This blog post is in response to a number of people who have approached me looking for advice on how to write and get a book on information security published.  Having got my own book published, ISO 27001 In a Windows Environment and co-authored The Cloud Security Rules I was only too happy to share my experiences with them.  It also led me to create this blog post in the hope that it may be of some help to others thinking the same thing.

So You want to write a book?  Its great that you want to share your knowledge with others.  I am a firm believer that sharing information and knowledge is one of the key weapons we as information security professionals have in our armoury to fight the criminals who are targeting and attacking our systems.   It can be also be a great way to promote your expertise and experience.

However, before going down this route you need to ask yourself one question.  Why do you want to write a book?  If it is purely for the money then you shouldn’t bother.  The royalties you get from a book, unless it takes off like a Bruce Schneier book, will be very low and the money you get won’t fully compensate you for the time spent writing your book.  Typically, as an unknown author going though a publisher you will get around 10% of the price of the book as a royalty.  To be frank if you work out the time and effort taken to write a book on an hourly basis you will most likely earn more money working in a fast food restaurant. 

However, writing a book has other non-fiscal advantages such as you will be a published author, not a bad thing to have on your profile or CV.  This can help when looking for jobs, consulting gigs, writing gigs with publications or speaking at conferences.

There are two main ways you can get your book published;

Self-publish, is where you write the book and publish it yourself.  This method keeps the costs down and you get all the profits.  The downside is that you will also have to market and promote the book.  you will have to, or pay someone else to, design, layout and do all the graphics etc. for the book which takes time and is a skill in itself.  You will also have to get someone to edit the book for you. This may involve more that one editor.  For example, you may need an editor to edit and critique your writing style.  You may also need a technical editor to ensure any technical content you include is accurate.  Your editors need to also ensure that any material you include in your book is your own original material and not plagiarised from any other publications.  They should also ensure that you properly credit any sources of material you include in your book.  Note, as the writer it is your responsibility to ensure the content is original, your editors are there to act as a checkpoint to ensure that is the case and highlight any mistakes or oversights you may have made. You may be lucky and have friends with the skills and time who can do this for you at no cost or alternatively you will have to hire someone to assist you.  You need to also consider how you will get your self-published book distributed, it may not be possible to get your book sold  through traditional channels such as book stores, Amazon etc.  You also need to consider how you can market your book and set aside a marketing budget.
The other route is to go through a publisher.  Publishers have the necessary resources to publish your book and have all the editors etc. required to ensure the quality of the book is at an acceptable level.  But this comes as a cost as you will  get a smaller slice of the pie.  Also, by going with a known publisher the book will hopefully reach a wider audience and will have better promotion.  This in turn raises your profile, which is one of the main reasons people write books. However, working with a publisher is a more structured and formalised process.  The publisher will require you to commit to writing the content by certain dates.  This can put a lot of stress on you, your family and friends, as the various deadlines come rushing towards you. You also need to factor in that even after those deadlines you may still have to do extra work if there are any edits or changes required.

To get a publisher you should check which publishers specialise in the area that your are thinking of writing in.  For example, I would focus on those publishers that specialise in the area of IT security rather than say on programming or project management.   Once you identity a publisher you will need to submit the idea to them and to also include an overview as to how popular the book will be and who will be likely to buy it.  This is so they can make a judgement as to whether or not to support your project, after all they want to make money and a profit from your book.

The publisher should have a submission form or application that you will need to fill in.  This usually entails;

• Outlining the topic of the book
• Giving an overview of the structure of the book, e.g. what each chapter will be about.
• Providing an overview of each chapter
• What the goals of the book are, i.e. what will the reader get out of reading the book?
• Who is the target audience for the book?  IT managers, consultants, programmers, business people etc.
• What is the potential market for the book?  What geographic locations will the book target (or be restricted to based on its content e.g. a book on Data Protection will be mostly confined to the EU market
• What is the your background and is it suitable for the book?  If you have no relevant  experience in the area you are writing on then why would someone want to buy a book from you?
• When will be book be completed?  This is important, not just as a line in the sand for you to meet but it is important for the publisher to know so you can line up editors, designers, printers and marketing people to launch the book.  If the deadline is not realistic or achievable then the publisher will not take it on-board
• How will the book be promoted?  Will you be willing to promote it at conferences, trade shows, blog posts, in trade publications etc.

Once you have decided which route to take then you need to plan how you are going to write the book.  This can be tough if you already have a day job and any personal commitments.  Writing a book can take up a lot of time so you need to factor that in and plan for evenings and perhaps weekends where you will have to put work and personal items aside so you can meet your deadlines.  I know a number people who addressed this challenge by posting a series of posts on their blog and then collating them into a book.

I hope this post has been of some help if you are thinking about writing a book and if you decide to go ahead I wish you the best of luck with it.