How to Write a Cybersecurity Book with Bill Pollock

Hello from Cybrary and Delinea, and welcome to the show. If you've been enjoying the Cybrary Podcast or 401 Access Denied, make sure to like, follow and, subscribe so that you don't miss any future episodes. We'd love to hear from you. Join the discussion by leaving us a comment or a view on your platform of choice or emailing us at Podcast@Cybrary.it. From all of us at Cybrary and Delinea, thank you and enjoy the show.

Joseph Carson:

Hello everyone. Welcome back to another episode of the 401 Access Denied podcast. I'm the host of the episode, Joe Carson, chief Security Scientist and advisory CISO at Delinea. And it's a pleasure to be here and I'm really excited. This is something that I've been really ... it's a topic that's a passion of mine. It's something that has been helping me through my career for many years and I've got an amazing guest on the show. I had a pleasure to meet in person recently and really get to know, and for me, it's something that is really an important part of the industry. So welcome to the show, Bill. Do you want to give the audience a background about who you are, what you do, and some of the fun things that you get up in the industry?

Bill Pollock:

Well, I started No Starch Press in 1994, after having been fired from three previous book publishing companies, which I'm sort of proud of. I was fired for a good reason. The classic, in the book business, you basically have people running these companies who are not business people, so in order to cover their own ass, they just start firing editors, that happened at one company. And then the person who got rid of me, she was fired and she deserved that. She was a good editor, she was a terrible business person. Another previous company, Osborne McGraw-Hill. I was fired by a guy who, he was going around the room punching the chairs, telling me that I needed to see a psychologist and he just needed to be basically on a drug rehab program, but we won't mention his name. But Coke does strange things to people is what I learned there. So that was actually the impetus for starting my ... I already had a business plan when I started in 94. That was just, I needed a kick out the door, which some of us need to actually take that leap and start a business.

Joseph Carson:

Absolutely.

Bill Pollock:

And then I actually co-founded another company, which is still around as an imprint only called APress in 1997. They probably still use my contract and I was forced out by the board and that was another good thing that happened to me is basically had me focus on my own business. And in many ways we've eclipsed what they've done over the years by taking over markets, which is what I like to do. So I studied political science as an undergrad. I never intended to be a political scientist, I intended to be a biologist. And to anyone out there if you're in college or considering going to college, if you take a wrong turn and you have a parent who says like, wait, you wanted to be a mathematician, why are you taking English? Take English, but be a mathematician. Do what you love.

I loved biology, I did not love political science, but once you get to the point where you're declaring a major, it's a little too late. I didn't actually know what that meant. When they asked me in sophomore year what major I wanted, I said, what do you mean major? So I picked the thing. I actually talked to a friend who had a similar experience and just counted up the credits and I figured, screw you. I'm going to pick this major because I'll be done with it first. That was a mistake. But with that background and interest in science, I was always interested in physics, I still am, chemistry. I was a very good biologist, I was not a good political scientist.

So I've carried that forward through my editing technical books for years and I started with ... I was in a post-baccalaureate pre-med program after working with my father's wedding gown factory. I wasn't very good at designing wedding gowns. I didn't understand the business, but I did understand one thing, one takeaway from my father when I turned to him, I said, these gowns are really ugly. He said to me, they're not for you. But that's a very telling comment from a very successful business person. When I work on our books, they're not for me, they're for my readers. The thing that's made my book successful, one thing is I reflect what our readers want. I spend my time going to conferences. Unlike any editor in the business, I never meet any ... they may be at conferences, I don't know. I mean, I imagine someone's at DEFCON, right? And they're not going to necessarily come up and find me. Some of them will, but it's very rare that I see editors in this business at conferences, actually hanging out with the community.

So when I started, I just finished that thread. So I ended up in a post-baccalaureate pre-med program. I was on my way to medical school, and this will give you some sense of the way I look at learning in the world. I dropped out of this program the morning before my first organic chemistry test because I had basically learned the most interesting parts of organic, which are the importance of protein structure and function. The interesting stuff to learn is not studying reaction and memorizing reaction mechanisms, I can look those up. It was the morning before this test, I was like, this is stupid. I'll cram all these reaction mechanisms, I'll forget them at two o'clock in the afternoon. I'll get an A and learn nothing. I was learning nothing in my physics class because there was no time. I love to learn, like many of us.

People ask what my hobby is, and the first thing I think is learning is a hobby. Whether I'm learning about orchids, which I appear to have successfully grown, at least this week, my Phalaenopsis orchids are budding or how to roast coffee or fix the ... I do have to fix the Zero espresso maker that a friend of mine gave to me. I like old cars. I'm not good at fixing them, but I like to know how they work. So for me, when I started editing, I used to edit biology ... acquire biology books, chemistry books and such. I love to learn. I love to go and talk to academics and hear what they're doing. I've been reading recently about things that are happening in the brain, I think they called it ... anyway, apparently when brains can sync up in ways that we don't understand ... there's a lot of stuff ... this was a recent article I read in Scientific American, and that's the kind of stuff that I wake up to. It's like, this is exciting. I want to learn more.

Joseph Carson:

It sounds like you actually had a couple of events that really got you on the right path and really set you up to follow your passion ultimately, 'cause I think sometimes you do need those external forces to force you in the right path and also sometimes the environment around you, I think that your father did ... actually, one of the most brilliant things is that, know your audience as well. Is that it's not necessarily for you. That's a brilliant use of knowledge that really set you on a path. And one of the things for me that I find is that I read a lot of books and that's one of the things that fundamentally even I have tried to change a little bit in my more adult years. I used to read manuals of TVs and VCRs and fridges. I was very technical.

And I also tried to have the balance between what I do now is between a little bit of fiction, a little bit of scientific and maths and computer science. So I try to balance it a little bit more now to get a little bit of different aspects. But for me, one of the things I find and which is amazing that I find from No Starch Press is the level of learning that you get from the books because you're really getting it from the people that are really good at putting it into a way that I always find is I come out with so much more knowledge and practical knowledge. It's not just theoretical, it's not just something that is an idea or a methodology. It's really to the point where it's really able to portray something that is sometimes very complex and requires hands-on to the point where it actually is really such well structured that you come away with a lot of knowledge and that's one of the things I admire and for the team that you have that makes that possible.

It's impressive to be able to do that in a book format. It's almost as good as some of the interactive lessons you learn from ... it's almost like you get to know the people behind the scenes as well because they do portray a lot of their personality into the books as well that sometimes you don't find from others. So for a lot of the audience listening into your basically background and your passions as well is what does it take? What's the process that it takes to create a book? Where does the idea come from and what's your magic formula that you would have to really get it where it's structured in such a way that really is inspiring?

Bill Pollock:

So let me start with author voice. So one thing that I found, so the first time I edited so-called computer books was in 1990. I was at Osborne McGraw-Hill, which was started by Osborne, well he was long gone. And I edited computer game books, which was pretty cool for people who were interested in gaming history. So I would call on Will Wright at Maxis. They had about 10 people in the office in Alameda. That was cool. They were building Sim City. The Sierra On-Line games people. I mean, I worked on this game Falcon, so the guy who wrote it was-

Joseph Carson:

Falcon, yeah.

Bill Pollock:

Yeah, I wrote this book on Falcon and everything that I do, I typically plunge myself into it. I also did something on the Sound Blaster sound cards because people couldn't get their cars working. So I published the book, which I completely-

Joseph Carson:

Lots of driver problems.

Bill Pollock:

I did this official book on Sound Blaster sound cards that effectively kept the company open. It sold 50,000 copies in six months. I rewrote the entire thing, which was basically what I started doing in 1987, when I was editing medical books. I used to rewrite the books and they would become bestsellers in that field. But I've rewritten many of our books in the background. I don't put my name on the cover because it's like good stage lighting. Just because someone is doing good lighting doesn't mean you want to see them on ... I didn't come for the lighting, I came for the play. So that's part of our work should be to actually engage with the author's work and try to bring out the author's voice as best we can. And most of our authors are not necessarily writers first. They may love to write, but probably not every author can use an editor, but most authors can use an editor.

An editor's work should take different forms based on what that author needs. Some authors, great writers just need some direction. Other authors great at what they do, just need a lot more direction and sometimes they need rewriting. And so what I've been doing ... so over the years, I used to rewrite I think something like six to eight books a year. In fact, from early years, books that I did earlier, I probably went through everything. I've had a couple of authors bothered by that and they'll say, it's not my writing, it's your writing. It's like, my intention is to show people what works, what readers want and set them off on that path. Sometimes that means a heavy hand to say, I can't follow this.

So to your point, when I did a book on SCSI in 1997, it's 70% my work. I talked with the SCSI 3 committee. I rewrote all the SCSI docs literally. So I explained Synex signaling how it works in the SCSI bus. It was interesting. And my first machine at the company was actually a SCSI based machine, which outlasted a number of my other desktops because SCSI was so great. So I will insert myself into a book when I feel like it needs strong direction because ultimately what I'm thinking of is the reader. Every book has a price tag as I tell my editors all the time. We're saying to someone, give us 40, $50 and we'll give you useful information.

So I like to think that I've helped to mentor a number of authors who have come back over the years. Michael Lucas, for example, who did BSD books for me, the first BSD book that he wrote, he wrote on a palm pilot standing behind servers. And as Michael will tell you, it needed a bit of editing so it got what it needed. But I also made sure to maintain Michael's voice, his sense of humor. He did a book on OpenBSD with OpenBSD haikus, and he actually said to me, I thought it was funny, "can I put these in?" I said, "sure, put them in." It's fun, he's creative. But other authors can't really find their voice. They don't really know what to say. They're confused.

Joseph Carson:

I guess they haven't got the practice to find what their style is. What is their, I guess, approach or what puts their personality into the text sometimes. I think sometimes they're writing from other writers that they've seen, but if you write enough, I think sometimes you can start seeing a bit of your personality coming into the text. And I think even myself when I write, I have my own personal style. I like a bit of humor. I like to add some of my experiences in there as well, whether it's relevant to the subject or not, but it adds a bit of the personality in there.

Bill Pollock:

Well that makes the book much more fun to read. So one thing, and I have a lot of respect for publishers over the years that have really built great bodies of works. For example, publishers of Richard Feynman's work, I think that's Addison Wesley, but they're very different companies today. John Wiley has a great history of making some excellent books over the years, but they too have changed because the market has changed. You can see the changes. They don't have the editorial staff, the editorial direction, but they've built this great corpus of work. O'Reilly used to lead in all these areas because they built lot of the Unix manuals and Unix support. But I think you can see that their direction has changed. They're a learning company now. They're not a book publisher first.

But we are a book publisher first, and what I have maintained and continued to grow is our effort to always focus on editorial. I make books, I don't make videos. I do a podcast with you, but I don't do my own. I don't make training courses. Maybe one day we'll do that, probably we could do it well, but I also don't want to step into an area unless I think I could do it very well. For example, O'Reilly has really stepped into training and I'm not going to compete with them. They're way ahead of me when it comes to that. But when it comes to editing books, I believe there are editors who are certainly as good as I am, but if I find someone I think is actually impressive, I want to try to hire them. But most are not connected.

But what the editor's job ought to be is to understand who's the ultimate reader. So my company's called No Starch Press for a reason, and I think of it as no bullshit. And what that means is there used to be these books on the market called Super Bibles, which would be these big fat books containing nothing.

Joseph Carson:

I do have a few of those books, which are literally just indexes to be honest.

Bill Pollock:

Well, the whole computer book business was built on rewriting documentation basically to support piracy. That's what it was built on. I never cared for that. It wasn't interesting to me. So when I was at Osborne McGraw-Hill, we'd have these connections with Microsoft, whatever, they'd give you the documentation, then the authors would start writing, go. They'd drop the flag and off they go. It was just uninteresting. So they were rewriting documentation and the people buying it are probably the ones who pirated the software.

And then you saw companies start leaving the manuals out of the boxes because publishers would write the documentation. I'm not in the documentation business. I don't want to read documentation all day. Reference it, sure. But early on it was clear to me, even just with a search engine like AltaVista or hasta la vista of course had a different function. But AltaVista, I could find what I needed. So I've been running Linux for 20 years or more. I'm not going to read a manual on running Linux but what I did appreciate is our book called How Linux Works, for example, you'll see Linux boots and you get all these messages, entering runtime this, runtime that. How's the system built? So I don't need to know how to cut and paste stuff if I'm reading a book ...

If I get a book on Word or whatever, fine. Let's say I decide that I want to book a Microsoft Word. I've used Word processors since literally 1987 or 88. I don't need to know how to cut and paste. Authors get tired. So why write 400 pages of stuff that everyone already knows? If you're doing a new Python book, okay, don't take me through the setup and all the basic stuff. Give me the interesting stuff. So I think we have to look at where people are today. It's not like computers weren't ... personal computers weren't invented yesterday. We've all had some level of experience. So for each topic, if we're doing a book on malware analysis, who is the reader? It's like we publish back to the malware analysis, which needs revision. We know it's in process-

Joseph Carson:

It is a very good book, but it is a bit dated, yes, but still that's the thing is that one of my points is that you're absolutely right versus reference manuals, when a new version comes out, it becomes almost incorrect versus the likes of the malware analysis, those cookbooks where it really gives you, it's the methodology behind it. That's what you're learning. Yes, the versions do change and the examples do change, but it's the methodology, it's the mindset and the process, which I find those books come across.

The examples, yes, are a few years old, but still that mindset, even when I get into Chris's books as well, which is the IDA books, which are fantastic as well. He did have the revision version two come out, but still, you can even go through even Georgia's book, the Pentesting book. Even that it's still the versions that were used in that example, it's the mindset and the methodology which comes across, and that's to your point, I think one of the great things you mentioned at the beginning, the process of learning, it's learning how to learn and that mindset versus yes, I still can go to the examples and go through and follow along, but I start getting to understanding about where that person's thinking and what's their ideas. And that comes across in the books really well.

Bill Pollock:

The people you just mentioned, they're all great teachers. I mean, Georgia does a great job of teaching people how to think like a penetration tester. I remember when she was working on the book that one of my production editors ... so there's the acquisitions, developmental editing, that's the first stage then into production, and she said, I feel like I'm actually learning how to do penetration testing. It's the same thing with Practical Malware Analysis. It's the same thing with Chris Eagle's books and many of our others. I could keep going down the line. Eric Mathis, who published this Python Crash Course, used to teach computer science to high school students. It's the bestselling tech book in the world by far. It outsells everything. I mean, it's kind of amazing to me that ... I've never seen a book sell as well as that book in my entire career, but these are great teachers.

So part of what makes someone a great teacher is ... so Richard Feynman is a great model that I've always thought about. Feynman would basically expand or contract the discussion based on what he thought was important. So we don't need to go down this path, but let's focus on what's actually ... when you take a class, you might retain five or 10% of what was presented to you. So why don't we think about what that's going to be and give some level of supporting information. But what do you take away from this? I want people to learn from our books. If a book costs you $50, you should get $500 worth of value. And with some of these training classes, I know with Practical Malware Analysis, I remember someone saying to me, oh yeah, this is much better than the Mandiant FireEye course and our book costs like 50 bucks and that was $2,500. And I see the prices on this stuff.

In the book business, we don't routinely charge $2000 for a book. I try to sell volume. I want lots of people to be able to learn from it. One of the things that I find most rewarding is when someone says, oh my God, I love this book. And when I go to a show and people are picking it up and they basically are selling books to their friends, so why are they selling it? Because it's a book that made a difference for them. Serious Cryptography, which is the last book that I actually edited in detail, I spent an hour on each page because that's my gift. I kind of got tired of people talking about it's an HVAC, it's secure. And then you ask them and then the discussion would stop because people couldn't explain it. So I wanted people to come away if they want to learn with an understanding of how cryptography actually works without going too deep into the math, which basically puts you off into the deep end where it's like the cryptography is-

Joseph Carson:

The probability side of things, which gets a bit challenging.

Bill Pollock:

It's not what most people need. It's not that there isn't reason to learn it, but if you're just trying to understand this, you can implement it or just understand what decisions or why you shouldn't implement it. That's what I intended to do there. And that book really served the purpose. I published the TCP/IP guide, I think in 2003 to 2005, and it covered IPv6 throughout and still today. I mean it's a massive tone. People won't do it. So you had Steven's TCP/IP illustrator on the market. Oh, sorry. Someone is apparently doing construction next to me. Hopefully you can't hear it.

Joseph Carson:

Not a problem.

Bill Pollock:

That's interesting. But anyway, Steven's TCP/IP illustrator is not really illustrated and it reads like a white paper. I don't mind reading white papers. I don't mind reading research papers, but ... sorry, I'm being distracted by hammering noises.

Joseph Carson:

No problem. Usually when myself and Jeremy were doing other recordings, my problem here because I'm based in Estonia, is usually during the day I've got seagulls like flying by and sometimes they get into a big battle outside. So Jeremy's always having fun having to edit out the seagulls in the background.

Bill Pollock:

I know. Anyway, nevermind that. Okay, so back to the topic at hand. So when I look at books, I start with who is this for? So I want our books to, what I do is try to mirror what our readers want and make sure that when I offer direction, it's like this is what our readers are looking for. When people come to one of my books and it's like they should know that the way it's packaged and the promise is what's going to be delivered. So you should be able to understand the information, know that it's been checked, that it's clear.

My instruction to my editors and my authors always is, to the editors, if something is unclear, try to puzzle through and figure out how you can make your way through it effortlessly. And when your mind starts to wander, cut, because how many times have you read a book? It's like blah, blah, blah, blah, page after page of nonsense, give me the meat. I remember that with networking books. Like great, I don't need those 600 pages. So I mentioned earlier that authors get tired. So skip that part and start with the interesting part and then give me the 400 pages that you wouldn't have written because you were tired of writing the basic stuff.

Joseph Carson:

That is always the most difficult part. So anytime I've written anything, I'm the type of person that I will write and write and write and write and I will just do a brain dump. And my most difficult part is, and that's where I think an editor and copywriters really come in and they really make the big difference is because that's where you have really the challenge to your point, is what to cut, how to get it down to the very basics where you're able to still get the information that you're looking to get across, but in less words. So that was always my challenge is knowing what to cut and having those conversations was always ... it's about how to keep it in, but keeping the same knowledge and the same, let's say learning what you're trying to achieve. Do you find cutting the most difficult part or is that something that you become natural?

Bill Pollock:

Probably it has become pretty easy, but I look at each book has a story. Just because they're technical, it doesn't mean they don't have a story. There's a story. Books are read I think often about the form of the physical book. We read things in sequence, we read down the page and through the book and people who, most of our readers have some academic background and then generally they like to learn. So we are trained in universities, colleges, read the chapters and then we are trained to annotate them and we're not comfortable necessarily skipping stuff. And a lot of times the stuff you want to skip is like all this filler that's stuck in there that you just don't really need. So make sure that things don't interfere with the flow of the story.

So where's the person trying to go? If you're trying to understand how to analyze malware in a sandbox, let's keep focused on the discussion and you can take it aside and put it in a box through our little devices you can do to set something aside. But if you've got page after page of stuff that's not relevant, put it someplace else or take it out and put it in another book. But don't interfere with the story. So if you see the design in my books, I spend a lot of time working on that design. I don't have instructions-

Joseph Carson:

The flow itself, yeah.

Bill Pollock:

Yeah, I don't have instructions of how to read the book, I don't have 10 different fonts. And this is again, I had a great admiration for O'Reilly's work and we worked with them for 14 years. They were doing our sales and distribution, but I never understood why you had to have instructions on how to read the book so my books don't. And I have played with taking monospace fonts out of books entirely, but it's helpful to have it. So sometimes with languages, if you don't highlight the code in a certain way, it's too hard to read. But think about the reading experience. So I think about that all the time.

Joseph Carson:

So let's say once an author comes up and they've an idea and you agree on it, how much time ... I've spoke to different authors over the years. We had Dave Kennedy on the show last year and we also had Paulino and the IoT hacking guys as well were on with Beau Woods, and Espinosa has been on a few times as well. So what's the process? I've heard different authors have done it in sometimes three months, others have taken a year or even two years. What's the most common timeframe? What do you see is the time and process that it would be from the idea until getting a finalized book?

Bill Pollock:

So each author that you mentioned has had different experiences, not an experience that I've modeled going forward. With the Metasploit book. They went through one editor who no longer works with us who just had the book off in the wrong track. I took it over. They all hated me when I took it over, but I think they liked me in the end because they got a great book.

Joseph Carson:

The book was fantastic. It was really well done.

Bill Pollock:

So before I took it over, Metasploit is very chatty. So we had literally three or four pages of Metasploit chat, push the button, then here's all the options. And I'm saying, why do I need this? I'll just push the button to show the options. HD Moore is an old friend of mine and I actually did that as a gift to him because I wanted to make a great book on Metasploit, but I reworked that entire thing. I did the same thing with Practical Malware Analysis because the same editor worked on that one and the same thing where, it wasn't moving. So, I'm working to continue to change our editorial process.

It should take reasonably eight to 10 months is what I ... I don't rush our books. It's generally a comfortable amount of time for people to write their books. It could take a year. Someone writing a book in three months makes me very nervous because it means that there's not enough time to think. But I have many instances in the past where I had books taking years because an editor wasn't actually working with ... they would just wait and authors often need a schedule. Like what should I work toward? Oh, just send it in whenever. Okay, I'll send you the second chapter in a year. So we want some kind of schedule that the author agrees on. Authors set their own schedules with us, but we want some kind of schedule.

So what I'm doing now is when before we sign an author, I get on a call with an author, I want to understand what their motivation is, what kind of book they're writing. I tell authors too that you should to my mind be able to turn the pages of the book in your mind so you can get a feel for what ... I'm making, a physical thing. You can buy it electronically, but I can't stand reading these books electronically. I can't figure out where they are. But what is it that makes us actually love a book, this packet of information, collected information? I can pick it up, I can figure out what I was looking for is somewhere right over here and you grab a button, you know it's about two thirds of the way in, you can find it.

Also, there's a lot to be said for thinking about just the way pages look, like the different page set up, books are very visual. I remember when I went back 35 years later to look at my developmental biology books. I remembered actually some of the notes that I took and the images on the page. So there's a lot to be said for the physical form, but in the past our editors did not work on schedule and would just basically ... I would say to any author listening in, your editors should do more than just cheerlead.

Unfortunately, too many of the editors in this business will be like ... I would say, how'd you like your editor? Oh, they were great. What did they do? Oh, they would call me up and say, great job. They were really rah, rah, rah. I mean, I am very direct and if I think it needs work, I'll tell you. And if it's great, I'll tell you. But my goal is to make the book great, same with our editors. But a cheerleader it's like, yeah, great job. Great. Oh you're doing a great job. Just keep running over that cliff. You'll be down in 10 minutes when you hit the ground flat.

Joseph Carson:

You're absolutely right, so you need somebody who's a critic that will basically tell you how it is and give you ... if you get somebody who's really good at making sure you put it into that story format. That was one of the things, I was good at putting the text, but putting it into this ... getting it where ... and also putting stories but individual stories. And I think the important part that I find with working with editors was they were able to make the stories flow much better and put them in the structure that means that one will come after the other. Others I've worked with, I don't need ... when I'm running something, one of the things also editors who they tick out my personality from the text and just make it basically just almost like that reference manual or that basically computerized approach and it really loses the personality. And sometimes I find I struggle with those.

So absolutely getting to a point is you need somebody who's going to tell you how it is and how to make sure that you're still connecting with the audience and that story flows. It's so important because that's what makes ... there's a lot of books where I've read, I just went through from some start till finish and to your point, one of the things I do as well is I've got my little sticky notes that I basically take notes and references through each page that I want to go back and I want to practice something because a lot of the books also have a lot of practical examples that I want to go and I want to get out my oscilloscope and I want to connect it to a piece of hardware and start turning off the electricity accidentally or burning ...

I was talking about Paulino before, how many times I've soldered my fingers and burnt my fingers or end up in the dark. Those are the things you really want is them to be something that you go over multiple times. And also the storytelling part, it means that you will go through quite fast.

But one of the things that you mentioned, what I do quite often though, and I think one of the things we've discussed before is that I sometimes get the digital versions first. And one thing that I've got to the approach is that yes, I get the digital versions because I travel quite often and I will carry one book with me, but I don't want to have the many books. So I'll still have the digital versions as easy access and easy reference. And I'll sometimes take notes as well. But if I find the book is really good, I actually go back and I buy the physical copy because for me I think, one it's the right thing to do. One is to reward the authors as well that you really appreciate the value that they put into it as well.

And I think also sometimes even the book as well, sometimes there's nothing like just having a good book in your hands. And I think one thing I have to applaud as well is the quality of the books and just the feel of the books also and is much different from others. So that's one thing is I find as well, No Starch has done a great thing in the quality side as well.

Bill Pollock:

So, I know a lot about the book business including book production and manufacturing so I select the paper. The paper that I normally use when I can get it, we haven't been using it 'cause it's prohibitively expensive. But there was a paper that I used for years called 60 Pound Finch Opaque. I mean I actually care a lot about papers. So we have a paper that's comparable and when you look at papers, you think there's something called calendaring, which is basically a measure of how smooth it is, how thick it is, how opaque it is. So I don't like to see show through, show through really bothers me as in I don't want to look at one page and be able to read the one behind it. So I'm very careful about readability.

I don't want super bright white papers 'cause I don't like glare. I want it comfortable. I don't want ivory papers because they get too dark. I want papers that feel good, are easy to read, give you... And I also use generally, but not always lay flat bindings. Lay flat bindings can cost an additional 10% of manufacturing costs, which is not insignificant. But with these lay flat bindings, the the cover actually stands away from the spine. So the spine doesn't crack because it uses a flexible glue, the cover doesn't crack and the book lays flat.

Joseph Carson:

Because I think one of the things you get is sometimes you get a book where you have to stretch it open in order to be able to see the end of the page. And one of the things I found is that it's so much easier and you don't have to do that stretching. It's a book that actually, it's a readable book that's ultimately comes down to, and I think one of the things you mentioned, not having to see-through and the quality paper does make a big difference.

Bill Pollock:

Well, I also use a thicker cover paper. I don't like the flimsy feeling, I don't like the wet noodle feel with some of these prints on the band books. I use a special finish on the cover, it's called scuff free lay flat mat. So it's a plastic laminate cover with an aqueous coating that gives it this kind of smooth feel, which only one person has hated, but maybe others ... some people just can't deal with the, they just think it feels too slippery.

Joseph Carson:

Yeah, I like the mat, I like that texture as well, the feel as well from the cover. It is very different from other books, but actually it also makes it very unique. I don't think it's something that's not commonly used in the book-

Bill Pollock:

Oh, it costs extra. All those things cost extra. And people, this is unfortunately, I think what's happened with the business with larger publishers or publishers with a larger list is that they're not seeing the sell-through on books, they're not seeing the kind of sales volume. So this is making more of them. So you have one company in the Business Pact, they just seem, I like to call them packets of paper without the E, but what I see, and I'm not shy about saying this, is that they suck up a lot of authors who do a lot of hard work for them and then they sell 150 copies. I mean, I am amazed at how poorly some of these books sell and they just put people on this crash schedule and they put this out with print on demand. So I think that you see the result of print on demand on the market where it's really easy for everyone to be a publisher, just makes stuff.

I can use print on demand too. I can print five copies and say I published your book, but I don't do that. So the other thing is I print generally offset, I print 5,000 copies at a time, not 50, not a hundred. And that means we have to be very careful about not growing too much inventory and really doing realistic inventory projections. What you get in the end is a really nicely printed book using wet ink on real presses, which my competitors generally don't do. And for certain books throw away things, maybe it doesn't matter. But for Practical Malware Analysis, that book is relevant and still selling strongly. It needs really revision now. Hacking: The Art of Exploitation, that book was last released in 2008. It's still usually in our top 10. Linux Command Line, which is free online and I've sold-

Joseph Carson:

Linux Command Line is fantastic. And even I think it's The Hackers, what was the handbook one? Which one is it?

Bill Pollock:

Hardware Hacker's Handbook.

Joseph Carson:

Hardware Hacker's Handbook is also great as well.

Bill Pollock:

Those guys are amazing. Very dense. But yeah, you were mentioning hardware attacks, you want to learn about side channel text.

Joseph Carson:

Absolutely. It was Jasper, isn't it? Jasper-

Bill Pollock:

Jasper and Colin. Colin wrote ChipWhisperer. I mean these guys are great. I edited three chapters in the book and I just couldn't get ... it was really dense, really interesting-

Joseph Carson:

I mean it did get very technical towards the end when you're getting into those side channels and basically the static, but some of those methods of brushing over and the balls and the processors all, it was really get into a lot of ... even for me it was ... I do quite a bit of hardware hacking, but it got to the point where it was over my head, but still at the point where I was still learning, it wasn't too over my head. I can understand it, but I don't think I could get to the point where I could reproduce some of the stuff that they were doing myself. I think that's the difference where I think in that book, yes, it got to the point where even the equipment that I had, I got to the point where I could follow along, but some of the equipment you would need to go much, much further and stuff. But it was still fantastic to learn about some of those techniques.

Bill Pollock:

Well sometimes there was a book that Ben, I can't remember Ben's last name, but he built his own electron microscope. Ben-

Joseph Carson:

Did he do the electronic for the kids' book? Is that the Ben?

Bill Pollock:

No, no, no. That's Øyvind. I just can't remember Ben's last name right now. But basically he has done some amazing high level, very complex hardware projects. And the thing is, I wouldn't build my own electron microscope, but I'd like to know how an electron microscope would be built. So Bunnie's Hacking the Xbox, for example. I've never actually hacked an Xbox, I've never taken it apart, but I read through his entire process how he did it and I understand how you take apart hardware. So I read to learn and I don't necessarily do it. I mean in reading the Hardware Hacking Handbook, I understand how voltage attacks work and how you read stuff, but I'm not going to set up in a oscilloscope and take those measurements.

Joseph Carson:

So I'm the one, I did ... my oscilloscope's sitting in the background. Finally, I've moved to the office so I've got a bit more space to do it 'cause it does take a lot of space, but it is something that you kind of learn. One of the things I wanted to ask you about who does the designs for the covers, because that's always interesting as well because the design, the graphics side of things. So where does the cover design come from? Is that something ... because I don't think ... I'm not sure the authors will come up with their own designers or do they sometimes? Or is it something that you do yourselves?

Bill Pollock:

Very rarely. So I typically art direct the covers, but as in the ideas will come, sometimes I listen to an author and I come up with some crazy idea and it actually works. It happened numerous times. So I will typically direct them, but I'm not the illustrator. So I have a few illustrators that I go to. I'm working on one now. I think it's going to be pretty cool. We're doing a book on we Black Hat Bash and the cover content is this shadowy figure with a shell and it looks cool. And one of my illustrators does my death metal shirt so I'm wearing one of them now. He's a death metal artist.

And then we have a woman, Gina, who's done a lot of illustration, should we work together on coming up with a cover concept. I am trying to come up still with a process where I kind of work with the authors to get them to understand that I want a basic concept, but people are trained to stick in all this technical detail and I just keep stripping it out. And the best testament to the fact that we just want something that looks right is Python Crash Course, which has a Python, which Python is not based on multi Python, but this is a Python snake sitting on a rocket engine. Nothing about Python programming. This is the bestselling textbook in the world. So when someone says we need this, we have to put a bunch of code, it's like, just take it out.

Joseph Carson:

I had so much fun with my son actually doing the Python Crash Course 'cause it was the one with the Space Invader game in it. Was that one was Python Crash Course that has ... I think it was a Space Invader game.

Bill Pollock:

Could be Mission Python.

Joseph Carson:

Yeah. Okay. And basically-

Bill Pollock:

Well there's Python for Kids, there's Python Crash Course.

Joseph Carson:

I can't remember which one it was, but I know they came with the practical game that you basically go through and you slowly create the different aspects of the game levels. And I had so much fun with my son doing it and we also changed some of the graphics and images to be what's more comical as well. But that's the great thing as well, those books ... one of the things I find as well is that no matter what level you're on as well, yourself personally, you'll get value as well, is that you don't have to be an expert. You can come along with basically either a low level of knowledge introductory or you can still be an expert and you'll still get value from it because you're getting not just this textbook basically manual thing. You're getting to the point where you're getting that person's own experience coming through. And that does make a big difference as well.

Bill Pollock:

I like to think about our books as ... I've thought about this for years. It's like you're reading over the shoulder of someone that you respect or it's like that person is in the book. It's hard to get there. It takes a lot of work. It's much easier to not edit. I think I might be misquoting it, but Mark Twain I think said something like ... I don't know, essentially it's like, "I would've written a shorter book, but I didn't have enough time." Something like that. So that's probably a total misquote.

Joseph Carson:

How many people's involved in the whole process. So an editor, you have an author, an illustrator, what's the team behind? What typically is involved?

Bill Pollock:

So there's a certain level of collaboration, certain level of independent work. So I direct together with a managing editor of the editorial program and our managing editor now is Jill Franklin who ran Linux Journal for 20 years. And Jill has great experience and generally we're in sync and I think that's been a great change for the company.

So we start with reviewing projects. Most of our projects are coming in over the transom, people finding us. I love this book, I love to publish with you. But one reason I go to conferences is to meet people who might not otherwise meet me and talk with them and try to get them to work with my company and explain that process. So the whole process should be focused on mentoring authors and making sure that we take a good book and make it great. So, it starts at that level. We then assign the book to an editor whose job it is to work with the author on schedule and review chapters as they come in.

Once chapters look clean enough and are on track and I'm doing more to check on that to make sure that they are on track. They go to production where we have a team basically, if it's not a law type book where it's basically composed, we're putting it into pages using InDesign and making sure that chapters are proofread, that while they get copied and proofread both. So we have a production editor who basically oversees that process, pulls together a team of a copy editor, a proofreader, maybe a layout person, depends and they're overseeing to make sure that the chapters are in track. This is just old school publishing and unfortunately not what every company has. But I structure the business just as there's a way to do book publishing right in my mind, and I use basic process.

I have a team of sales and marketing people who work together with the authors and with Penguin Random House, which is our distributor, to make sure that we're in sync. So we're cataloging books way early and trying to figure out the basic plan so that we can get advanced orders from the book business. So scheduling becomes important at a certain point. We have people generating not just marketing copy, but different promotions or flyers and stuff like that. So it's a whole kind of collaborative process. But the ultimate goal being I want to make good books, great and I want to maximize the sales as much as possible.

So I have one person dedicated to foreign right sales. So she's going around just getting rights sales and she does an amazing job of it. And that can be very lucrative for authors. This is the book business. It's not as lucrative as a weekend training if you're a star and I recognize that. But she will easily get significant deals from foreign rights translation partners and authors get 50% of that. So that's one way we can help authors to bring in some real money.

And I have a royalty structure it's flat, so it's a cafeteria plan. People choose the options 10%, 12%, 15%, pick one. And authors often have no idea how to evaluate this and look at something and they'll say, oh, this company is better, they'll pay me 17%. Well 17% of zero is zero, so numbers lie. So I say to any author, listening, ask the hard questions, well how is this structure? What happens? And I don't cut royalties for different types of sales. There are contracts out there where they cut a royalty in half for direct sale. Why? I pay the same royalty level, they take the author's royalty and give them that percentage of the foreign rights deal. I give 50% and I added this up and it's like the difference is very significant.

But unfortunately authors are too eager to just sign something because someone offered them a contract. And I see it every author, including ones that want to work with us, take your time, read through the contract, ask the hard questions before you sign the contract because once you sign the contract, if you sign with another publisher, I can't even talk to you about that contract because it's called nettling. So I've had people come to us, I'm frustrated with this company, I'd like to talk with those sharks. I can't even explore that. So take your time, don't give away your product because it's a part of your work.

Joseph Carson:

And talk to other authors as well who you aspire with and get their feedback as well. Sometimes even depends, they might direct you in the right kind of path, but also they will give their own experience about how they would do it differently as well in the future for sure. So definitely I always recommend authors who make sure you talk to others who've went with different publishers and just to get their honest feedback. And they will definitely make sure that you know what you're getting into as well.

Bill Pollock:

And turn those into questions because each person has ... one person's experience, someone might love it, someone might hate it, but go to the person that you're working with. Who will be my editor? What can I expect from your marketing people? Can I talk to your marketing people? What's the plan here? Ask those questions because ultimately you're trading off some percentage of revenue. It's not like if you get 15%, the publisher doesn't pocket 85%. It doesn't work like that. But ultimately you're trading off something for service. This is a service business. So if you're hiring any service, ask the hard questions before you sign the contract.

Joseph Carson:

So Bill, it has been honestly a pleasure and fantastic listening to you in the background. And I have to say is that you are doing such an amazing work in the industry because the quality of the books, the learning, even for myself, it actually has ... I am always looking for things that really push me to the next level and to continuously learn. And I've learned so much from the books that your company and you've brought to the industry and really helped, I think take some authors who are good and make them great and really take along that process. So I hopefully will get to catch up with you again probably at DEFCON or a Black Hat I guess will be the next opportunity. Any final words that you would like to leave the audience? If they have an idea, what would you say would be the next step if they've got something that really passionate about and they really have experience and a story to tell, what would be the first step or first thing that you would recommend?

Bill Pollock:

Don't email me directly because I might not see your email for three years, but email editors@nostarch.com. That routes to multiple people with your idea, I mean ideally there's a page on our site, a write for us page, which I wrote. That's what I'm looking for. I think every book needs a good plan and I can only do so much with an idea. And the problem with just the idea is like, you have one idea of another and you end up writing this book based on that idea. And I say, I can't publish this. So I really want to see a proposal. I want to make sure ... because that Practical Malware Analysis had an amazing proposal and we use that as a model. We'll send you the proposal, use it as a model. It's going to help any author to plan their work because writing a book is probably twice the amount of work or three times what you think it will be.

It should be an enjoyable process, but you need that plan. So I encourage people always to write the plan. And don't be offended if we don't just sign you based on the idea. Because again, signing a book that's haphazard means that we've got a lot of discussions to go through and a lot of frustration. And I need the plan and every author should have that plan. But find me at a conference or reach out to me, I'm happy to mentor. Even if you don't publish with me, that's okay. Or you're just like, you want to try it on your own. All right, I'll give you some advice. I'm not going to give you weeks' worth of advice, but I'll give you suggestions. Try this and here's the challenge. Ask the hard questions. Think for yourself. Dig in. Don't just take one person's opinion.

They tell you we're amazing. Don't assume we're amazing. Maybe we're a terrible fit. But ask those questions before you sign. Do your own due diligence. This is your baby. So someone's going to have you write something for eight to 10 months and sell a hundred copies. I mean, yeah, maybe you don't care about the money, but maybe you want to do a little digging, if you want to talk with us, talk with Wiley, talk with Pearson, talk with whatever. Just check out the options. You want to make sure to not alienate companies ... companies they like to hear that if it's a simultaneous submission that that's the case, at least I do. So we can know. But I think be upfront about that because ultimately you're dealing with a person on the other end. So that person is going to work with you at some level.

Ask for sample editing work. I'll do it. Ask for a sample. Tell me your marketing plan because you're basically buying that. This is a service business and publishers need to do a better job of servicing authors. It's a service business. So keep in mind that you are buying something, you're buying the work of it. Because you can go and take it to create space, you can take your project, but they'll monetize every piece. So what do you need? What do you want? If you don't want editing, then there's no value there. So what else can this publisher do.

And make us squirm a little bit. It's okay. I have nothing to hide. I'll tell you how we do our sales and distribution. I'll tell you where we're weak. I'll tell you where we're strong. I'll tell you why Books work. I'll tell you why they don't work. I'll suggest ways that you can approach your work. Use AI Tools ChatGPT if it's still around by the time this goes out, probably is. Use it to mentor yourself. Have us mentor you, listen to what ... if you respect your editor, listen to the suggestions that they make. I mean, my goal is always to help authors to make their books better. That's what I've done for my entire career.

Joseph Carson:

And you do that. Absolutely. It's such amazing to ... I think that's the lessons learned in your experience and the team that you have, it definitely takes an author and it makes it a great author. I can definitely, from the many books that I've read from No Starch Press, it is a big difference. Bill, it has been amazing having you on and it's been such a pleasure and it's great listening to you and talking with you. And again, many thanks for being an awesome guest on the show and we'll definitely make sure that all of the links to No Starch and other things, we'll make sure we get into the show notes as well and really looking forward for the future amazing learning that I will get from yourself and others.

Bill Pollock:

Thank you for having me on the show. It's been great. I love talking about my work.

Joseph Carson:

Absolutely been a pleasure. Look forward. So everyone, this is the 401 Access Denied podcast. And again, I hope this has been very educational for all the aspiring authors out there. Definitely take Bill's wealth of experience and knowledge and definitely look and make sure that you have a plan and go through it and prepare and ask the hard questions. So look forward to speaking with you again in the future. Everyone stay safe, take care and look forward to the next episode and podcast. So take care. Thank you.