So, sometimes I have a real problem with writing, specifically reports and blog posts. Somehow, I’ve allowed myself to be convinced to write at least one blog post a month for Secure Ideas (which is WAY less than the number of reports that I write in a month 😏). Sometimes, it’s hard to write a report or post because it’s difficult to find a way to get started, and the blank page is overwhelming. Other times it’s the mental fatigue of coming off an intense pentest. Or it’s just life inundating me with distractions. When this happens, I simply can’t get my brain wrapped around a topic.
Today is one of those days - I’m writing this blog post, and it’s proving to be difficult to write anything meaningful for the original topic of the post itself. However, this slow- (or no-) start issue can easily be broken with a few simple tips and tricks. Initially I was going to write about a different topic, but I’m hoping that maybe by sharing a few of these tips and tricks with others, it may also help to remind me of them as well.
Please note that I am not putting these tips in any particular order, because I feel like it’s probably up to each individual person what fits them best. Enjoy!
Tip #1 - Find something that calms you.
Anyone who has known me for any period of time knows that I am a people person. I love being around people, helping people, and networking with others. While working at home definitely has its advantages, there can be some disadvantages - particularly for people like yours truly that like to be around people. One of these disadvantages can be a sense of isolation and the related anxiety setting in, and it’s an absolute productivity assassin, because it causes challenges with maintaining focus.
So, you have to find something that calms that anxiety, something to help you focus.
For some, it’s getting up and taking a walk for a few minutes. Others take frequent breaks and watch a short video on YouTube (or a long one - the SGDQ 2017 Super Mario Series Warpless Race is pretty cool - it’s 3.5 hours long, and good for the background chatter), play a game on mobile, whatever. Make sure though that whatever you pick doesn’t become the rabbit hole you go down INSTEAD of writing.
I’ve been known to do all of these things, but the thing I find helps me the most is putting on a song that I really dig, and playing it on repeat. Something about the same song over and over and over relaxes me. I know what to expect next, and I don’t have to worry about if I’m gonna like the next song or not. I know it might sound silly, but try it out. As an example, I’m listening to Paul Davis’ “Cool Night” from the album Cool Night right now. Other times, it might be an entire album on repeat, like Slayer’s Reign In Blood or Al Green Gets Next To You. CLASSICS.
Tip #2 - Block out distractions (as much as possible).
Seems easy, except for the constant Slack messages, emails, phone calls, knocking at the door, dogs barking, cats meowing, mobile game notifications, text messages from your best friend, Slack messages, phone calls, emai - hey, what’s that shiny thing across the room? It’s a wolf spider? Why does it have a butcher knife!? SWEET MERCIFUL MCGILLICUDDY KILL IT WITH FIRE!
<clanging noises> <grunts> <ear piercing screaming> <silence>
Ahem. Sorry about that, I was distracted by that spider with a knife. Geeze. He’s good now, I talked him down and put him back out in the garage.
Anyway, blocking out distractions is so much easier said than actually done. That is, unless you make the decision to block out those distractions. It’s really more about discipline at that point, honestly. It might be hard at first, but it’s worth it in the long run. Here’s some ideas:
- Place your phone on Do Not Disturb (iOS has Focus Mode)
- Turn that ringer off
- Tell Slack/Teams/Discord “I’m going dark for a bit, I need to focus on writing/testing/etc. I’ll be back later.”
- Close your office door
- Close your email (even if you’re waiting impatiently for that big deal to close)
- Place a Do Not Disturb sign on your door
- Kick the dogs and cats outside (if you can, I live in the country)
Oh, and about that spider with the knife…fumigate and spray for critters? Or MAYBE just don’t leave butcher knives laying around where a spider can pick one up randomly. (Trust me, I learned my lesson on that one.)
Naturally, there’s going to be some parts of this that won’t work for you. That’s okay, but just make the effort to find what DOES work for you, and watch your productivity, particularly with writing, improve drastically.
Tip #3 - Create your ideal atmosphere.
This one honestly kinda goes inline with Tip #1. Your ideal atmosphere could be a place of relaxed and inspired solitude. Or a loud, super busy coffee shop, as long as you aren’t working on sensitive material like a pentest report. (Hey, there’s no judgment here. I can work in both, but it really depends on my mood, which is another large part of creating the perfect atmosphere). I personally prefer one of a couple different places at home - my office, or my back deck. My office is lined with all my favorite things, such as movie posters, collectibles, books, pictures, etc. What can I say? It’s home! Then, there are other times when if I sit in this office for another second, I might snap and start wanting to throw my laptop out into the street (mood, see?). When that happens, I head for the back porch with the laptop and listen to nature take over while I reboot my brain.
The point is, your ideal atmosphere is the one that you create. It’s the space that you feel comfortable enough in that you can let the creative juices flow.
Tip #4 - Outline. Outline. OUTLINE.
Now we’re going to get some of the more technical parts of this post - outlining your report. I’ve been fortunate enough to have many of the reports that I’ve written over the years have an outline already worked out for them. With that being said, it’s still important to put an outline IN your outline. Wait, that seems redundant. Doesn’t it?
Well, not really. As an example, our reports have an Executive Summary, Narrative, Findings & Recommendations, Strategic Guidance, and Appendices. Now, one would THINK that it would be pretty easy to fill all that in, especially if one has all the information for each piece (we take notes with screenshots for all findings, and often just the journey getting to the findings). One would think it would be plug-and-play. Easy right?
Nope.
The issue with technical writing is that it requires a certain finesse to get a point across without sounding like an idiot and/or making the reader feel condescended toward. Either of those are problematic, and can lose clients real quick. (PROTIP: So can exploiting a cross-site scripting vulnerability, and then forgetting to write it down and screenshot it for evidence. Don’t ask me how I know this. Ahem.)
The way to get past this is to be intentional with your writing (including notes for a project). Intentionally take screenshots of whatever technical evidence you need to document. Keep logs of all sessions. Learn to cross-correlate between all of the written documentation.
Build your outline out of this documentation. Being intentional about what you document will help you identify the most important information from the documentation. As an example here at Secure Ideas, outlining my narrative first helps me figure out what vulnerabilities are most critical and in what order. This helps me outline the Findings section, which can then help me line out the Executive Summary. I’ve now outlined everything all because I was intentional about the findings and my journey to them.
Having a proper outline will help you to write the actual report that is presenting facts in a clear and engaging way, without coming across as condescending. Most likely, the reason you are writing the report at all is because it is the most important part of the project.
And yes, I’ve been trying to write intentionally vague about the ‘project’, because even though I’m a penetration tester, I feel these skills can transfer EASILY between any technical profession (or maybe even other types of writers!).
Tip #5 - Get to writing.
To be honest, this might be the most important part of the list. Quite frankly, it’s at the bottom of the tips because if you follow it correctly, you may not have gotten to the other tips that I wrote. Heh. Ready?
Are you sure?
………….
Get to writing.
That’s it. Just start writing. Start writing anything. It may sound strange, but just starting putting words together on the page can eventually lead to something usable.
This blog post started exactly that way. I had been researching information on another topic for this post, but I just couldn’t get my head around it. I was in a dead spot; unable to find the words to start writing on that topic, as I had not fully wrapped my brain around it. (HINT: The next Quick Bites is gonna be about SSRF being its own number on the OWASP Top 10.) So, I started writing. I just started putting words on the page. Eventually, it became this very post that you, dear reader, are perusing right now. I literally started writing this post, because I needed to write myself into the next blog post.
One more thing - Kevin recommended this Effective Security Writing Training
course by a friend of his - Chris Sanders - https://chrissanders.org/training/writing/. I haven't taken it yet, but when Kevin recommends something, you can take it to the bank that it's worth your while. I'm actually going to enroll in the course after I finish this blog post.
Conclusion
I’m hoping that I might have been of some help to someone who might get stuck when starting writing anything, whether it be documentation, a report, or a novel. Sometimes, just walking your fingers across the keyboard for a bit can get you in the place you need to be to start writing quality content.
Sometimes getting the creative juices flowing can require walking on a hike, sitting on the back deck, playing a game for a few minutes, or watching videos. Also, there are other times, it’s good to kill all those distractions, getting rid of alerts for messages and phone calls, or fighting a spider that’s carrying a knife (which I don’t recommend).
Ugh. Speaking of, the spider’s back. I gotta go deal with this again.
Until next time, this is Aaron (and the spider) signing off!
<clanging noises> <grunts> <ear piercing screaming> <silence>
PS - I'm taking a break from fighting this spider (how it got my machete, I'll never know) to remind you to read the other Quick Bites that I've done so far. It's a series! So stay tuned, same Quick Bites time, same Quick Bites blog!
You can check them out here:
Quick Bites - Ep 1 - Finding Open Windows File Shares
Quick Bites - Ep 2 - HTTP Security Headers and Why You NEED Them
