Richard Diver and Gary Bushey are the authors of Microsoft Sentinel in Action, we got the chance to sit down with Richard and find out more about his experience of writing with Packt.
Q: What is/are your specialist tech area(s)?
Richard: Microsoft Security and Compliance solutions across Azure and Microsoft 365
Q: How did you become an author for Packt? Tell us about your journey. What was your motivation for writing this book?
Richard: I was working a new Microsoft product that hadn’t been released yet, and I could see the potential it would have when it would be released. There didn’t appear to be anyone else writing about it yet so I decided I would be one of the first. I convinced Gary Bushey to be the co-author and together we developed the ideal outline of the book. PACKT helped us to take that idea and get it released. This is now the second version of that book, we had to update it due to advancements in the product over a 1 year period, new naming conventions, and most of the screenshots needed updating too.
Q: What kind of research did you do, and how long did you spend researching before beginning the book?
Richard: I used the years of experience in security consulting and I had 6 months experience of using the product during private and public previews. In order to write about the whole approach of a cloud based security platform I did research the alternative options, recommended architectures, and some of the key decisions that need to be made when moving from server-based to cloud-based security.
Q: Did you face any challenges during the writing process? How did you overcome them?
Richard: The main challenge is the constant updates being made in the product, which is great to ensure it has the latest capabilities and provides the value for investment, but when writing a book about it you need to keep some stability in what you are covering and writing about. We know we can’t cover every aspect but the book will provide the reader with all the core components and learn how to keep up with new features as they become available.
Q: What’s your take on the technologies discussed in the book? Where do you see these technologies heading in the future?
Richard: The main technology is Microsoft Sentinel, a Security Incident and Event Management solution (SIEM), however there are also several other related technologies that provide a great deal of automation, cost savings, and most importantly the ability to detect and respond to risks and potential security issues. Due to the nature of pay-as-you-go cloud consumption, this technology makes a SIEM available a much wider audience than previous SIEM options: it is easy to get started with, grows with your needs and complexities, and is continuously being developed to keep up with the constant change in the threat landscape and the new technologies being purchased to integrate and tackle these issues. Enabling collaboration across security experts: it is a game changer in the security field.
Q. Why should readers choose this book over others already on the market? How would you differentiate your book from its competition?
Richard: This book really is intended to help anyone that is adopting Microsoft Sentinel: from those starting out in security to experienced security professionals that may be converting their skills from other platforms. I hope other books will follow to go even deeper into specific topics, but this one is the starting point to implementing or upgrading your critical security operations in the cloud era.
Q. What are the key takeaways you want readers to come away from the book with?
Richard: Microsoft Sentinel is a comprehensive solution that works with both 1st party and 3rd party solutions. It’s simple to setup initially and offers a wide array of options to meet complex needs. It is also able to change with your budget: if your budget shrinks you can tune down the solution to a lower cost, and if your budget increases due to company growth and more complex security needs, Microsoft Sentinel will grow with your needs.
Q. What advice would you give to readers learning tech? Do you have any top tips?
Richard: It is okay to take a fresh approach to technologies. We need to learn from the past in what has worked well, but we should not continue bad practices just because that is the way someone implemented it five or ten years ago. Constantly refresh your approach to technology, especially for securing technology, to ensure you are not leaving solutions open to increased risk. Automation is key, if you find yourself repeating work every day, automate it.
Q. What is that one writing tip that you found most crucial and would like to share with aspiring authors?
Richard: Don’t aim for perfection, it will kill your productivity and cause you alot of stress. Get the content written in rough draft, complete as many chapters as possible, then go back and focus on each one until you have it 99% perfect, then relax. You can always add that final 1% at the end, but you won’t get it at the begining.
Q. Would you like to share your social handles? If so, please share
Richard: https://www.linkedin.com/in/rdiver/
You can find Richard’s book on Amazon by following this link: Please click here
