Category Archives: Personal

Time, Straight Lines, and the Next Step

As I shared a couple of weeks ago, I’ve decided to step away from my role at Mandiant/FireEye after three fun and challenging years. During this time I did some interesting work and met a lot of great people who I’m glad to call friends. However, it’s time for something different, and that’s what this post is about.

I’ve spent a lot of time over the past few months thinking about how I spent my time and how my time will be remembered by those around me. Time is the only thing that you can’t get more of, and once it’s gone you can never get it back.

I started a career in information technology and security at a young age because it was a new frontier, I enjoyed the challenge, and there was a demand. As I’ve gotten older, I’ve begun to realize that I don’t love information security — I love how it lets me serve others and help them achieve their goals. When I really thought about it, I realized that there is evidence of my love of service in other facets of my life as well. This is why I love to teach, why I love to gather friends around the BBQ pit, and why I started the Rural Technology Fund nearly ten years ago.

I think it’s easiest to serve people when you can draw the shortest, straightest line between the work you do and how it positively impacts the lives of others. I’ve been fortunate to have some jobs where that line was fairly straight and short, but I’ve also had plenty where the line was miles long and wrapped around in circles. The more I thought about it, the more I realized my happiness is really contingent on my ability to keep that line short and straight.

Here’s how I’m going to do that…

Applied Network Defense

First, I’m thrilled to announce the launch of Applied Network Defense, a new business venture I’ll be leading. Through this organization, I’m going to focus on delivering high quality, affordable online information security training. Many of you may be familiar with some of my existing classes like Investigation Theory and Effective Information Security Writing. These courses will serve as a blueprint for new courses I’ll be teaching, including a Practical Packet Analysis course, and a course called Defense Against the Digital Dark Arts aimed at teaching practical security concepts to college students, IT workers who are interested in focusing on security, and business leaders who want to gain a better working knowledge of how to think about and approach security problems.

AND isn’t just about me, though. Beyond my own teaching, I want to help enable others deliver their expertise to those who need it. I’ll be partnering with other individuals and organizations to help them develop online training to support their products and education goals. This includes a new Bro scripting course, and a new partnership with OISF to offer an official online Suricata course. These will both be released this summer. If you’d like to learn more about this venture or are interested in taking a course or developing one, check out

Pro-Bono Consulting

A big part of what I’ll be doing with AND is trying to help those who really need it. I’ve always offered scholarships to my courses for human service non-profit workers, and I’ll continue to do that. I’ll also be devoting one or two days a month towards offering free “pro-bono” consulting for those organizations and very small businesses that can’t afford to pay the price many vendors charge. If you’d like help in that area, you can fill out an application here. If you’d like to join me in this effort, please reach out.

Source Code Podcast

Something that has always fascinated me about our field is that everyone comes from such diverse backgrounds. Most got into IT or security by taking a different path, and everyone has a unique story to tell. I’ve decided to create a new podcast to create a forum for people to tell those stories. My hope is that I’ll create a repository of “origin stories” that will inspire other practitioner and students. I released the first episode of the podcast last week and the feedback so far has been amazing. You can check out the first episode and stay up to date with future episodes here.

Rural Technology Fund

Finally, I’ll be spending more time with the Rural Technology Fund. The impact of this organization has grown tremendously over time. Last year, we made enough targeted donations to public schools to reach over 10,000 students. This year, my hope is to reach as many as 25,000 (we’re already 30% of the way there). I can’t do this alone, so I’ll be spending time fundraising, soliciting volunteers, and getting the word out about all the good work we’ve been doing. You can learn more about the RTF and how you can help here.

I want to end with a personal note. I’m the son of a trucker and a sewing machine operator from a town named Mayfield that nobody ever heard of. To be able to do what I do and interact with so many amazing people through my work is nothing short of a miracle. I don’t belong here, but because I am, I’ll never stop being thankful. I’m incredibly excited about this new journey and I sincerely appreciate all the support of those who have bought a course license, purchased one of my books, donated to the RTF, or simply read this blog. 

So You Want To Write an Infosec Book?

mybooksWhile I don’t consider myself to be a prolific writer of the 21st century, I have been blessed to have the opportunity to write five different technical books over the past 12 years. I do a little bit of speaking here and there and am always blogging as well, so I frequently meet people or receive e-mails from folks who want to write an information security book. Because of that, and in light of recently finishing my last book project, I thought that now would be the perfect time to share some of my experiences in technical book writing.

*This post was originally written in 2014 but was updated in 12/2017




Before I dive into my lessons learned, here is a brief summary of the books I’ve written to help frame the things I’m going to talk about.

  • “Saving Time and Money with Virtual Server” – Published by O’Reilly in 2005 as an e-book only. This sold very poorly and was my first foray into paid technical writing with a real publisher. Most people don’t even know that I wrote it.
  • “Practical Packet Analysis – 1st Edition” – Published by No Starch Press in 2007 in print. My first print book, released when I was 19. This sold very well but received mixed reviews early on due to some technical issues which were eventually rectified.
  • “Practical Packet Analysis – 2nd Edition” – Published by No Starch Press in 2011 in print. This has been my best selling book. It has been translated to half a dozen or so languages and is used as a textbook by many universities. It is also incredibly well reviewed, having an average rating of 4.5 stars with over 50 reviews on Amazon.
  • “Applied Network Security Monitoring” – Published by Syngress in late 2013 in print. This is my newest book. So far, it has been very well reviewed. I was the lead author of this book but also had contributions from several friends as co-authors, with Jason Smith contributing a few chapters, David Bianco writing a chapter, and Liam Randall contributing in a couple of places.
  • “Practical Packet Analysis – 3rd Edition” – Published by No Starch Press in 2017 in print. This hasn’t been out for too long but is picking up where PPA 2 left off with great sales and multiple translations. It is also incredibly well reviewed, having an average rating of 4.6 stars with over 75 reviews on Amazon. I’ve also built an online class version of it.


As you can see, I have a pretty wide array of experience with several types of books, several publishers, and several models of book writing. I’m by no means an authority on the subject of the business of writing, the grammar/structure of writing (just ask my editors), or even the “best” way to go about getting your first book deal. However, I do have experience to share that I think is useful.


Lessons Learned


Writing a Book is Hard

Writing a book is probably one of the single hardest things you will ever do. If that isn’t the case, then you are probably doing something wrong, or simply not taking enough risk. When you estimate the amount of work that you think a book might take to complete, go ahead and multiply that by five.


The first edition of Practical Packet Analysis took a year to research and write, and that was a bit rushed. Because of this, the quality suffered. The second edition of Practical Packet Analysis took about two years to research and write, keeping in mind it still used 25% of the content from the first edition. Applied NSM took FOUR YEARS to research and write, and that was with the help of co-authors and even cutting some things out of the original table of contents.


If you aren’t strong-willed, dedicated, and goal-oriented, then you aren’t going to be able to successfully write a book. It is very easy to get excited about putting words on paper at the beginning of a project. However, this excitement can begin to wane several months into the project when it seems like you are slogging through content at a snail’s pace and you can’t see the forest for the trees. This is the point in which most books flounder out and never get finished.


As I’ve moved into the content creation business where I work with individuals to develop online courses I’ve learned that some people just don’t have what it takes to dedicate themselves to large projects like this, or they simply just aren’t in a place in life where they can adequately prioritize it. There’s nothing wrong with that if you’re self-aware enough to realize you’re that person.


Don’t underestimate the difficulty of writing a book. It is a massive, consuming task that requires you to possess skills in technical writing, time management, research, and the technology you are writing about. It isn’t too hard to get a book writing contract. It is very hard to finish a book writing project, and it is incredibly hard to write a good information security book.


Assess Your Motivation

Because writing a book is so difficult, you have to possess the right motivation for it to be successful. So what does the “right” motivation look like? Well, ask yourself why you want to write the book. Some good reasons might include:

  • You are a natural teacher and like to share the knowledge you have with others.
  • You have a unique understanding of something technically complex and think others could benefit from your methods and approaches.
  • You have a plethora of experience and you think that you can use your advanced knowledge to better teach the fundamentals of a discipline.
  • You have a lot of knowledge in an area for which no formally written knowledge exists.


With that in mind, I usually hear more bad reasons for wanting to write a book than good ones. Some of these include:

  • “I want to be a big name in this industry.”
  • “I want to bring in some extra income.”
  • “I want to prove my skills so that I can get a better job.”


I could spend a lot of time ranting about each of these bad types of motivation, but I’ll keep it short and say that you should never write a book ONLY to get name recognition, to make money, or to get a better job. While it is possible that the book could result in those things, you should write a book because you care about the topic and you want to help people. It’s part of what some people call “servant leadership.” That is where you gain respect because you serve your constituency. In the case of book writing, this constituency is the information security community as a whole. If you are a good steward of that community, you will have the opportunity to prosper.


You are Responsible for Your Content

This is the most important lessons learned I can provide. One of the hardest lessons I’ve learned in my career is that you, as the lead author, are ultimately responsible for the content of your book. I learned this lesson because of a very big mix up that occurred when writing the first edition of Practical Packet Analysis. I was pretty young when I wrote this book (I started it when I was 18), and looking back, I probably could have used a few more years of experience before I wrote it. While writing the book, Gerald Combs (the creator of Wireshark) agreed to be the technical editor for the book. This was really helpful for me at the time because I knew that Gerald’s years of experience would certainly catch any technical errors I might make in my writing.


A couple months after the book was released, it received a very poor review from a very big name in the industry. This would eventually lead to a few more bad reviews right around that time. The reviews were centered on the fact that the book contained quite a few technical errors. Of course, the publisher and I went back to Gerald to see why they were missed. That is when we discovered that there was some miscommunication, and Gerald was under the impression that he was only supposed to perform a technical review of the content directly related to Wireshark, and not all of the protocol-specific information and other content. This wasn’t Gerald’s fault or the publisher’s fault. It was on me for not ensuring the expectations were communicated correctly. I take full responsibility.


Dealing with this was pretty rough. A book isn’t like a blog post that you can go back and make edits. Once it’s out there in print, it’s there forever. We were ultimately able to fix the issues and publish fixes in later print runs of the book and in an errata. Some of them were things that were inaccurately stated, others were facts that were just presented in a way that left too much room for incorrect interpretations, and a few were just production issues that didn’t get caught. However, at this point, the damage was done. It was very personally embarrassing, and I still consider it to be a dark stain on my career to this day. I didn’t truly consider the issue rectified until I was able to complete the second edition of the book. I’m incredibly thankful to Bill and the folks at No Starch Press for allowing me that opportunity because I’m not sure most publishers would have done so.


I’m now incredibly cognizant of the technical content of my books. I research to an extreme amount and I also rely on multiple technical editors. Applied NSM was edited for technical content by David Bianco, but I also had technical edits performed by a dozen or so other people based upon their expertise in certain content areas. For instance, several members of the SiLK team reviewed the sections about SiLK, and Joel Esler from Cisco/Sourcefire was kind enough to review the chapter on Snort. Not only did the multiple layers of technical editing catch things that were missed, it also helped to provide some additional unique perspective on the concepts presented in the book.


The key point here isn’t to be scared of technical errors. Every book will have some errors, and that is what an errata page is for. The takeaway here is that every word in your book is ultimately your responsibility. You can’t fully rely on co-authors, contributing authors, technical editors, copy editors, etc. There is no passing the buck in the book writing business. You have to own every word and you have to proofread and research until your eyes bleed.


Don’t Rely Solely on Your Own Expertise

One of the big mistakes I made early on in my writing career was thinking that it was 100% on me to generate all of the knowledge that was put into my book. If you really want to know the difference between the first and second editions of Practical Packet Analysis, this is one of the big ones. In the first edition, all of the content was straight from my head, using techniques that I used in my day-to-day job. While these were useful to me, I didn’t think about studying the techniques used by other people to see how they applied the same knowledge. Quality suffered as a result.


Fast-forward several years when I began researching content for the second edition. This time, I reached out to others to see how they did packet analysis. I asked what techniques they used, what their favorite Wireshark features were, and what additional tools they found useful. Because of this, I was able to incorporate additional perspective into the book, which made it applicable to a lot more people. Not only that, but I learned a lot and strengthened my own practices.


I continued this thread with Applied NSM, even bringing in co-authors with drastically varied experience. A lot of the time there is no “right way” and the “best way” will depend on the environment the knowledge is being applied to. Bringing in the expertise of others can really help the depth and usefulness of your content. This is a statement promoting collaboration above anything else.


You Won’t Make Money Writing Technical Books

If you want to write a technical book to make money then you are going to be in for a surprise. In general, technical books don’t generate a lot of revenue. While there are some exceptions with widely sold books that appeal to a broad mass of people like “Windows 7 for Dummies”, titles like “Applied Cryptography” are going to have a limited audience. No matter how good your book is the audience for it is going to be limited by the number of active practitioners.


People like to see numbers, so let’s do some simple math. My agreement with No Starch Press was for a 12% royalty on all copies of Practical Packet Analysis that were sold (with a higher percentage for subsidiary works and foreign translations). This is standard within their royalty structure menu and something they have publicized in the past, so I have no reservations in publishing that here.


Let’s say that you write a book that costs $30. This means that you see $3.60 from every copy sold (we won’t worry about subsidiary works at the moment – We are also assuming the book sells directly from the publisher and not from a book reseller, which would result in a lesser rate based upon what the publisher sells to the book reseller for). Now, let’s say the book sells extraordinarily well and you’ve sold 10,000 copies. That is a lot of copies for a technical book. If it is an information security book specifically, it’s an even more impressive number. That means you have made $36,000 dollars.


Now, let’s consider how long it took you to write the book. The break down for a smaller book that might sell for $30 bucks could look like this:


  • 6 Months – Initial Research
  • 12 Months – Writing
  • 6 Months – Editing and Marketing


These are pretty fair estimates. Now, let’s say that you are working a full-time job, so you are doing all of this during your spare time, and that averages out to about 4 hours per day. You might skip a day here or there, but you will also probably be working more on the project on the weekends. This averages out to a total of 2920 hours. This sounds like a lot of hours, but if you are going to research and write a proper book, this isn’t too crazy. See the earlier section about how writing a book is hard. If we divide that $36,000 by 2920 hours, that comes out to a bit more than $12/hour. Again, this is if your book sells VERY well. If you write an information security book and it sells a more realistic number, like 5000 copies, then you are only making about $6/hour. That is less than the federal minimum wage. Want to get even more depressed? This money hasn’t been taxed yet. Go ahead and send a third to one half of it to Uncle Sam.


I don’t really know anybody who has made a consistent living exclusively from writing information security books. The folks I do know who don’t have “day jobs” bolster this income with public speaking, training, and consulting. While writing a great book can certainly lead to these things, the royalty income from the book alone isn’t enough.


Personally, I’m a big advocate of donating author royalties to charitable organizations. 100% of the royalties from all of my books go to support a few different charitable organizations, including the Rural Technology Fund.


Have a Strong Stomach

When you write a book and put it out there to the world, you will invariably have to deal with book reviews. These reviews are very important to the success of the book, especially early on. By extension, these reviews are also important to your career, as they will be used to define the quality of your work by a lot of people. Because of that, you should take reviews very seriously. However, with that comes the issue of bad reviews and bad reviewers.


No matter how good your book is, some people won’t like it. Practical Packet Analysis 2nd Edition has an average rating of 4.5 stars on Amazon with over 50 reviews and I know it’s a great book. However, it has gotten at least a couple of bad reviews. Some of these include:


  • A 3 star review from someone who was upset the book only focused on Wireshark, even though Wireshark is in the subtitle of the book and this is made very clear from the beginning.
  • A 2 star review where the reader is upset that I talk about outdated protocols like “Palm OS Protocol.” I’m not sure what he is reading, but I don’t even talk about Pam OS Protocol in the book.
  • A 1 star review because the reader was upset that Amazon didn’t ship the book to him fast enough, which had nothing to do with my writing. Fortunately, Amazon removed this review since it was completely unrelated.


Ultimately, you are going to get a few negative reviews no matter what you do. Some people like to use book reviews as an opportunity to bash people when they think they could have done better, or simply because they think it makes them look like an expert to harshly critique someone else’s work.  There are also people who don’t read the book description before they buy it and are upset that the content wasn’t exactly what they were expecting. Sometimes you also have readers who are very skilled in a particular topic and buy an entry-level book and are upset that the content is too rudimentary for them. These things can all lead to negative reviews. This was incredibly hard for me when I started writing and is still something I struggle with today. When you devote a lot of time and effort to something, you hate to see it torn down in just a few paragraphs. It’s something you just have to learn to stomach. I still get irked when someone raves about how much they love a book but then knock it down to a 3-star rating because there were a few typos.


Write Content Before You Sign the Contract

In most cases, when you want to write a book you will write an abstract with a table of contents and then use that information to pitch the book to a publisher (along with whatever specifics they ask for). If it is accepted, the publisher and the author will agree to terms, contracts will be signed, and then the book actually gets written. While this can be effective, I think that you should start writing the book well before you even think about submitting it to a publisher. As a matter of fact, I wouldn’t sign a publishing contract now without having at least 20% of the book already written. Let me explain why…


When you sign a contract with a publisher, one thing they will want from you is a production schedule that details when you expect to complete certain portions of the book. This is important for the publisher for a variety of reasons, the most of which is that the execution of a contract now means that they are investing money in you and your project. In addition to their paying you for your work, they will also be paying project managers, copy editors, compositors, graphic artists, and marketing staff to ensure that your book is produced effectively and able to be sold. They are also fronting the cost of the initial printing of the book. It takes a lot of work to get the book from your computer to the shelves at Barnes and Noble. Now consider that the publishers will have multiple book projects going on at once, and you can grasp how difficult their job is. They need to be able to effectively schedule the resources used to produce your book so that they are making efficient use of their time and money.


With that said, it is VERY hard to ascertain exactly how long it will take you to write a book until you are already a bit into it. This is hard to explain if you’ve never experienced it, but it holds true for a lot of authors I know for a few reasons. First of all, sometimes it can be very difficult to start a chapter. When I wrote the Snort/Suricata chapter of Applied NSM is took me nearly a week to come up with the first few pages of introductory material. After I was finally happy with that text, I was able to produce the remaining 50 or so pages in relatively short order. Framing introductions and core concepts can be very difficult and if you don’t do it correctly then the reader might get lost while trying to understand more advanced concepts.


Beyond this, I also know several authors who plan to write a book, only to get 50 pages into it to realize that the concept isn’t really going to work out. I can personally tell you that I’ve considered writing three additional books that I never finished because it took my writing quite a bit to realize that their wasn’t enough relevant content to make the book successful.


When you begin writing a book it is your project and you can call the shots. The second you sign a publishing contract it is no longer just your project. You are on the hook and your project has become an investment for other people. No publisher will ever fault you for having too much content already written before you sign the contract. As a matter of fact, it is likely that this additional content will help the publisher better understand your platform, which could lead to an increased chance of getting a writing contract.  If you spend a great deal of time writing content only to realize that the book isn’t going to pan out or that publishers aren’t interested, then that isn’t a total wash. As the late Randy Pausch said, the thing you get when you don’t get what you want is experience.



Have a Backup Plan

While writing Applied NSM, I was a bit shocked when my first chapter came back from copy edit with only one error marked on the manuscript. I’ve written enough to know where my weaknesses are, and I know that there are things editors will usually change in my writing (for better or for worse). So naturally, when the only thing that was brought up was a misspelled word, I was a bit concerned. I reread the manuscript and found a couple of things I had missed in the initial draft that the copy editors hadn’t caught. I was submitting the second chapter soon, so I intentionally placed several errors in the text to see if the copyediting group caught them; and to my dismay they didn’t catch a single one.


I brought this to this attention of my project manager at Syngress, and was shocked to discover that Elsevier (the parent company of Syngress) had recently outsourced their copy editing to a division in India. They admitted that they had just made this switch and were still trying to sort out some quality issues, but that it would take quite a bit of time to do this.


At this point, I was in a bit of a bind because we were on a very tight schedule and I had promised readers a certain release date. Syngress had no ability at this point to provide an effective copy edit (although the PM offered to help where he could). Fortunately, I had a backup plan and utilized the services of my wife (who is now an MD, but originally majored in English and has quite a bit of editing experience) and a third party who will remain anonymous. Through the combined efforts of these two individuals, the book still received the copyedit it needed.


Surprise is a product of complexity. Writing a book is a very complex process, which means that surprise at any given point in the process is likely. This can take a lot of forms: copy editors could do a poor job, a co-author might not be able to complete his contribution, or the publisher might change your deadlines. Think ahead and try to have a backup plan for as many situations as you can.


Leave Wiggle Room

One of the hard things about technical writing is that there are so many “gotchas” to specific scenarios. While something might be true 99% of the time, that 1% can come back to haunt you in your book. For instance, you could write a book about the TCP protocol and definitively say that this is how all of the associated concepts work, writing directly to the RFC specification. However, if you’ve looked at multiple examples of the TCP protocol in action, you will know that not every system implements TCP per specification, meaning that your text could be wrong in some scenarios.


Because of this, it is very important to avoid writing in a “matter of fact” style. You should always leave some wiggle room for interpretation because it isn’t possible to explain every way in which something might be implemented. This means making sure your text highlights the difference between absolutes and indefinites, and you preface descriptions with assumptions you are making about operating environments. This will save your readers some potential headache when they go to try and repeat your techniques.


Don’t Sacrifice Your Tone

The thing that defines you as a writer isn’t your technical knowledge; it is your tone. No matter how much you know about a subject, you must be able to effectively relay that in the written word. Beyond that, it is how you deliver your message that will endear you to readers. I take great pride in that fact that people tell me that I write in a way that makes complex subjects very accessible, and that I can do it in a manner that sounds like me. The people who know me personally will say that when they read my books, they can almost hear me saying the things in it. That is because I have my own unique tone.


At some point in the writing process, you will have to deal with editors. I love editors, and my writing wouldn’t be what it is without them. However, a lot of editors will try to change your tone, especially younger and less experienced ones. This isn’t too different from how programmers work. If you hand a programmer someone else’s code and tell them to work with it, they will probably first try to change it around so it fits their normal coding style. This might involve replacing a few functions, changing how variables are named, or changing how tabs are used. It’s one thing to replace a function with something that is better for reasons of performance or security, but to replace it just because you normally use another one is a different story. Just like this, an editor shouldn’t replace a word because its one they use, they should have a reason. This might include making the sentence clearer or more grammatically correct.


I’ve had the chance to work with a lot of editors. Bill at No Starch is one of my favorites because he truly makes my writing better without changing my tone. They are still my words, but they are delivered more effectively because of his subtle changes. It may take a while, but learn what your tone is. Once you’ve got it locked down, defend it.


Don’t Self Publish the First Time

Self-publishing has never been easier, so I often get asked if you should SP or go with a traditional publisher. This is a trade-off. With a traditional publisher, you get the benefit of their experience and their marketing power. With self-publishing, you get more control. If this is your first book, I recommend you go with a publisher. There are a LOT of moving parts to a book and while you might be able to do all of them you won’t be able to do all of them well. You probably also won’t be able to market your book well to audiences outside your immediate circle and many publishers are good at that. Ultimately, you need to learn the process and the industry and your publisher will be your guide.


During this time, you’ll learn that your publisher’s goals don’t always match yours. They want to make money. That doesn’t always correlate to you making money or having the impact you want to have. I’ve had publishers ask me to sign new contracts because they wanted a bigger cut, outsource copyediting to poor English speakers (discussed above), and “encourage” me to add content promoting their other books when I had different material I wanted to recommend. You will inevitably see things your publisher does that you don’t like. I have good and bad things to say about every publisher I’ve worked with. Once you’ve gone through the process the first time, then maybe consider self-publishing for your second book if you decide to write one. It will be a tremendous amount more work but you will have more control. That’s the trade-off.




There are a lot of blog posts and websites that will tell you how to get a writing contract or how to write good technical content. In my opinion, doing those things are the easy part. The hard part of writing a book is all about being prepared, planning ahead, and having the right frame of mind before, during, and after the process. My hope is that this article provides some useful insight into some of these things. While the tone of this article may seem grim at times, I absolutely love writing and plan to continue doing so. If I didn’t scare you too bad and you plan to pursue writing an information security book, then I wish you the best of luck! If you have insight from the book writing process that you’d like to share, then I’d love to hear it, so please feel free to e-mail me or leave a comment.



Applied NSM Dedication and Acknowledgements

ansm_coverWhenever I finish writing a book, I always make it a point to post the dedication and acknowledgements for the book on my personal blog. This is no different with Applied Network Security  Monitoring, so I’d like to take the opportunity to share those items now. I said that I wanted to write this book over three years ago, and finishing it and holding it in my hands is a dream come true that wouldn’t have been possible without a lot of help.



This book is a product of strength gained through love. This book is dedicated to God, my wife Ellen, and all those who continue to love and support me.

“But those who hope in the Lord will renew their strength. They will soar on wings like eagles, they will run and not grow weary, they will walk and not be faint.”

– Isaiah 40:31 (NIV)



2 Corinthians 12 says, “But he said to me, ‘My grace is sufficient for you, for my power is made perfect in weakness.’ Therefore I will boast all the more gladly about my weaknesses, so that Christ’s power may rest on me.”

Writing Applied NSM was nothing short of a testament to God’s power being made perfect in weakness. This book was easily one of the most difficult projects I’ve ever taken on, and it was faith in Him that allowed me to persevere. Because of Him, this book and everything I do is possible, and I sincerely hope that my work here can serve as a witness to God’s awesome power.

This book was made possible through the direct and indirect contributions of a great number of people. I’d like to take this opportunity to acknowledge them.

Ellen, you are my love, my support, my strength, and my biggest fan. None of this would be possible without you. I want to thank you for putting up with the stress, the despair, the crazy hours, and the overall madness that comes from the book writing process. I also want to thank you for helping to copyedit the book. I suppose that English major finally came in handy. I love you, and I’m so proud to be your husband.

Mom and Dad, I am the person I am because of your influence. Everything I do is, and will continue to be, a tribute to the character you both exhibit and the love you both shared. I love you, Dad. RIP, Mom.

Sanders Family, although we are a small group, the love shared between us is something that is immense, and is so important to me. Even though we are far apart, I know you love and support me and I’m thankful for that.

Perkins Family, The way you’ve welcomed me into your lives has been truly amazing, and I’m blessed to have your love and support.

Jason Smith, you are quite literally the smartest person I’ve ever had the pleasure of meeting. More than being a great co-worker and co-author, you’ve always proven to be a great friend. I don’t hesitate to say that you’ve been like a brother to me. I’m eternally grateful for it all.

David Bianco and Liam Randall, I can’t thank you enough for contributing to this book. Your contributions are valued more than you can imagine.

Regarding my coworkers (past and present), I’ve always believed that if a person surrounds himself with good people, he will become a better person. I have the good fortune of working with some great people who are some of the best and brightest in the business. I want to give special thanks to my InGuardians family: Jimmy, Jay, Suzanne, Teresa, John, Tom, Don, Rad, Larry, Jaime, James, Bob, and Alec. I want to extend special appreciation to Mike Poor, who wrote the foreword for this book and continues to be one of my packet ninja idols.

Syngress staff, thank you for allowing me the opportunity to write this book, and helping this dream become a reality.

The technical content and direction of this book is a product of more individuals than I could possibly name, but I’m going to try anyway. In addition to those listed above, I’d like to thank the following people for their contribution; whether it was reviewing a chapter or letting me bounce some ideas off of you, this wouldn’t be possible without all of you:

Alexi Valencia, Ryan Clark, Joe Kadar, Stephen Reese, Tara Wink, Doug Burks, Richard Bejtlich, George Jones, Richard Friedberg, Geoffrey Sanders, Emily Sarneso, Mark Thomas, Daniel Ruef, the rest of the CERT NetSA team, Joel Esler, the Bro team, Mila Parkour, Dustin Weber, and Daniel Borkmann.

Charleston ISSA Chapter Forming

issa_logo_smallI know that I have several readers who are local to Charleston. I was recently thrilled to find out that a few people were getting together to form a Charleston chapter of the Information Systems Security Association (ISSA). If you aren’t familiar with the ISSA, it is an organization for information security professionals that is designed to provide both educational and networking opportunities. I was a member of the Kentucky chapter of the ISSA when I lived there, and I really enjoyed the opportunities it provided.

In addition, I was really excited to be asked to serve as the education director for the chapter. In this role I will be responsible for organizing presenters for our monthly meetings and setting up other learning opportunities. If you are local to Charleston or you want to come down and see what all the excitement is about (re: Shrimp and Grits), then drop me a line. If you might be interested in presenting or teaching a class, all the better!

You can read more at:

My Testimony

blurry-sky-crossWe didn’t have much growing up in rural western Kentucky. Not many people who lived in Mayfield did, really. Those who did have means, the few doctors we had in town or the occasional lawyer or pharmacist who had managed to do well for themselves, still lived their lives with modest sensibilities. It was a slower way of life than I suspect most are familiar with.


Looking back on the first fifteen years of my life, I can say that if there were a parent lottery, I was undoubtedly the winner. Although we didn’t have much, I never remember doing without. I always had presents under the tree at Christmas and I was never without supper on the table, although dessert after supper was a foreign concept to me until college. Most importantly, although my family was small, I always felt loved.


My Dad was a trucker who was known to take odd jobs around town. I can’t count the number of fence posts I helped him set or the number of pole barns I helped erect. He was a tough man, but he was also the kind of person who could start a conversation with anybody and make them feel like they had known him for years.


My Mom was no stranger to a hard days work either. She spent most of my young life working as a machine operator in a few different textile factories around town. Miss Judy, as my friends typically grew to call her, was one of the strongest willed women you would ever meet. Most people would call her fiery or opinionated, and some who got on her bad side might have some other creative ways of expressing the same sentiment. Regardless, nobody could ever accuse Mom of being anything less than one of the most caring people you would ever meet. As a proper southern woman, it was typical for her to greet a visitor to our home by asking them if they’d eaten yet, and subsequently forcing a few bites of something down their throat regardless of their answer.


She was fiercely protective of those she loved, especially me. It was something that frustrated me to no end. My dim and narrow view on the world frequently led me to believe that she was holding me back, or that her protection was driven by something other than her simply wanting what was best for me. She had gone through a falling out with my much older sister Kim that had led Kim to leave town and become a very fleeting part of our lives. I suspected that Mom was simply trying to make sure that she didn’t repeat those same mistakes with me. I generally preferred to spend my time indoors reading or tinkering with anything that I could take apart and rebuild. I specifically remember how she would come into my room on weekends and demand that I go outside and find something constructive to do in the fresh air. “Go Play!” she would say as she shooed me out the back door, making sure I was wearing the appropriate shoes. I despised being forced to do it.


I figured out at an early age that my Mom wasn’t in the best of health. She smoked a couple of packs of cigarettes a day and had a regiment of pills prescribed for everything from high blood pressure to diabetes. Mom was prone to get sick enough to be stricken to the couch on a regular basis. While most people tend to relegate themselves to their bed when struck by illness, Mom preferred the couch. I think it was because she felt more accessible in the living room. She particularly liked it when I would sit with her when she wasn’t feeling well, even if it were just to watch TV.


It wasn’t until I approached my teens that things started getting more serious than I knew they were. Around this time Mom’s bouts with illness went from periodic stays on the couch to periodic stays in the hospital. These trips were never too long or too serious; an overnight stint for a really bad flu here, a three-day stay for pneumonia there.  I started to become more familiar with the local hospitals than I realized.


It’s important to explain at this point that religion in my family was a bit like that weird cousin everybody has, or an odd haircut: it was always there, but was not spoken about often. It was just something that we accepted. Dad was a traditional southern man who didn’t tend to talk a lot about things like religion or his emotions.  Mom, who had been a Sunday school teacher in her younger years, took her religion very seriously. Like Dad though, she didn’t talk about it too much. Both of my parents explained the bible to me when I was younger and made sure I had the resources to educate myself on topics of faith and religion, but they both lived their lives in such a way as to show faith rather than speak about it.


Although I believe my parents were well intentioned, it’s hard for a young person to read between the lines and derive faith by example. Because of the nature of my parent’s work, and the later state of Mom’s health, we didn’t attend church regularly. As a result, I lacked a lot of the core knowledge that helps in the understanding of faith and religion. Don’t get me wrong, there was a healthy amount of God fearing in our household, but I suppose faith was something that I was just expected to learn about on my own, rather than being taught.



This story really picks up when I was fifteen. This was in 2001, just after my birthday, which unfortunately, was the same day as the infamous 9/11 attacks. At this point in my life I was a typical high school sophomore who tended to get lost in the crowd. I didn’t really have any particular hobbies other than fiddling with the computer on occasion, and I wasn’t anything more than a B- student. I was a good kid, but simply put, I wasn’t living for anything. I was more or less floating through life.


Not long after my birthday, Mom was admitted to our local hospital for a bout of pneumonia. This wasn’t anything out of the ordinary. I remember visiting her on a Sunday night with my Dad. Although Mom wasn’t feeling great by any means, she was still herself, and we weren’t expecting anything different than the normal two to three day visit.


The Mayfield hospital was right across the highway from my high school. The spot where I would catch the bus home in the afternoon faced the west side of the hospital, which just happened to be where Mom’s room was this time. She had noticed this and made me promise to wave to her when I was getting on the bus the next afternoon. The distance between the school and the hospital was great enough that I couldn’t see whether or not she saw me waving, but I did just as I had promised her I would. There was no doubt that this action probably looked a bit strange to any of my peers who happened to witness it.


Dad had spent part of that Monday with Mom, but I didn’t go visit her that day. Even though the hospital was only a few miles away from my house, the routine nature of these hospital stays and the low severity of the pneumonia she had acquired warranted that Dad would only shuttle me to and from the hospital every other day or so as to not disrupt my routine too much. Nothing in particular stood out about that Monday, until later that night.


“Chris, wake up.”  Dad said, as he grabbed my arm and gently shook me.


I tossed and turned, not showing too many signs of life.


“Chris, get up.” Dad’s grasp tightened, his shaking intensified. This was very unusual.


“Dad?” The only word I could muster in my only partially awaken state.


“Get your shoes on.” Dad said. “Something happened with Mom, we’ve got to go to the hospital.”


I don’t honestly remember a whole lot about the ride to the hospital. The combination of being awoken from my deep sleep at 3AM and the general shock of the situation left me in a state where I wasn’t sure if what was happening was real, or only a dream.


I do remember that Dad didn’t say a word on the short trip. By the time we had arrived at the hospital I knew nothing more than what he had told me when he woke me up a few short minutes earlier.


We were met in the ICU by our family practitioner, Dr. Jones. Being a small town, Dr. Jones had been our family doctor for my entire life. He was a friend to the family, and we had close ties to other members of his family. His son was one of the few town veterinarians, and cared for the variety of animals we kept over the years. His oldest daughter was a banker and helped provide the financing for my first home many years later. I went to high school with his youngest daughter, although I didn’t know her too well at this point in my life.


Dr. Jones explained to us that Mom had become unresponsive at some point during the night, and her vital stats had dropped dangerously low. They had no idea what happened, and at this point they were still working to stabilize her. My memory of this night is still very fuzzy. We remained at the hospital for several hours until they were eventually able to stabilize her condition, although she remained unconscious. Nobody was able to provide any insight into why she had crashed. Dad wouldn’t let me see her that night, no doubt attempting to shield me from seeing her in that state.


At the urging of Dr. Jones, Dad and I returned home to get a few hours of sleep. We got home just as the sun was rising. I don’t know if Dad actually went to sleep at this point. I’d guess not. I think that the only reason he agreed to go home was for my sake. I was tired and confused, and he knew that I needed to be well rested in order to be able to process the events that had occurred. I woke up a few hours later, realizing that I wouldn’t be going to school that day. We headed back to the hospital.


I distinctly remember the moment I walked into the ICU and laid eyes on Mom. I had seen her in the hospital dozens of times, but I had never seen her like this. She had several lines and tubes entering her body. A variety of machinery lined the walls of the very carefully designed room. The thing I remember most was the heart monitor. I had seen these on TV, but had never seen one in real life. It beeped with regularity just like I had seen on “ER”, a show Mom and I watched every Thursday night.




The beeps corresponded to the spikes on the machines display, coming at regular intervals. I didn’t know anything about medicine, but I knew that this machine measured the frequency of her heartbeat, and that it was of critical importance.


Mom remained in this state for several days, which were mostly uneventful. Dad thought that it was important that I not miss too much school, so I alternated my days between school and the hospital.  Although I was incredibly worried, I surprised myself in my ability to continue through the school day as though everything was normal. It was a strength whose source I didn’t know.


Towards the end of the first week, no news quickly turned into devastating news. Although Dad had tried to shield me from a lot of things throughout my life, when Dr. Jones came in with updates, Dad wanted me to hear it at the same time he did. Looking back, I think it helped him as much as it did me. I don’t have children, but I can’t imagine it’s easy to deliver bad news to them.


Dr. Jones had come to tell us that Mom’s organs were starting to shut down. Her lungs weren’t in the best shape as it was, and now her liver was showing signs of trouble and her kidneys were starting to fail to produce urine. It was clear that this discussion wasn’t easy for Dr. Jones. He was a life long friend of the family, and he was trying to tell a Father and his fifteen year-old son that their wife and mother was dying. I remember the steady sound of the heart monitor drowning out the doctors words.




A few more days passed and Mom’s condition worsened. It wasn’t long until word got out that things had gotten very serious, and visitors started to arrive. Although our family was small, those that existed showed up to see Mom and give Dad and I their support. This included my sister Kim, and my Aunt Sandy, who was also Mom’s best friend. Word had also gotten to my school as my absence became noticeable, and several of my teachers showed up to show their support as well. One of the best things about rural communities like Mayfield is how they rally around people in their time of need.


The number of people around us became a bit smothering. Within a couple of days however, Dr. Jones brought more news that made me forget that anyone else was around. The doctors treating Mom now believed that an infection in the fluid that surrounds her heart was to blame for her current condition. Her already frail state and the years of abuse her body had already taken continued to take a toll, and now her kidneys were barely functioning at all. She wasn’t able to breathe on her own, and she now required a feeding tube.


Dr. Jones chose his next words very carefully. It was clear he had given this speech before, and despite his best efforts to give it in the caring, understanding tone you would expect from a friend, his words came across as somewhat robotic. I can’t say I blame him. I’m not sure a normal human could get through it without detaching themselves from the words they were speaking to some extent.


He explained to us that he and the other treating doctors believed that Mom was dying, and that the machines that she was connected to were now the only things sustaining her life. Very carefully, but very clearly, I listened as Dr. Jones explained to my Dad that he had to make a decision on whether or not measures should be taken to prolong my Mom’s life. It was the very same speech I had seen doctors give to fictitious patients on “ER”. He insisted that Dad shouldn’t make the decision immediately, and that he should take some time to talk to the family about it.


The rest of that day I witnessed a range of emotions I had never seen from my Dad. A man that wasn’t used to showing emotion whatsoever was attempting to deal with what I can only imagine was sadness, confusion, and anger all at once.


At one point, I remember Dad speaking to me angrily as we sat next to Mom’s hospital bed. He wasn’t mad at me, but mad at the situation he found himself in. “Son” he said, “I don’t wish this on anybody. Not my worst enemy. If they ever try to hook me up to any of these machines, I want you to let me die right then and there. This isn’t right.”


It was hard to hear Dad talk like this. He had never been so candid with me about his own mortality. I wasn’t prepared to handle it. I had tried for so long to stay strong for Dad, but this was too much. I broke down crying as Dad tried to comfort me. The only thing louder than my sobbing was the rhythmic beeping of the heart monitor.




Several hours later, something truly remarkable happened. Dad, Kim, Sandy and I were staying in a nearby empty room the hospital staff had provided for us. Dr. Jones came into the room hastily without knocking. Mom was awake.


We wanted to rush to her side, but Dr. Jones stopped us before we could exit the room. He spoke quickly but concisely. This was another speech he had given before. He explained to us that although Mom was lucid and communicating, that this didn’t mean that she was getting better. In fact, these moments of lucidity were often an indicator that things were about to get much worse.


As Dad, Kim, Sandy and I went into her room, my eyes made contact with hers. Her eyes grew wider and the rhythm of the heart monitor increased. It was the first time its rhythm had changed since this whole event had started. She tried to talk, but the breathing tube in her throat prevented it. Not more than a moment later, a nurse came into the room with a special card that was used for situations like these. The card had all of the letters of the alphabet on it, as well as numbers, a few common conversational phrases, and thumbs up and down symbols.


Mom attempted to point at letters on the card, but to no avail. She didn’t have her glasses, and we weren’t able to find them immediately. She improvised quickly, and pulled my Dad close to her. She started writing letters with her finger on his chest.


Her first question was simple.


“What happened?”


Dad explained the gravity of the situation and the events that had taken place as best he could. Eventually, Dad began to explain to her the seriousness of her condition, and that the doctors believed she was dying. Mom reacted to Dad’s words as he delivered the news to her. She winced on a few occasions, and at one point tears began to roll from her eyes and down the side of her face.


Once Dad was finished, he asked her if she understood how serious the situation was.


She nodded.


Next, Dad explained to her that her new state of consciousness could be a sign that she was about to get much worse.


She nodded.


Finally, Dad told her that the doctors caring for her didn’t believe she was going to survive her current state. He explained, almost word for word, what Dr. Jones had told him regarding the use of extraordinary measures. Then, without wasting any words, my Dad asked his wife of thirty years if she wanted the life support machines to be turned off, and if she was ready to die.


Her gaze went around the room as she made eye contact with each one of us independently. She paused for a few seconds as she looked at each of us before moving on to the next. First Dad, then me, then Kim, then Sandy, and back at Dad again. It was though she was trying to gauge our reactions. That she was trying to comfort us in some way, knowing that she couldn’t speak to us or reach out and hold us.


One more time, she nodded.


Seeing her awake helped me to hold back any tears that might have otherwise poured out of me. I felt like I needed to be strong for her and my Dad. As much pain as I was feeling, I knew Dads had to be exponentially worse.


A few minutes later, as the gravity of the situation set in further, Mom motioned for me to come closer to her and take her hand. She looked at me and then to my Dad, and began writing letters on his chest with her finger.


She wrote a capital G, followed by a small O. She paused briefly, and then wrote a capital P, and a straight line indicating a lowercase L. She paused once again, noticeably wincing. I wasn’t sure if the wince was a result of the physical pain she must have been in or an emotional response to the current situation. She began writing again, making the lowercase letters A and Y.


“Go Play.”


Mom didn’t want me to see her like this. It wasn’t fair that I had to see her die; that I had to watch her slowly dying for the majority of my childhood.  Just as her and Dad had been so protective of me in all situations of life, she wanted to protect me from having to experience the pain that was growing inside me. She was literally dying in front of me, and her only concern was protecting me from that pain.


It was too much.


I left the room before my tears had the chance to overtake me and collapsed into a chair positioned just outside of the ICU room. I stayed in that chair for several minutes as the others continued to communicate with Mom. Although I could audibly hear their voices, I didn’t retain a single word of their conversation. I couldn’t take it. I had to escape. Once again I found myself focusing on the beeping heart monitor.




It wasn’t long after that before Mom drifted back into unconsciousness. Two more days passed and she continued to worsen. Honoring Moms wishes, Dad signed the paperwork to end life support on a Tuesday morning. It just so happened that day was their 30th wedding anniversary.


The doctors explained to us that once the life support was removed, it might take quite some time before anything happens. We remained vigil throughout most of that day. Towards late afternoon, Mom became conscious once again.


In the hour or so that followed, we all spent some time with her individually. She was able to talk, although it was very laboring for her, so her words were kept to a minimum.


My dad went first. I’ve thought about what might have been said between them many times, but I’ve never asked, and I never will. I can’t imagine what words a husband tells his dying wife, or how a dying mother ensures her husband knows that he is capable of raising their son by himself. I truly hope that when my time comes, it happens quickly, and that I go before my wife. It must have been agony for both of them.


I honestly didn’t believe I would ever be able to talk to Mom again, so I wasn’t prepared when it became my turn to say goodbye. I won’t go into the details of everything that we discussed, but there were a couple of really important things. First of all, I felt that it was important that she knew that I would take care of Dad as much as he would take care of me. I told her that we would never be whole without her, but that we would make it because of her impact on our lives.


Mom lay there and patiently waited for me to say everything that I felt I needed to say. Then, she spoke to me. She made sure I knew how proud she was of me and that I knew how much she loved me. She told me how important education was, her herself not having graduated from high school. She obviously regretted that. She also told me that I should pursue my interest in computers, and that I was bound for great things if I did. These things didn’t catch me too much by surprise as they were recurring themes she continually reinforced to me when she had been in better health.


Then, she brought up something that caught me entirely off guard. Something that we had never really talked about in great detail, and that was her faith. Speaking with more clarity than I could have imagined was possible in her debilitated state, she spoke about God, religion, heaven, and hell. She wanted me to know that I knew where she was going when she died; that her soul transcended her physical being because of her relationship with Christ, and that there was no relationship more important than a person’s relationship with God.


She continued, and told me that she greatly regretted never discussing this with me, before now. She told me that she wasn’t afraid of dying, because she was going to walk with God in all of his glory, and that there would be no more pain where she was going. She spoke about heaven in the same way a young child speaks about Christmas or Disney World, with childlike wonder, and amazement. She made sure that I knew that I would see her again some day. She told me that God needed her more than I did now, and that this wasn’t goodbye, it was just merely “See you later.”


Finally, she told me that there was nothing more important to her than my establishing a relationship with Christ. She pronounced that if I was to put faith in Him that all things would be possible, and that alone I am nothing but flesh and bones, but through Him I would gain eternal life. Mom and I prayed together, and it was in that moment that I accepted Jesus Christ as my savior.


Not much longer after that, Mom drifted back to sleep. I was lying down in the extra room we were staying in several hours later. It was just past one in the morning and although my mind had been racing, I managed to fall asleep from pure exhaustion. Then, I was abruptly awoken by my sister’s voice.


“Chris, wake up. It’s happening.”


I rushed into the Mom’s ICU room. Dad was at her side rubbing her forehead. I looked to the heart monitor. The beeping had slowed and the numbers displayed on the screen were dropping lower.




Sandy placed herself at the foot of the bed. Kim moved to the far side of the bed. I positioned myself next to Dad. He took my hand and placed it into my Mom’s left hand at her side. I grasped it tightly.




The numbers on the heart monitor continued to drop. Both Kim and Dad’s gaze were locked on Mom. Her last moments we growing nearer.




As the numbers inched lower, Mom’s eyes opened slightly. She looked intently into Dad’s eyes while he looked back at her. Then her eyes slowly moved to the right and made contact with mine.




Her hand squeezed mine ever so slightly. Her mouth moved very faintly. As it started to move we all leaned in closer as she said two words to me…“Go Play.” I managed to hold my tears back. I had to remain strong for everyone else.




She looked back at Dad. He spoke to her, “It’s happening.” He said. Then he asked her, “Are you ready?”


She nodded, and then she faintly said to Dad, “I love you”.


We all remained silent. Dad stared intently into Mom’s eyes as her eyelids closed for the last time. Kim held her right hand, as I grasped her left. Dad gently stroked her hair back from her forehead as she took her last breath.




The numbers on the heart monitor were no longer visible. The nurse who had been in the room turned and switched the machine off. We lingered for a few more moments, and then we left the room together.


Mom had gone to be with the Lord, and she was no longer in pain.



Losing my Mom was without a doubt the hardest thing I’ve ever been through in my life. It was difficult to see at the time, but those last few days with her changed my life. I entered that experience as an empty shell; a person who was living for nothing. I had no future in life or in death. I was simply going through the motions.


After Mom’s passing, something very unexpected happened. My family started looking to me for the same strength they used to rely upon her for. This was especially evident a couple of years later when we lost my Aunt Sandy and my sister Kim.


Romans 1:19-21 tells us that God makes himself apparent to everyone at some point. Further, Romans 10 tells that we learn that everyone has the chance to be saved by the grace of God; they must only be prepared to accept it.


Romans 10:9 says:


“Because, if you confess with your mouth that Jesus is Lord and believe in your heart that God raised him from the dead, you will be saved.”


Sitting next to my Mom, as I felt the life leaving her body, I had been saved. I had been transformed, and as time went on my life quickly gained clarity and focus. I began to find immense joy in the things and people around me, I turned my computer hobby into a career, and I began to study His word and live through it. I started loving others more than myself. I gained patience, kindness, and strength. These things had been inside me all along, but God had now provided me with the ability to recognize it. I had been reborn in Christ’s love. I was living for something bigger than myself. I was living for Him.


When tragedy occurs in our lives, it is very hard to see that it is all a part of His plan for us. There is no verse that states it more beautifully than Jeremiah 29:11-13:


“’For I know the plans I have for you,’ declares the Lord, ‘plans to prosper you and not to harm you, plans to give you hope and a future. Then you will call on me and come and pray to me, and I will listen to you.  You will seek me and find me when you seek me with all your heart.’”


Although she is no longer with me in body, I feel her spirit with me every day. Everything God does has a purpose. Everything He does is part of the plan he has for me. He took my Mom on that cold October day because He needed her more than I did.  He used my Mom to bring me into the body of Christ and to radically change my life. I don’t think Mom would have had it any other way. I can’t wait to talk to her about it some day, and I can’t wait to see what He has planned for me next.