From an outsider’s perspective, it is easy to imagine offensive cybersecurity like a hacker movie – lone wolf hackers in hoodies trying to beat attackers at their own game, long strings of code flashing across screens in dark rooms while somebody surreptitiously hacks a network, and sometimes all intertwined with an action-packed plot twist. And women are often absent as the protagonist of the scene.
In real life, the reality is that offensive security is a team sport that is underpinned by exceptionally talented technical writers and editors ensuring clear, continuous, and consistent communication with our customers. Pen testing and attack surface management are only impactful if we can help our customers understand where we find vulnerabilities and how to remove them from attack paths.
In honor of International Women’s Day in March, we invite you to get to know a few of the women on our technical editorial team that take charge of managing one of our most important assets – the Bishop Fox Cybersecurity Style Guide. Learn about the importance of writing, editing, and reporting in offensive security, why standardization is key, and the women that make up this indispensable team.
Featuring...
- Catherine Lu, Senior Technical Editor, Bishop Fox
- Andi Majot, Technical Editor, Bishop Fox
- Laura Martinez Rodriguez, Technical Editor, Bishop Fox
Writing, Editing, and Reporting in Offensive Security
In your opinion, why is technical writing and editing important in offensive security?
Catherine: Writing and editing enable us to convey complicated security concepts to our customers. It allows us to preserve and pass on organizational knowledge within Bishop Fox as well as within our customers’ organizations. When customer organizations experience changes over time, our reports provide ongoing insights on their security posture and act as a useful historical record, especially for long-time customers.
Laura: Our writing and editing capabilities offer reliability to our customers. We set strict standards to regulate how information is reported, and this helps make us a reliable offensive security partner.
Why are writing and editing necessary for Bishop Fox to be a successful organization and protect our customers?
Andi: Writing is important because you can be an expert in any given field, but if you can’t communicate clearly and consistently, it really undermines your position. This rings especially true in the cybersecurity industry as we build trust with customers through our writing. We ensure that our writing reflects our consultants’ levels of expertise that they’ve demonstrated in other ways during engagements.
Tell us a bit about reporting at Bishop Fox. What is the process like?
Catherine: It is complicated and thorough! It starts with the consultants’ write-ups of their findings. The report goes through rounds of grammar review by an editor and technical review by consulting peers. The editor then cleans up and prepares the final PDF document, including design. Behind that lengthy process, the editorial team also plays an integral role in developing and managing the report templates.
Standardization Builds Trust
What does standardization mean at Bishop Fox?
Catherine: When we discuss any given topic, we talk about it the same way every single time. Each time that we discuss a type of technology, we use the same terminology. We develop clear definitions of issues and use consistent categorization when reporting issues to our customers.
Cybersecurity is in a really exciting place where there are constantly new concepts, technologies, and accompanying terminology being invented, so part of our focus on standardization is to make sure the language we use is clear to our readers and consistent across documents. For instance, when we discuss newer concepts that might not have a universally accepted name yet, we disambiguate on first reference and then stick with one name in the rest of the document.
We originally released our Cybersecurity Style Guide in 2019 to help everyone in this industry sort through this wild west of terminology, and this is why we’re now releasing a new version with updated contents and a ton of new terms that have come into wide use in this industry in the last few years.
How do we ensure that our writing is standardized?
Andi: We have a lot of internal documentation and the Bishop Fox Cybersecurity Style Guide. Additionally, we have many internal conversations amongst the editorial team to come to a consensus on standardization issues. When needed, we reach out to outside resources like someone more technical for example. We make decisions as a group and then document in detail.
Catherine: We also have a detailed and repeatable process to achieve standardization in the Style Guide as we continue to compile the word list. First, we reference the AP Stylebook to see if there is already an entry. If there isn’t a clear answer, we check with the Merriam-Webster dictionary. If it is still unclear, we research how the technical term is commonly used in the community, giving priority to reputable third-party sources like notable media outlets and industry leaders. Then, we ask our colleagues who are subject matter experts to weigh in. Once we’ve weighed all these sources, we come to a decision on what spelling and formatting we should use, as well as what additional guidance or disambiguation might be necessary for the entry, and we add it to the Bishop Fox Cybersecurity Style Guide.
How does this benefit our customers and community?
Catherine: Our customers know what to expect from us in written reports, and having consistent language helps build trust. Having a detailed, thorough style guide helps streamline the editorial process because we can count on certain terms being used the same way each time.
Andi: When our team takes the time to hash out the nitty gritty details of editing, it means that we have a better way of explaining complex information to our customers.
Let’s talk more about the Cybersecurity Style Guide!
Catherine: Lots of new things in the Cybersecurity Style Guide Version 2.0! Since our last release, we have added nearly 400 new terms to our word list, expanded our descriptions, and added more robust cross-references between terms. By page count, the guide has expanded by more than 50%. We’ve also added some additional guidance on styling technical names and expanded our existing section on using tech font. If you’ve already been using Version 1.1 to keep your writing accurate, consistent, and clear, the newly released version will give you even more in-depth guidance on the latest tech terms.
The Minds Behind the Cybersecurity Style Guide
Why were you drawn to editing as a profession?
Catherine: Even back in high school, my favorite part of being assigned a paper was getting to proofread my friends’ essays. I’ve always been interested in how other people write and how I can help rearrange their words to make a sentence better.
Andi: I’ve always loved reading! I get to read all day, every day for a living now. I enjoy words and thinking about the meaning of words.
Laura: I grew up with lots of books because of my dad’s career in academia. I’ve always had a penchant for the power of words and language. I find editing more rewarding than generating content.
There are many types of writing and editing that you can do professionally. Why is technical editing important to you?
Catherine: I like taking already written words and transforming them into something that helps readers understand complex topics. Editing is like solving a puzzle sometimes because our writers can use such complex terminology and sentence structure, and being able to straighten out those tangled threads is so satisfying.
Andi: You can learn a lot about so many different industries by being a technical editor. I’ve been a technical editor in insurance as well as government accountability. I never pay out of pocket for health insurance costs, and I know exactly who to contact when my E-ZPass doesn’t work for toll roads. I’ve learned this from my on-the-job experience with technical editing. I hope that I’ve learned enough about cybersecurity by now to protect myself online.
Laura: I started by helping my husband with quality assurance (QA) on reports and proposals for his career field, and I really enjoyed it. I like processes, procedures, and documentation. I also like checking things, cross-referencing, and ensuring things are up to a specific standard. Technical editing embodies many of these qualities, so it is a great career fit for me.
What is the most rewarding thing about being a technical editor in offensive security?
Catherine: I love reading about our consultants’ exploits, especially when they can sometimes read like a literal heist, with all the fun twists and turns of a good story. The impact of offensive security activities is also very straightforward. It’s satisfying to know that I’ve contributed to helping our customers keep their environments secure.
Andi: There is never a boring day, and that is a very rewarding part of offensive security.
Laura: It is so rewarding to be part of this team. Our consultants are so creative in how they find vulnerabilities and develop exploit paths, and it is rewarding to be a part of this.
What is your advice for security or technology professionals?
Andi: Know your audience!
Laura: Embrace the importance of accountability and transparency by accurately documenting what happened in the engagement and testing activities. That is where editing and revising come into play. We help ensure the information is conveyed correctly from the consultant to the customer.
Catherine: Many people go really deep into technical content straight away and can get lost in the technical detail. I would suggest that you ask yourself, "How would I explain this to a small child?" and then work from there. This helps sharpen your skills to adapt to different audiences, who will require varying depths of detail, and to keep the big picture in mind.
Download the Cybersecurity Style Guide
We hope you’ve enjoyed getting to know the women behind the writing (and editing) at Bishop Fox. The power of their collective skillsets and knowledge is an invaluable asset to Bishop Fox and our customers.
Subscribe to Bishop Fox's Security Blog
Be first to learn about latest tools, advisories, and findings.
Thank You! You have been subscribed.
Recommended Posts
You might be interested in these related posts.
Dec 12, 2024
Our Favorite Pen Testing Tools: 2024 Edition
Oct 15, 2024
Off the Fox Den Bookshelf: Security and Tech Books We Love
Sep 17, 2024
Navigating DORA Compliance: A Comprehensive Approach to Threat-Led Penetration Testing
Aug 28, 2024
Offensive Security Under the EU Digital Operational Resilience Act (DORA)