Creative Writing is beneficial for Information Security

René Pfeiffer/ June 19, 2024/ Security, Stories

The picture shows  cursive hieroglyphs from the Papyrus of Ani, an example of the Egyptian Book of the Dead. Source: https://commons.wikimedia.org/wiki/File:Papyrus_Ani_curs_hiero.jpgDo you like a good movie? Do you enjoy a good book? Your favourites most probably began as a piece of writing. There is a surprising overlap between creative writing, writing code, doing mathematics, and enjoying a well-defined information security configuration. Everything meets at the written word. IT documentation has a terrible reputation. Since it is always one or more steps behind the actual configuration, people prefer reading configurations instead. The magic is to keep changes in sync with your documentation. Another ingredient is to write concisely and to create the right structure. While documenting IT infrastructure is not like writing a script for a movie, it requires describing everything in the right order. You need to make sure people can look things up and find systems and controls required for security. An IT documentation where words and sentences go to die is not the right tool. Also, people don’t like to contribute to a dead collection of knowledge.

There are few ways to make documenting stuff exciting. Plus, if you work in a „change-rich“ environment, then your container configurations die quicker and more often than characters in George R. R. Martin’s Game of Thrones. We are looking for your experience with documenting IT security infrastructure and their security controls. Just like in creative writing, there is more than one method to get it done. The tools are different. Instead of re-writing your top 10 security controls as haikus, you might use software documentation or standard operation procedures as a template. What works best for you or your organisation? Let us know by submitting a presentation to our call for papers!

Share this Post

About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.