Tuesday, March 05, 2019

Book Writing Misconceptions

You have to admit, our industry is fraught with misconceptions.  Misconceptions and misunderstandings about business practices, about what things should be versus what they really are, about what some data represents, misconceptions about how many emails some people get, and misconceptions about how "busy" people are. The list goes on. From my own perspective, I get it.  I've been in work-from-home positions since about 2006, but even when I was working in an office or "cube-farm", my world view was somewhat limited. As such, I really try to ask and find out before I make an assumption about something...I try.  That doesn't mean that I always succeed.  But I do think that it's human nature to make some assumptions about things.

From an external perspective, over the years I've received emails and messages that have started off, "...I know you're probably too busy to answer this...", but that's never been the case.  Ever.  In more than a few instances, I've responded in under an hour, and in cases where the exchange has been about RegRipper plugins, I've returned a working plugin in under an hour, and then proceeded on to provide something a bit more polished, usually in under 4 hrs.  This is simply meant to illustrate my point, that someone who doesn't have any insight into my daily work life will assume that I'm "too busy", but that's simply their perspective, developing in isolation from any meaningful input.

Okay, that being said, on to the part of this post that deals with writing books.  I'll be the first to admit that when I started down the road of publishing my first book I had what turned out to be a few pretty big misconceptions about what working with a publisher would do for me, and I'm here to share them.

Before I get started, however, let me be clear...I'm not asking for anything.  I'm not writing this in hopes of getting feedback, nor to get anyone to change what they do, nor to suddenly pick up a banner and charge forth.  Not at all.  I'm simply pulling together stuff I've had sitting around in draft form, and I thought I'd put it out there.  If this shines a light for someone, great. 

Also, I've cancelled my contract for book number 10, which was to be titled, "Practical Windows Investigations". The content of this book had been shared here and here.

Okay, then...let's go.

Book Writing
I didn't embark on this journey to obtain notoriety or fame.  I started down this road because I had found the books on my topic(s) of interest wanting...I couldn't find any books containing the content that I wanted in bookstores. As such, I decided that I wanted to put together a book that I would want to take off the shelf of a book store, and proceed to check out.  In most of the cases to that point, I had seen titles that contained the words "Windows" and "forensics", taken the book down and thumbed through it, and then put it back, dissatisfied with the content.  I did ultimately purchase several of the books, but that was because I wanted something in front of me to remind me, "not this".

You don't get rich writing books, especially books in a genre such as DFIR.  This is not a condemnation of the community, it's a simple fact.  Simply put, the topic is far too niche.  What you do get out of it is a bit of taxable income which seems great before taxes, but come March and April is another part of the paperwork that you need to be sure that you have in order.  This is not a complaint, it's simply a fact.

At one point, years ago, what I was doing and writing caught the attention of someone at Microsoft, and they used part of their team budget to provide me with an MSDN account.  This allowed me to get access to newer operating systems (this was pre-Windows 7) and applications, in order to answer questions like, "...what if you do that with the newer OS/application?"  However, he moved on from his role and there was no more interest from Microsoft, and the subscription lapsed.

Marketing
Maybe the biggest misconception I had when I started, and held even during the early days of my publishing "career", was that somehow the publishing company was going to the marketing driver for the book(s), and that they'd be wildly successful because of that.  I thought that somehow, maybe at some point, I'd write something that would get the attention of Microsoft, and through those marketing efforts, I'd somehow "level up" and embark on a new and exciting career path.  Again, that was a pretty big misconception on my part.

Okay, now for a marketing "war story".  Keep in mind, I'm not a marketing person, but at one point, I was due to speak at a fairly big conference ("big", as in within the DFIR community), and I noticed that there was a total of about half a dozen folks attending that same conference who all had published titles under the publisher's imprint.  And those titles included the word, "forensics", as did the title of the conference.  I reached to the publisher and asked if there were plans to sell books at the conference.  After all, this is what one would call a "target-rich environment".  Set up a table, have books available, and have the authors come sign books after their speaking event.  While the publishing company did have a relationship with the conference vendor, it turned out that there were no plans to do anything with respect to that conference.  After a back-and-forth, and an incredulous email or two from me, the publisher decided to their credit that while they were on a family vacation in the city, they would bring a couple of boxes of books and set up a table.  All of the authors in attendance rallied, and stopped by the table at various times to sign books that had just been purchased...pick up the book from the table, pay for it, shuffle a few steps to the right and get it signed by the author, who was just speaking on the podium a few minutes ago.  By the time the event was complete, the publisher had only a few books left.

I never understood why this had not been part of the plan.  When I had asked about the marketing plan for previous books, I was told at one point that the publisher had a list of 101 "big names in the industry", to whom they would send books and hope for a review.  I got the list and noted that most of the names on the list had no interest in host-based, nor Windows, digital forensic analysis.

The publisher does not ask me about attending conferences for book signings.  Sounds cool, I know, but it's not something that was done.  Would it make sense for the publisher's marketing department to contact authors about conferences focused on the community (digital forensics, IR, threat response/intel, etc.), maybe help get them a speaking slot, and then have those speakers spend time at the publisher's table signing books?  Yes, it would...but perhaps due to very limited marketing budgets, it doesn't happen as much as you'd think.  Again, a big misconception on my part.

In my experience, all of the marketing for published books needs to be done by the author, through whatever social media networks they have.  The other step I've taken to promote the books is, over time, I've developed a position where I've been able to negotiate some changes to the default contract; one of them has been the number of complimentary copies of books I receive.  When I get them, I then send signed copies to those folks in the industry who've had the greatest impact on the book being published, and others I give away.

Follow-on Editions
Another misconception of mine, based on the language in the contracts I signed, was that the publisher might "find value" in a book and come to me about writing a follow-on edition to a book.  It turns out that this was never the case.  WFA 2/e?  That was something I pushed, as it was with editions 3 and 4.  The same was true with WRF 2/e.  None of the follow-on editions were the result of the publisher coming to me and suggesting/requesting the new edition, due to the success of the previous edition or requests they'd received that a follow-on was needed/due, etc. 

Similarly, the creation of follow-on editions hasn't been something that's been requested or pushed by the community.  For the most part, if an edition needs to be updated, if anyone contacts me about it, that's all they say.  "It's out of date", or "it needs to be updated".  When I ask for specifics, along the lines of "where would you like it to go?" or "what topics would you like to see addressed?", that's where the exchange comes to a grinding halt.

Another aspect of the follow-on editions that likely led to a drop in sales was a move to standardized cover art.  As a concept, this was a good idea, but the execution led to considerable confusion.  What happened was that most of the titles used similar cover formatting, and while the words were different, the colors were similar.  For example, only two shades of green were used, so when I took copies of the newly published Windows Registry Forensics to a conference as give-aways, one of the recipients told me that he already had the book.  As it turned out, he had Windows Forensic Analysis, but the cover art and colors were so similar, he couldn't tell the difference between the two books (yes, even though the words on the book were different) without looking closely at the words.

Having copies of my books on my bookshelf, side-by-side, all with similar cover art and color looks pretty cool.  Add Brett's books right beside them and to me, it looks impressive.  However, in practice, it made the books difficult to distinguish and likely lead to missed sales, as casual observers saw the design and color, decided that they already had a copy, and moved on.

Feedback
After I had completed IWS and it had been "on the streets" for about a month or so, I received a survey from the publisher.  The questions were centered around requesting feedback regarding my experience with the production of the book.  Well, I'll tell you that my responses and comments were not what one would call "glowing", and at the end of the survey, I checked the box, "yes, I would be willing to discuss my responses...".  I never heard back.  This was my ninth published book, albeit the first under this particular publisher (this one had purchased my previous publisher).  I assumed (incorrectly, again, it seems) that my considered comments would have some level of credibility, and that sending me the survey was something more than simply pro forma and rote.

Royalties
Guess what?  Writing DFIR books does not get you to a point where you can retire as soon as your first book is published.  Or even your second or third.  Lots of folks in the community assume that because they enjoyed the book or because they have the book, everyone has it and the author is living in a mansion between Dean Koontz and Stephen King.  Nothing could be further from the truth.

While I'm happy that several of my books have been translated into foreign languages (looks good on my bookshelf), the fact of the matter is that in one case, I made $20 on the deal.  Before taxes.  Publishers sell the right to translate the book for a set fee, and the author gets a royalty on that fee, not on each of the books actually sold in that language.  No, this wasn't a shock to me, as I'd read the contract.  Honestly, I hadn't expected any of the books to be translated into another language.  I'm simply sharing this to clear up a misconception.

Conclusion
After all of this, I had to ask myself, why am I signing over my intellectual property to someone who's not really interested in it, has no interest in supporting the continued development of it, and at the end of the day just made it harder than it needed to be to get a book published.

I've tried three times over the years to get the publishing company I was working with to move in a direction that made the process for authors in the DFIR community a lot smoother to get a book published, from cradle to grave.  The plan I laid out cost the publisher nothing to implement, and the first time I brought it up there were a lot of misconceptions; it seemed that the publisher could not fathom the idea, and filled in what they saw as "gaps" with assumptions.  By the time I got the editor on my side and championing the idea, she left the company and I had to start all over again.  I realize that you can't change a 500 year old business model overnight, and I wasn't trying to, but it became clear that the publisher did not want to move in the direction of increasing the number and quality of DFIR books they were publishing, so why bother?

My thought was that I could act as a liaison for new authors, to help them understand the process and set expectations, and help them overcome some of the hurdles they would encounter.  In short, to help new authors get published and ultimately have a wider range of material and topics covered and available.

The Community
There's another side to this that isn't talked about, and it's the misconception(s) held by the vast majority of the "community".   Most of the folks I've engaged with over the years seem to have the belief that if someone gets a book published that they're somehow "famous", an "expert", and far "too busy" to be bothered with a call or an email.  That "busy", in their minds, seems to translate into "rolling in work".  "Busy" is a badge of honor that many seek out, but I've been working pretty hard over the past year to abolish my own use of the word, even in casual conversation.  This is due to the fact that even if I'm working hard on something...a report, creating the smallest weaponized LNK file possible, whatever...sometimes taking a break to either address a request or tell them I'll reply later is a good distraction.

The honest truth is that I'm somehow "famous" or a "rock star" simply not the case.  I still have to apply for jobs, just like everyone else.  I still have to submit to CfPs to speak at conferences, just like everyone else.  I do not get calls or requests to perform actual analysis work, and at one point (right after my third book was published), I was literally turned down for a job simply because I had published books.  That's right; I was told, "...we can't afford you...", even though we had not gotten to the part of the interview process where we were discussing compensation, and HR hadn't even asked me about my current salary.

Several years ago, I was contacted by an attorney via LinkedIn, and asked to do some work, which I did pro bono.  I wasn't the first, nor only person contacted, but I was likely the first one to respond.  It was a fascinating case (because it was real world) and the result was that based on my report, the judge decided to drop the case.  The fact is that the person who reached to me had no idea who I was, and had simply taken a chance on contacting me based on my social media profile.

My point is simply that I've been told many, many times that someone did not reach out to me because they thought I was "too busy".  This is true no matter how many times I've dispelled that myth.  In some cases, I've turned a request for a new RegRipper plugin (or an update to an older one) around in an hour, and returned something a bit more polished in four hours.  I've answered questions, responded to emails, and been on phone calls...when asked.

9 comments:

Brett Shavers said...

Before I started in forensics, the first person that I ever asked about the forensic field, with an email leading to a phone call, was Harlan Carvey. That one call to someone that I didn't even know at the time made all the difference in the world.

Basically, I was some cop working dope in some state that called Harlan out of the blue to talk about "forensics". That one call made all the difference and I am certain Harlan had little idea of the impact of his words on that day would have on me. But now he does.

https://brettshavers.com/brett-s-blog/entry/i-ve-answered-questions-responded-to-emails-and-been-on-phone-calls-when-asked-harlan-carvey

scar said...

So true, on all counts. I've had very similar conversations with my publishers, along the lines of "I'm going to these conferences, and so are several of your other authors, what about setting up a stand?" and been met with a distinct lack of enthusiasm. The marketing team at my publisher's company did basically nothing to promote the book; luckily I have my own marketing streams to work with, but it wasn't helpful having so little support from the publishers themselves.

With the next book I'm tempted to go down the self-publishing route even though that's something I assumed I wouldn't do; I had such a negative experience with publishing it the traditional way the first time that I don't really see the point in doing that again.

And I agree re. the 'busy' thing too - I'm always happy to engage with people and I remember what it was like to be a young, shy person new to the industry, but it's hard to help people if they're so afraid to email you that you don't know they need it!

Harlan Carvey said...

Scar,

> I had such a negative experience with publishing it the traditional way the first time that I don't really see the point in doing that again.

I've seen a number of other folks who've had similar negative experiences, to the point of cancelling contracts, in some cases, before even really getting started. This is why I kept going back to the publisher to try to establish a liaison role.

re: the "busy" badge of honor - I have SO many examples of what happened when someone simply asked, and didn't dig that hole of excuses. It has always amazed me what incredible leaps forward have been made when someone simply reaches out.

Harlan Carvey said...

Brett,

Thanks, and you're right...I don't remember the call. There are some that I do, some that stood out for one reason or another, but please do not be offended by that.

"Semper Fi" are not just words that I share.

Anonymous said...

I think your covers should be more interesting, and should give you a visual clue as to what the book is about. I don't understand why you can't self publish. Printing books is not the complicated process it use to be, and you are not dependent on getting the book in "brick and mortar" stores to sell it. I would be more likely to buy a book if I knew the author got more out of it than the publisher.

Harlan Carvey said...

Anonymous,

> I think your covers should be more interesting...

Thanks, but that wasn't my call.

> I don't understand why you can't self publish.

I'm exploring it now. Even with self-publishing, there is still an issue of content. The DFIR community, in my experience, has largely been reticent to share what they'd like to see in a book, to the point where it can be created.

dougk said...

In 2011 I was just beginning to consider an industry change, out of government contracting and into the private sector. I want to Harlan's LinkedIn page and about 20 minutes later I got this email:

Harlan Carvey has sent you a message.

Date: 9/22/2011

Subject: Hey

Doug,

I see that you dropped by my LinkedIn profile, and that we have some common interests.

Is there anything I can do for you?

Harlan graciously agreed to grab some sushi with me and let me pick his brain about his experience moving from government contracting into the private sector. That lunch put me on the path that eventually led me to work from home for a great fortune 500 company doing forensics and Insider Threat exams.

Thanks again Harlan!

Harlan Carvey said...

Good times, Doug, I enjoyed the opportunity. Hope you're doing well.

CuriousOldHarry said...

I've been following your Blog and your work for years. I have
recently sent your post on the Misconceptions on Book writing
to a friend, who has published his book on Bash Scripting with
Booklocker, and he has experienced a lot of what you have
described in this posting of yours.

Considering that you have expressed an interest in self
publishing, I thought that you may find the article from Linux
Pro to be of interest in their description of Open Source tools
for e-books. Here is a small part about this topic from this
article :

" ... if you are producing ebooks yourself, Calibre is also a
one-stop app for editing ebooks and exporting them to multiple
formats. " " The simplest way to edit ebooks is to write them in
LibreOffice and export them to Calibre. "

To read more from this article, here is a link :
< http://www.linux-magazine.com/Online/Features/Open-
Source-Tools-for-Writers/(language)/eng-US >

OBTW, I had meet you at OSDFC's early meetings when it was
in the Summer. Also, it looks like we know some of the
same people - Danny Garcia and Scott Moulton.

Keep-up your good works and thank you for time to read this
comment !