you posted each chapter to your blog and you built up a following then you consolidate the book and keep it up to date with versioning.

Your blog readers are involved with you writing it and its a proven fact that people like what they help create.

I did consider doing a blog. But everyone is blogging these days and driving readers to your blog is no mean feat.

Edit: I misunderstood your suggestion. A blog book, rather than a blog sounds like a good idea. Thanks!

aftereffector

Go for it! If you need a copyeditor or proofreader, let me know.

f0rgiv3n

Ignore the dummies book. No offense to the branding or those who right it but I would never use a dummies book for studying for a cert. I always see their books as a "beginners" guide, an introduction so to speak. Keep going at it, ignore that book!

TheFORCE

When I read the AIO Shon Harris book, in the introduction or preface or somewhere around there, she said that back when she took her CISSP even though she passed she felt like she was not worth it because of all the information that was missing. From her point of view she felt that she needed a borader knowledge. That's why she wrote the AIO books, to include ALL information related to security. My opinion, having read the book cover to cover I can tell you she was probably right, her book can be used for other certs too as a supplemental material not just for CISSP. So with that said, yes, there is a void, go for it, write and revise and do your best. You never know, you might be the next Shon Harris.

jonwinterburn

Thanks again for all your supportive comments! I've made a start on it and will let you know when the first chapter is on my blog. It'll be a long hard slog, but I think it'll be worth it.