"The point is not in the muse and inspiration. The point is in labor." An honest interview with Alexey Lukatsky about the pros and cons of book writing

Alexey has written many books, at least five, and a lot of articles and publications: if you include posts on Telegram and the blog, then several thousand. But we decided to start the conversation with the first book. The first one is the most memorable and, no matter how you look at it, the most difficult. Maybe even the most favorite. However, let him tell you about it himself.

• How did the idea to write about attack detection come about, what (or who) inspired you?

🤠 Over the years, it will be quite difficult to remember. Most likely, it was the desire to "put everything together," because by that time I had been working on the topic of attack detection for several years and had a lot of material on this topic. I wanted to systematize them. Moreover, at that time, no books on this topic had been published in Russian, except for, I think, a couple of English translations, and those were not very high quality. When I was already in the process of writing, a book by professors from MIFI was published, but it turned out that it was plagiarism on plagiarism, including my materials. Therefore, I do not count it. Let me be the first author of a book on attack detection in the country. No one cares, but it makes me happy.

I will not hide that there was another motivation for writing the book at that time - gaining fame. I was not even thirty yet, and I wanted recognition, publicity, and status. I was young, what can you expect from me. And the book was and probably remains a very good support for acquiring all of the above. That is, when you collect the quintessence of knowledge, skills, and put them in a book, it is very good not only for the person personally, but also for his so-called publicity, visibility, and many other beautiful English words.

So I will not deny it: I wanted fame (what else can you want at that age?). I wanted to leave my mark. And I can say that it was the first book that probably gave me a serious push in becoming a well-known information security specialist.

All other books were perceived by me as a kind of challenge. The second edition of "Attack Detection" just had to be written because I gained experience and new knowledge that I wanted to include in the book. The English edition appeared both for the sake of earning money (I had an idea - as it turned out, wrong - that I could become the "Dontsova of Information Security" and rake in dollars with a shovel), and because I wanted to try and understand: what is it like to write in English without knowing the language itself? I can't say that this experience was successful, but it was still an experience.

The subsequent books were just for fun. For example, "Myths and Misconceptions of Information Security" is just an interesting story for which I wanted to collect various stereotypes that had accumulated at that time and debunk them. Moreover, the publisher did not require me to submit all the material at once: we agreed on phased publication over a long period, which at that time was more than a suitable option given my workload. And again, a new experience: this book was published entirely in electronic form on the bankir.ru website, where bank security officers had been sitting for a long time. Unfortunately, this forum is now dead :-(

• How was the title invented?

🤠 "Detection of attacks" is not a very creative title. So I didn't really try hard when choosing it for my first book. But there is an interesting story behind it. I already mentioned the plagiarism of my materials and the publication by MEPhI teachers (and they are still working) of a book they called "Intrusion Detection," which is a calque from the English term intrusion detection. But I didn't want my book to be associated with this title, so I replaced the word "intrusion" with "attack." That's how "detection of attacks" came about. Interestingly, from that moment on, there was a division in our country: attack detection systems "went" under the wing of the FSB, and intrusion detection systems - under the wing of the FSTEC; although in essence these are the same solutions, but they are regulated differently. I don't know if this is related to the publication of my book, but if so, it's nice to realize that you are the author of an entire term.

• How did you find time for creativity?

🤠 When I wrote my first book, I had time. Although I was already married, I didn't have children yet, and I could find time for creativity. Now there is much less of it, and therefore, despite having a fairly large amount of material, experience, ideas, and even partially finished manuscripts, I still can't sit down and bring them to a victorious end. But the other day, during my vacation, I read the book "Getting to the Point: How to Overcome Writer's Block and Create Texts Without Suffering and Pain," from which I gleaned a few interesting ideas on how to find the most irreplaceable resource in this difficult period :-) For example, it sounds banal, but I hadn't thought about it before. You don't have to follow Stephen King's advice, who claimed that if you don't write for 6 hours a day, you're not a writer. And his advice about 2000 characters a day is also not the ultimate truth. Every writer has their own rhythm, their own habits, their own life. Therefore, you don't have to chase hours and thousands of characters - it's enough just to write. Today you wrote 10 words, tomorrow 500, on the weekend 2000, and then you have a whole week off. But the main thing is not to stop and write, even a little, but write.

• How did the writing process itself go?

🤠 In the standard way, as all the experts in this matter advise. First, a high-level plan is written, then it is broken down into sub-levels, and when a sufficiently detailed plan is formed, its content, text, images are filled in.

By and large, I didn't know anything but Word at the time of writing. Now I understand that there is special software for creating books, for example, Scrivener. But then there was only Word, into which I entered the text and did the formatting myself. Moreover, I drew the pictures myself using Microsoft Visio. When the manuscript was 80-90% ready, I found a publisher that was ready to publish it all. All my other works were written in a similar way. Now I use Scrivener, which helps a lot in the process of creating content: it allows you to focus on writing, not on formatting, like Word. But in general, each author probably has their favorite tools. My colleagues, who have now finished writing the book, used Google Docs.

• Did you make a lot of money, if it's not a secret?

🤠 I had certain illusions about how to make money on a book, but when I was told how it could be done, I realized that writing is not about money. At least technical literature in Russia is definitely not about making money. In short, I was offered two schemes (I don't know how it is now, but I think little has changed): either I get a fixed amount for each page of the book, regardless of the number of subsequent reprints, or I get a certain percentage of the books sold. I chose the second option, as I was confident in the quality of my content and that the book would be in demand, which means that one edition of 3000 copies would definitely not be limited.

And indeed, the book was reprinted several times, both the first and second editions of "Attack Detection". But I will say right away that the fee from the book was less than my then monthly salary. I did not receive anything at all for the English edition. So for those who think that you can make serious money on a book, alas and ah, if you are not Dontsova, and the subject of your creative aspirations is not fiction, it is impossible to make money on technical book writing in Russia (I am not sure that the West is different in this regard). This is my point of view. And rather, it's about pleasing parents, a line in a resume, giving yourself status. For young people, this is an opportunity to become an idol for others.

Therefore, it is not worth building illusions about huge earnings for technical literature writers - they have a completely different motivation.

• How much time did it take from idea to print?

🤠 There were no special life hacks and tricks when writing the book. It took me about six months. And this is probably plus or minus the average time to write a more or less good technical book that conveys some practical experience. You can probably write something about paper security much faster, but it will not be so interesting, in my opinion. Therefore, it is necessary to lay down at least six months, and you need to understand that during this time you will be taking away from something or someone: either from work, and work must agree with this, which is not often the case, or from your personal life, from family, which is also not easy, or from studies.

Writing a book is, on the one hand, a very interesting challenge, experience and generally a useful thing. I recommend everyone who has something to share to take on this work. But on the other hand, you need to understand that for at least six months you will be torn out of life. Or, if you do it at a more relaxed pace, for a year or more.

Now, perhaps, we can try to speed up this process a bit with the use of artificial intelligence, but it's a double-edged sword. After all, AI still cannot fully replace the style of a particular person. In order to teach a neural network to write in a specific style, it needs to be fed a huge amount of already written texts, and for this, at least, they need to be available. Not every writer has a large number of articles, like me, for example :-) I have hundreds of these articles and thousands of posts on social networks. If you add up all my posts on social networks, Telegram, blog, and so on, the count will go into tens of thousands, and this is not an exaggeration. You can publish several books from just your posts. At the very least, train artificial intelligence on them. And maybe someday I will try to conduct this experiment. I'm even curious to see what happens in the end. But today, artificial intelligence is more of an assistant in writing a book than a full-fledged co-author or replacement for a real author.

• Is the topic of your first book relevant? Why do you think so?

🤠 The topic for the first book, as well as the second and third, if we take the English edition, was the same - it is attack detection. It is still relevant. Moreover, I regularly strive to return to it. I even have a ready-made table of contents for the book: it will be called not "Attack Detection", but "Threat Detection", because more than 20 years ago we mainly talked about attacks, and there were few tools for detecting these attacks. There were network and host-based IDS - and that's it! Now there are many more such tools, and the process of implementing attacks is much more complicated - they become multi-vector, multi-step. Attackers use different techniques and tactics to achieve their goals.

Yes, detection methods have also advanced significantly: they can be implemented not only at the victim's infrastructure level, but also on the internet, as well as in the attacker's infrastructure. And therefore, there are many more threat detection technologies. And there is much more mathematics behind them. That is, it is not just conditionally statistical analysis or signature methods that were used before. Today, machine learning is actively used, various combinations, graph approaches, and more are used. There is a lot of science in detection, so we need to talk about it. And most importantly, many related topics have arisen around threat detection: threat hunting, threat intelligence, security operation center, automation, detection engineering, and more. All of this fits into the general theme of threat detection, so it is more relevant than ever.

Perhaps, under the influence of this interview — and others that I have given recently regarding working with words and content generation — I will still carve out time in my rather tight schedule and try to finish what I have already started. The New Year holidays were quite fruitful, and I made good progress towards my goal.

The book I published in 2000 was in high demand even then. It was interesting, it was used as a textbook in many universities, although it was not officially recognized as such — because it would have brought a lot of problems, bureaucracy, and red tape on the one hand and completely unnecessary efforts and costs on the other. But I still receive positive feedback on it, which, I will not hide, is pleasant. Sometimes people even bring it to some event and ask me to sign it :-)

Now, with the benefit of my experience, I understand that I can write it even better. Although I have become slightly more detached from practical experience compared to what it was 20, almost 25 years ago, I have gained much more other knowledge that can be put into the book. The topic is not just relevant, it will be relevant for many, many years and, possibly, decades, because hacking is an indestructible phenomenon. And since it is indestructible, the threats that are realized by hackers are also a phenomenon that will be with us for quite a long time, if not for life. And that means they need to be able to detect them!

• Who is your book for? How did you imagine your reader back in 2001, and how do you see them now?

🤠 Initially, I wrote the book for security specialists. In 2000, there was not much difference and a large number of classifications of these very specialists compared to what there is now. Today there are SOC line analysts L1, L2, and L3. There is a threat hunting specialist, an investigation expert, a forensics expert, an automation specialist, a detection engineering specialist, and so on, but before it was one person. Therefore, I did not make any distinction for my target audience. Moreover, I will say a seditious thought, I wrote the book largely for myself, because I systematized the knowledge I had. I did not have a portrait of the target audience for whom I was writing in my head.

Now, probably, I would form such a portrait and try to write a book for leading specialists, analysts, architects, managers, or deputy managers of cybersecurity, that is, not for those people who work in the fields and manually "twist" various commercial and open-source threat detection solutions, because I am unlikely to have anything to share with them. From a practical point of view, it seems to me that they can teach me much more than I can teach them. But I probably have a broader outlook, I can look from a bird's eye view at the architecture of the solution, at the methodology of working with threat detection technologies — and in this, I think, is my strong point.

• What is the most important thing in writing a book?

🤠 It must be admitted that it is important to actually sit down and finish this very book, because usually the project starts with such enthusiasm, as if the Booker or Pulitzer Prize or many other awards, huge fees, autograph sessions in the best bookstores, crowds of fans and admirers, and so on are looming on the horizon. But in reality, after about a month, the enthusiasm fades, and you have to force yourself to write. This is probably the main problem for any writer, not the fear of a blank page. Although it also exists, but the blank page can be perfectly overcome by feeding a couple of theses to artificial intelligence and saying: "Write me a few paragraphs of text." It will write them, and you can further refine them. Or, when I have a table of contents, it is easier to fill it in.

But maintaining a regular level of writing is a big challenge. This means that you need to write at least 2000 characters a day, which is about an A4 page. In six months, you can expect a book of about 150-200 pages. This is a good book.

An A4 page is, of course, not printed sheets, there is a completely different mathematics. But the point is not this, but that writing 2000 characters every day is not an easy task. It is hard work because you have to force yourself. In some cases, you have to struggle with this very text, because the muse, inspiration - these are all beautiful words, but believe me as a person who has written several books, and a huge number of articles, and even more posts: it's not about the muse or inspiration, it's about work. If you force yourself to write every day, then at some point this process turns into a kind of routine and normal work. And only this way, no other way.

Although after reading the above-mentioned book on how to remove writer's blocks, I understand that the mantra about 2000 characters a day is nonsense and excuses. It is she who, perhaps, is stopping me now. It doesn't matter how many characters I wrote in a day, 2000 or 100. The main thing is to write them. Today, while riding the subway, I wrote 200 words. Tomorrow 15. On weekends I wrote 10 or even 20 pages. The main thing is to write! On a napkin, in a notebook, on a phone, on a laptop... Sit down and write, you wimp! This is what I tell myself, just so you know!

• How did readers initially perceive the book?

🤠 As for the perception of the book, it is difficult for me to evaluate. Readers should evaluate it. But probably, thanks to this book, I got my first push to fame. And after that, my public career started. I can't say that the story can repeat itself now, although in the conditions of the re-emerging iron curtain, we have less and less access to foreign literature, despite all the pirate sites and so on. We may have a shortage of quality literature, including technical literature, especially that which concerns our specifics related to import substitution and ensuring the security of these very import-substituting solutions. And in this case, yes, there will be an opportunity to shine for those who take up writing. There are no books on architecture and methodology at all. This also opens up opportunities for those who have something to say.

Then, in the early 2000s, there were few books on cybersecurity in Russia. Any of them, if it was good or mediocre (and not written by the efforts of students, as was the case with some teachers whom I condemned for plagiarizing my own materials), was a phenomenon. Good ones especially. Therefore, of course, I am flattered that I am still told that my book has not lost its relevance, although almost 25 years have passed. It turns out that I laid down methodological foundations in it that have not become obsolete so far. And I know that it is still recommended by teachers in a number of universities as an introduction to issues related to threat detection. And although it is outdated in this part (at least, there are many more new technologies and approaches to threat detection), it provides a very, very good foundation.

This is my somewhat subjective view, but the book was well received, and many people have told me and continue to thank me for it. And sometimes there are even anecdotal cases when I meet a person at some event, at PHDays or somewhere else, he brings a book from the 2000s or the second edition, from 2002, and asks to sign it, leave an autograph. It's nice.

• How did your family react to your writing?

🤠 Well, they didn't react to the first book at all, because I wasn't married yet when I started writing it. I had a lot of time, so I dedicated it to writing the book. The second one was a bit more difficult and a bit easier at the same time, because it was the second edition. That is, I just had to add a number of new chapters and rewrite some of the existing material. It didn't take a lot of time, so I didn't argue with my family because of it. And when I dedicated the book to my family, it was even received with love and respect. It's a life hack, by the way :-)

But most of all, of course, my parents were proud. However, I will repeat once again that in many ways, you probably write a book for yourself — to systematize your knowledge. The same thing happens with the certification of specialists: for the sake of getting the cherished piece of paper. In itself, it is not necessary, because it doesn't change anything, rather it systematizes knowledge, gives some confirmation that this knowledge exists. This is the first goal. And the second goal is to please your mom, or dad, depending on the relationship in the family and with the parents. So my mom was proud that I wrote a book. Although, probably, any parent is proud of their child, regardless of what they do. But when a book appears, it is an additional subject of pride that can be talked about with neighbors, friends, and girlfriends.

• Do you really write everything yourself?

🤠 Oh, this frequently asked question. Some people think that I have a cohort of ghostwriters who write for me, and I only put my name on the final texts. I will disappoint conspiracy lovers: no, I write everything myself. Because of this, I even had difficulties at work when the PR service turned my public speeches into articles and brought them to me for approval. And I couldn't and refused to do this because it wasn't my text. Yes, I said it, but I didn't write it. Now, fortunately, this is no longer the case. So yes, I write all the texts myself, no one helps me. And contrary to the common belief that it is difficult, I can say that it is not. It is difficult to write the first post on Telegram, the first article on tekkix, the first book. Then you get the hang of it, and you can write without looking. Especially when you have more than 25 years of writing experience behind you.