This could be alternatively subtitled "one guy's journey to a career in writing." I've been struck by the writing bug lately, and not just in the blog form. The fact of the matter is, I'm still expected to complete a journal article for my thesis work, to be submitted to a peer reviewed journal, such as IEEE S&P. On top of this, however, I've also had a couple opportunities crop up that are intriguing and driving me to plan (and begin executing on) other articles.
Prior to last week, I was planning a couple articles for Dan Swanson, who's recently become editor of EDPACS The EDP Audit, Control, and Security Newsletter. He had also suggested sending articles to Information Systems Security (ISS) and Information Systems Management (ISM). ISS is the official ISC2 journal (of the famous CISSP certification). ISS doesn't have a very good rep, but I figured writing is writing.
On my personal web site I've maintained a copy of my original whitepaper ("Alphabet Soup") that classified and described multiple infosec assurance models, frameworks, and methodologies. A draft version 2 of that paper has also been posted there for a few months, unfinished. My thesis (final draft) is posted there, too. I mention this all because a rather remarkable thing has happened. Not only did someone apparently read my thesis, but they also cited it! This occurrence has led to a new opportunity.
Late last week I was contacted by the journal editor for the IT Compliance Institute. She was reviewing an article that referenced my thesis and, in reviewing my site to properly attribute the work, she stumbled across my "Alphabet Soup" whitepaper and was interested in publishing the v2 draft. As I've worked with her the last few days, this has turned out not to be a reasonable goal given their short timelines, due mainly to the fact that the whitepaper was never designed for journal publishing, so is roughly 3-4 times longer than she really needs it to be. Ok, oh well, ho hum.
Do not despair! I had drafted a journal article a couple weeks ago to submit for peer review. This is an article-sized work, and it focuses on my TEAM model, which still fits with the theme of this journal release. Moreover, I am facing a significant rewrite of the piece because it isn't "dry and stilted" enough (to quote my adviser) for academic publishing. I've provided this first draft work to ITCI for consideration, and we'll see what happens. It needs work, but maybe it will fit their needs adequately.
In the meantime, I still have writing work to do, and new research ground to cover, too. My current topics for writing are:
* Tomhave Thesis / TEAM Model (juried work)
* Security & Privacy with Web 2.0 (co-author Paul Nguyen)
* The Psychology of Security (details TBD - looking for ways to apply the work)
* some compliance-related for a higher-level audience (muddling through)
Wish me luck! And, if you're interested in an article, drop me a line!