Writing about cybersecurity threats, such as phishing campaigns, malware infections, and attack groups, is challenging for many reasons. How should you decide what details to include? How can you persuade the readers that your analysis is sound? How might you address the needs of multiple audiences?
I’m happy to share what I’ve learned over the years about writing effective threat reports in the following 36-minute video. These tips draw upon the advice I share in my Cybersecurity Writing course, which you can take online from SANS Institute.
In addition, to help you decide what information the readers of your threat reports want to see, I prepared a Rating Sheet for the Right Information: Threat Reports. You can use it as a checklist to make sure you’ve included the necessary details about the threat in your reports.