2. whoami?
Ashwini Varadkar
Sr. Security Analyst
5. 6 years of Experience in Cyber Security
Avid Reader
Kathak Professional
Special Love Towards Reporting :p
3. What is a Report?
“Report” is derived
from the Latin word
of “reportare”
which means carry
back. Re is back
and portare means
to carry.
Represents
information in
structured format,
is short and concise,
purposeful, and has
audience.
4. Cyber Security and Reports - The
Inseparables
• SOC
• Assessment
• DFIR
• GRC
5. The Reality Check!
As to how did we realize that there is a gap that needs to be addressed?
• Leader/Reviewer/Project Manager
• Other way:
• Client report rejection
• Social media posts
• Not talked about a lot
8. Common Concerns
• Unable to lead people through the content in a structured way. They
should get the information that they want quickly and easily.
• Confusion often arises about the writing style, what to include, the
language to use, the length of the document and other factors.
10. Formal Writings
• What all comes under the umbrella of formal writing?
• Academic research papers
• Business presentations,
• Emails and memorandums
• Business reports for conveying information
• and other types of official correspondence.
11. Contractions
• Avoid using contracted words.
E.g.:
oShould + not = Shouldn’t
oWill + not = Won’t
oAre + not = Aren’t
oIs + not = Isn’t
12. Stay Active
• Active voices – Sentences that are direct and concise.
E.g.
o Passive voice – An instance of XSS was observed by the analyst.
o Active voice – The analyst observed an XSS instance.
o Passive voice – Instructions will be given to you by the assessor.
o Active voice – The assessor will give you instructions.
13. Capitalization in Titles
• Thumb Rule:
o Capitalize the important words in the title
o E.g – Weak Password Policy in Use
o E.g – Cross-Site Request Forgery (CSRF)
• So which words are usually written in lowercase when creating headlines and
titles?
o Articles (a, an, the)
o Coordinating Conjunctions (and, but, for)
o Short (less than 5 letters) Prepositions (at, by, from)
Consistency
is the KEY
14. • Lower Case Titles
o E.g – Weak password policy in use
o E.g – Cross-site request forgery (CSRF)
• Same rule applies to the image captions (these are nothing but short
titles).
15. Capitalization in Sentences
• Avoid random capitalization of letters in sentences.
oE.g: URL's should not contain any Sensitive Information, for example, a session
Token, as the information is often logged at various locations.
oSimply: URL's should not contain any sensitive information, for example, a
session token, as the information is often logged at various locations.
• Capitalize proper nouns (names, countries, cities) such as the below
sentence.
oE.g: xyzOrg discovered multiple instances of weak physical security in
SampleOrganization’s Chicago data centre.
16. Software Name
• It is JavaScript (abbreviated as JS) and not Javascript
• jQuery and not Jquery or JQuery
• Clickjacking and not ClickJacking
Simply check the tool/service/software name on their official websites!
This also applies to attack names.
• EternalBlue
• POODLE
Consistency
is the KEY
17. Highlights and Emphasis
• Make relevant highlights.
• Use single or double quotes to stress on a word. Ensure consistency.
• Subtitles can be emphasized by using bold (under PoC section, under
Remediation).
• Observe the template. If XYZ uses single quotes for highlights, continue
that in your write up too.
Consistency
is the KEY
18. Images
• General points:
• All images must be aligned in one specific
way.
• Relevant masking must be done.
• Relevant highlights must be made.
• Image should be clear.
Consistency
is the KEY
19. Conclusion
• Note the points discussed here
• Write
• Write down the points
• Frame sentence around it
• Ask for help
• Share the responsibilities
• Courses / Apps
• Books/Ebooks
• Checklist
Consistency
is the KEY