The document provides guidance on effective report writing for cyber security. It defines a report and explains that reports in cyber security are used in security operations centers, assessments, digital forensics and incident response, and governance, risk, and compliance. Common mistakes in reporting include communicating someone else's output, using vague sentences, and having image related issues. Effective reports are structured, concise, purposeful, use proper grammar and writing conventions like avoiding contractions and writing in the active voice. Capitalization, software names, highlights and emphasis, and images should be handled consistently within a report.

1. Effective Report Writing
Cyber Security

2. whoami?
Ashwini Varadkar
Sr. Security Analyst
5. 6 years of Experience in Cyber Security
Avid Reader
Kathak Professional
Special Love Towards Reporting :p

3. What is a Report?
“Report” is derived
from the Latin word
of “reportare”
which means carry
back. Re is back
and portare means
to carry.
Represents
information in
structured format,
is short and concise,
purposeful, and has
audience.

4. Cyber Security and Reports - The
Inseparables
• SOC
• Assessment
• DFIR
• GRC

5. The Reality Check!
As to how did we realize that there is a gap that needs to be addressed?
• Leader/Reviewer/Project Manager
• Other way:
• Client report rejection
• Social media posts
• Not talked about a lot

6. Need for Effective Writing
Reputation Consulting

7. Common Mistakes
COMMUNICATING
SOMEONE ELSE’S OUTPUT
VAGUE SENTENCES IMAGE RELATED ISSUES

8. Common Concerns
• Unable to lead people through the content in a structured way. They
should get the information that they want quickly and easily.
• Confusion often arises about the writing style, what to include, the
language to use, the length of the document and other factors.

9. What is Effective? :/
Rules
Concept

10. Formal Writings
• What all comes under the umbrella of formal writing?
• Academic research papers
• Business presentations,
• Emails and memorandums
• Business reports for conveying information
• and other types of official correspondence.

11. Contractions
• Avoid using contracted words.
E.g.:
oShould + not = Shouldn’t
oWill + not = Won’t
oAre + not = Aren’t
oIs + not = Isn’t

12. Stay Active
• Active voices – Sentences that are direct and concise.
E.g.
o Passive voice – An instance of XSS was observed by the analyst.
o Active voice – The analyst observed an XSS instance.
o Passive voice – Instructions will be given to you by the assessor.
o Active voice – The assessor will give you instructions.

13. Capitalization in Titles
• Thumb Rule:
o Capitalize the important words in the title
o E.g – Weak Password Policy in Use
o E.g – Cross-Site Request Forgery (CSRF)
• So which words are usually written in lowercase when creating headlines and
titles?
o Articles (a, an, the)
o Coordinating Conjunctions (and, but, for)
o Short (less than 5 letters) Prepositions (at, by, from)
Consistency
is the KEY

14. • Lower Case Titles
o E.g – Weak password policy in use
o E.g – Cross-site request forgery (CSRF)
• Same rule applies to the image captions (these are nothing but short
titles).

15. Capitalization in Sentences
• Avoid random capitalization of letters in sentences.
oE.g: URL's should not contain any Sensitive Information, for example, a session
Token, as the information is often logged at various locations.
oSimply: URL's should not contain any sensitive information, for example, a
session token, as the information is often logged at various locations.
• Capitalize proper nouns (names, countries, cities) such as the below
sentence.
oE.g: xyzOrg discovered multiple instances of weak physical security in
SampleOrganization’s Chicago data centre.

16. Software Name
• It is JavaScript (abbreviated as JS) and not Javascript
• jQuery and not Jquery or JQuery
• Clickjacking and not ClickJacking
Simply check the tool/service/software name on their official websites!
This also applies to attack names.
• EternalBlue
• POODLE
Consistency
is the KEY

17. Highlights and Emphasis
• Make relevant highlights.
• Use single or double quotes to stress on a word. Ensure consistency.
• Subtitles can be emphasized by using bold (under PoC section, under
Remediation).
• Observe the template. If XYZ uses single quotes for highlights, continue
that in your write up too.
Consistency
is the KEY

18. Images
• General points:
• All images must be aligned in one specific
way.
• Relevant masking must be done.
• Relevant highlights must be made.
• Image should be clear.
Consistency
is the KEY

19. Conclusion
• Note the points discussed here
• Write
• Write down the points
• Frame sentence around it
• Ask for help
• Share the responsibilities
• Courses / Apps
• Books/Ebooks
• Checklist
Consistency
is the KEY

20. Thank You J