The ultimate guide to publishing a best selling cybersecurity book
If you’re thinking about writing and publishing your own book, this comprehensive guide is for you. Get ready for a sit-down read, not a casual scroll.
Last week, my book Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup crossed a new milestone - over 4,000 copies of the book have been delivered by Amazon. That is not all. In the short 1.5 years since the book was released,
It became an Amazon Bestseller in several categories.
It was recognized as Book of the Year by the SANS Cybersecurity Difference Makers Awards.
It got reviewed and recommended for the Cybersecurity Canon Hall of Fame (hopefully one day it will earn its place there 🤞).
It is rated 4.8 stars based on 100+ reviews.
Hundreds of people have shared their pictures of the book, reached out with feedback, and shared ideas about how it can be made even better.
If all this sounds like a humble brag, bear with me because believe me or not there is a point I am trying to drive here. What is amazing about the success of this book isn’t the numbers or milestones themselves, but the fact that this book was entirely self-published, with no help from publishers, publicists, marketing consultants, and so on.
In today’s issue of Venture in Security, I will be discussing the recipe for this success. If you ever contemplated writing your own book, you may find this article highly relevant. I cover reasons to self-publish (and not to self-publish), why I took the path I did, how to approach writing the book, the outcomes it can lead to, and what it will not get you.
I am considering hosting a free webinar (or even a series of deep dives) about different aspects of publishing a book, from structuring the outline to doing marketing. If you are interested in being notified when it’s planned, you can express your interest here:
Tl;dr - 10 contrarian and hard-earned lessons about writing a book
This article is a very long and comprehensive read so unless you are actively thinking about writing a book, or already working on one, I doubt you’ll read the whole thing. For that reason, here are a few soundbites - 10 contrarian and hard-earned lessons about writing a book.
Self-publishing is better for domain-specific thought leaders
Traditional publishers add less value when you already know your niche and your audience. In cybersecurity, self-publishing gives you more control, better margins, and faster iteration cycles.
Most traditional publisher benefits are status-based, not ROI-based
Getting a big-name publisher can impress academia or press, but it won’t meaningfully improve sales, distribution, or credibility within your niche.
Writing a book won’t build your brand but it will reinforce an existing one
A book amplifies existing credibility; it doesn't create it. If no one knows or trusts you before the book, the book alone won’t change that.
Don’t write for money or fame - write to clarify your own thinking
The book's primary ROI is internal: it helps you sharpen, structure, and reflect on your worldview. Everything else - consulting, brand, networking - is downstream of that clarity.
Books are consumed differently than blogs, and that matters
Blog posts compete with other emails in people's inboxes and short attention spans. Books, even when unread, get a chance to live on desks and nightstands so they have higher attention surface area.
A 300-page book is just 60 blog posts in disguise
Long-form writing isn’t scary if you reframe it as consistent short-form output. Writing a book is less about brilliance and more about discipline.
AI can clean up your writing but it can’t think for you
Using ChatGPT to rephrase or summarize is fine, but outsourcing insight kills originality. AI content lacks the reflective nuance that comes from hard-earned experience.
You don’t need inspiration to write, you need a system
Waiting for the "muse" is a myth. The most productive writers treat it like a job: show up, write, edit, repeat.
Your book is a product so design and UX matter
Most authors obsess over ideas and ignore the experience of reading. Layout, flow, length, clarity - all these determine whether your book gets finished, not just bought.
Marketing starts before the book is written
Audience-building isn't a post-launch activity. If you’re not already talking about your topic, your book will launch into a void.
Why I wrote Cyber for Builders
I came to cybersecurity after having led product in several other fields including retail, wholesale, e-commerce, and financial technology. Over the years as I was learning about the new for me industry, I ended up talking to hundreds of people - security practitioners, founders, angel investors, VCs, industry analysts, community leaders, and many others. I quickly fell in love with the people and the security community at large. Everyone was exhibiting so much passion and a sense of mission, something I hadn’t quite seen before. The energy was contagious and I got hooked. There was also a lot of unnecessary complexity and buzzwords that took me too long to unravel (still working on it). However, I saw that most people had their hearts in the right place, and that to me is what matters.
Sometime into my cybersecurity journey, I have come to realize that while there are many great sources about the technical side of the industry, there is little about how it works on a higher level. I started Venture in Security with the simple goal - to help cybersecurity leaders, practitioners, founders, and investors shape the future of the industry. I wanted to shed light on the industry at large, going beyond product categories and news aggregation. I decided to focus on where there was very little insight - on talking about the business side of cybersecurity, trends defining the direction of the industry, and how different components and actors fit together. Several times per month, I would share my thoughts and learnings covering everything from industry trends, learnings about building companies, open source, security services, channel partners, venture capital, product management, and much more.
One day, while working on a routine article, I realized that blogging comes with an overlooked challenge. Every day, tens, and sometimes hundreds of new readers subscribe to Venture in Security. But when they do, they usually only read the posts that arrive in their inbox from that point forward. Almost no one goes back to explore the wealth of insights and thousands of hours poured into earlier pieces, whether they were published years ago or just a few weeks back. And to be fair, I’m no different when it comes to the newsletters I follow. Still, since I focus on writing evergreen content, I can’t help but wish more people would at least skim through some of my older work. But the reality is that no one has the time. This made me start thinking about what I could do to make some of my past work available to people who learn about Venture in Security years later.
Then came a second realization, one that ultimately shaped my decision to write a book. One weekend, as I was failing yet again to reach inbox zero, I found myself ruthlessly deleting almost every blog, newsletter, and notification craving for my attention. No one has time to read everything that lands in their inbox, and I’m no exception. But something different happened that day. After finishing the usual email whack-a-mole, I closed my laptop, made a peppermint tea, and pulled a random book off the shelf. As I started reading, it hit me: we treat reading blogs and reading books very differently. Every time I publish a new blog post, it competes with a mountain of distractions in people’s inboxes - urgent tasks, cold outreach, and a flood of other newsletters. My best hope is that the headline grabs enough interest for someone to skim the first few paragraphs before deciding whether to continue. A book, on the other hand, is a pre-commitment. When someone buys Cyber for Builders, they’re setting aside hours of attention in advance. They may not start it right away, and it might sit in a growing to-read pile, but unlike a blog post buried in an inbox, a book on the nightstand has a real shot at being read.
When a few friends and industry leaders started to encourage me to write a book (Richard Stiennon was the most persuasive), I was already certain I'd do it. What I didn’t know was when to start and how exactly I would approach it. A few weeks passed, and as I started to get clarity about the topic, and the rough areas I would like to cover, I concluded that before I even got started on the book, I already had 20-25% of the work done. Many of my past blog posts already touched on some aspects of what I wanted to say. Even if I couldn’t just compile them into a book (otherwise it would have been a 5,000 pages-long manuscript, not an easy-to-pick-up read), there already was some starting point I could build upon. When I started writing Cyber for Builders, I was about a quarter way into the finished book, which helped me to avoid staring at the blank screen not knowing where to begin.
Why I decided to self-publish instead of working with a publisher
Once I decided to write a book, the next question was how to actually do it. There are playbooks for just about everything in life, and book publishing is no exception. Ask people who’ve done it before, and they’ll likely give you a step-by-step: pitch a publisher, sign a contract, spend a year writing, collect a cash advance, hire a publicist, and so on (I wouldn’t know the full list since I never asked.) I’ve always been a believer in first-principle thinking, so rather than following the “proper” route, I approached publishing the same way I approach everything else: by asking what I’m trying to achieve, and what the most effective way to get there might be.
Most cybersecurity books are written for hackers, CISOs, and general audiences. I wanted to write a different book, one intended first and foremost for builders - startup founders, security engineers, open source tinkerers, marketing and sales teams, product managers, VCs, angel investors, software developers, investor relations and analyst relations professionals, and others who are building or aspiring to build the future of cybersecurity. I was clear on who the book was for, and I knew where to find them. If you’re trying to build a company today, odds are you’re on LinkedIn. Many are already among the 10,000+ readers of Venture in Security. And since builders are busy, most won’t read something unless a friend recommends it, so word of mouth would be key. Just as importantly, I knew what wouldn’t matter. My readers wouldn’t care who published the book, they’d care about the insight it delivers. They wouldn’t discover it in bookstores or industry announcements, instead they’d buy it online, probably with a single click.
All of this pointed me toward self-publishing. I knew my audience, I knew how to reach them, and I knew a traditional publisher wouldn’t help me do that. But what ultimately sealed the deal was one simple thing: freedom. I knew publishers would want to own the copyright. That alone wasn’t the issue, it was the second-order consequences that didn’t sit right with me, especially for the kind of book I wanted to write. For one, I’d already published a blog filled with valuable insights, and I knew I wanted to reuse 15-25% of it in the book. The idea that I’d have to rewrite every sentence just to make it "original" enough for a publisher to own it felt absurd. Writing, like code, is composable and reusable. If I already articulated a thought well in a blog post, why waste time rewording it just to satisfy a legal checkbox? That made no sense.
More importantly, I wanted control. I wanted the freedom to set the price, offer discounts, or even give the book away for free. I wanted to be able to update a paragraph anytime something in the industry changed (just upload a new version and let the next sold copy ship with the update). Startups evolve fast, and the book about startups should be able to keep up. None of that flexibility is possible when you hand over ownership to a publisher. The idea that I’d do the work but someone else would own the result felt wrong. My general approach is simple: if something matters to me and I’m going to have to do most of the work myself anyway, I’d rather control the process. It might seem harder in the short term, but the long-term ROI is always worth it. That’s how I handled immigration. Why wouldn’t I apply the same thinking to the book, especially if I’d be on the hook for marketing either way? (people assume publishers will handle marketing but at the end, authors have to do most of the work). All these factors combined made it a no-brainer for me to self-publish. I haven’t looked back, and for my specific situation, it was undoubtedly the right decision.
When you should write a book and what it won’t help with
One of the questions people ask me pretty often is “Was writing a book worth it for you?”. The only way to answer this question is to start with the reasons why one would consider writing a book to begin with.
When I was starting Cyber for Builders, I had a single goal in mind: expand my network and meet people working on innovative ideas that are going to define the future of the industry. I have always believed that by surrounding myself with people driven to make things better, I will naturally broaden my horizons, expand my thinking, and become a better leader. From this perspective, the return on investment has indeed been fantastic. Cyber for Builders enabled me to put my thoughts in front of over 4,000 people, expand my network, and solidify my brand as a cybersecurity startup leader. It led to many amazing connections with fellow entrepreneurs, investors, and ecosystem leaders, and it helped me to get invited into rooms that I didn’t even know existed. In short, the book took all the value I got out of writing this blog and brought it to a completely different level.
Outside of pursuing my personal interests, I was hoping I’d get an opportunity to help founders build the next wave of security products. A number of entrepreneurs have reached out since the book went out, sharing their perspectives, feedback, and lessons learned from their journey. It is clear to me that in a small way, this book was indeed able to impact some people on their builder journey.
Because my goals with writing the book were very general and open-ended, the return on investment has been great. If you’re thinking about writing a book, I suggest you start by figuring out what it is you are trying to do. Here are some of the things the book can help you with:
A book is a great and highly scalable way to share your learnings with the world, teach others your craft, and help move the industry forward, even just a tiny bit.
Writing a book forces you to clarify your own thinking, distill your knowledge into a cohesive narrative, and identify gaps that you’d benefit from filling. As Flannery O'Connor said, “I write because I don't know what I think until I read what I say.”
A book gives you near-instant credibility in your space. It elevates your profile and signals expertise, especially if the book is thoughtful, well-structured, and gets good reviews.
Books give you asymmetric reach. While blog posts get buried and forgotten, books get remembered - they sit on shelves, get recommended, and can keep reaching people for many years.
A book can help you build relationships, meet new people, get invited to podcasts, secure speaking gigs, and even start getting considered for board roles.
A book can be a great asset that you can repurpose into courses, keynotes, and consulting frameworks.
A book can drive real returns in the form of consulting and advisory opportunities.
A book is a meaningful personal milestone, one that gives people a sense of completion, fulfillment, and pride.
At the same time, it’s important to have realistic expectations about what the book is not going to do:
Writing a book won’t make you rich. In terms of financial outcomes, books on their own have pretty bad ROI. It can help you build credibility which you can then monetize in other ways (say, through consulting) but the revenue you get from the book itself, if you’re lucky to get anything at all, most likely won’t have a meaningful impact on your life. That is unless you are writing a mass-market bestseller, vs. a cybersecurity book.
Writing a book won’t make you famous. No matter how good your book is, you will need to invest a lot of time and effort into marketing if you want it to reach the readers. A book is not going to make you famous - you’ll need to put in time and effort into promoting it on social media, by sending email campaigns, establishing partnerships, etc. for people to even notice it.
A book won’t replace the need to build a personal brand. If people don’t already know or trust you, a book won’t magically build that for you. It can reinforce a reputation, but it won’t create one from scratch. Needless to say, poorly written books can actually hurt your personal brand more than help it.
People won’t read your book just because it exists. Most books people buy never get opened - everyone is busy living their lives and pursuing their personal goals. Unless your book is actionable and relevant to someone, people are unlikely to care.
The way I think about it, it only makes sense to spend time writing a book if you feel like you really must share something with the world. If, however, you see it more as something that “would be nice to do”, it can be a pretty bad investment of your time.
Actionable advice for writing a book
Develop writing muscle
Before you start writing a book, it’s incredibly useful to develop writing muscle. As with anything else, writing is a skill and the more you do it, the better you will get at it (that is assuming you actually do the work instead of just looking for AI-enabled shortcuts).
Before I started on my book, I had several years of experience writing a weekly blog. That gave me time to develop an intuitive understanding of what resonates with my readers and what doesn’t, develop my writing style, and build a perspective on many of the topics I’d eventually write a book about.
I cannot overestimate the importance of mastering the writing skill (I previously explained that to become a better cybersecurity startup founder, you need to master writing). Social media posts won’t do it - you will want to practice long-form writing, as that’s what gives you enough space to develop the understanding of flow, structure, and other aspects critical to writing a book. I find that for many people, the prospect of having to write a 300-page book can feel intimidating. What if I tell you that a 300-page book can start as sixty five-page blog posts? That’s the equivalent of writing one short blog post every week for just about a year. Given that you will want to both develop your writing skills and build an audience around the topic you are going to eventually write about, it may be a good idea to get started this way.
While I can’t promise this approach will work for everyone, I can say it’s worked incredibly well for me with Cyber for Builders. I chose to self-publish, which gave me the freedom to reuse parts of my earlier writing without needing to rewrite everything from scratch, something that wouldn’t have been possible with a traditional publisher.
The overarching idea here is simple: if you think you have so much to share with the world that you should write a book, why not start by writing a regular short blog first? That way, you can begin making progress on your future book early, improve your writing skills, get feedback early which you can then incorporate into the book, and figure out if you are truly interested in writing that book. Think of it as a minimum viable product (MVP) of the future book, with frequent pivots and iterations.
Decide if you are going to self-publish or work with a publisher
To decide if you should work with a publisher or take the self-publish route the way I did, I suggest you think about this from first principles.
First and foremost, you need to think if self-publishing is at all an option. Maybe you don’t have the upfront capital to invest in self-publishing ( many people, even a thousand dollars may be prohibitive). There are surely ways to rely on AI tools for most of the work or to ask friends and family for a lot of favors and not pay a single penny, but for those who don’t have these resources, working with a publisher might often be the only option.
Let’s say you can afford self-publishing a book, does that mean you should then do it? Well, that depends. As with everything in life, there are pros and cons to any decision.
Being published by a known publisher can impress traditional media and academic institutions, making it much easier to get your book into schools or colleges. Publishers will often provide authors with access to professional editors, designers, and publishing teams, and some may make it easier to distribute the book to brick-and-mortar bookstores. Lastly, you might get a small advance upfront though this will depend on the publisher and how well-known you are in your area of expertise.
There are also downsides to working with a publisher. First, you will usually have to give up copyright or at least exclusive rights to the book, something that may not be ideal for every author. This also means that you won’t be able to update or reuse content freely (especially blog posts or talks). Traditional publishing can be a pretty slow process as it can take 8-12 months or longer for a book to go live (in cyber, that can be an eternity with how quickly everything changes). Lastly, publishers offer lower royalty rates compared to self-publishing (typically 5-15% of net sales vs. 50-70% authors can get with self-publishing).
Self-publishing, on the other hand, comes with full creative control. The author will own the rights, choose the design, decide how their book is marketed and can launch in weeks or months, not years. For example, it took me about four and a half months to get Cyber for Builders out, from the moment I sat to write to the day I was able to order a test copy. Self-publishing allows authors to keep 50-70% of revenue through platforms like Amazon KDP and gives them the freedom to iterate (I can update my book at any time, just by uploading a new file to Amazon). Last but not least, I had full freedom to reuse my past work. When working on Cyber for Builders, I was able to incorporate my past blog posts, essays, and talks without legal friction.
Self-publishing does, however, come with its share of downsides. The author has to do everything on their own - writing, editing, formatting, cover design, and distribution are all on you. There is no built-in credibility: some people still equate traditional publishing with higher status (although this is fading fast). The way I think about it, being published by Whiley or similar will give you a credibility boost even if you don’t sell a single copy - nobody will know how bad your book did, and you will get the benefit of calling yourself a Whiley author. The credibility boost you can get from self-publishing a book is completely dependent on the book’s success. If Cyber for Builders didn’t get the response it did, it’d have little to brag about. Lastly, with self-publishing, you invest time (and usually money) upfront without guaranteed returns. That said, before you rule out self-publishing for financial reasons, read to the end as I will break down the math later in this post (spoiler alert: it’s cheaper than many of the certs people in cybersecurity pay for).
In the end, whether you decide to self-publish or to work with the publisher, you will need to do a lot of the work yourself. Regardless of the path you take, I suggest starting by understanding who your readers will be, where they are, and how you’ll best reach them. Be creative here. If you are writing a book for cloud security engineers, it may make sense to think about how you can get involved with events, conferences, and online communities that bring these people together. Having clarity about who you are writing for, and how they buy and consume books, will help you make a better decision about how to publish it.
Book topic and title
Think about your book the same way you’d think about launching a startup. What’s the fresh angle? The unique value? The thing that makes it stand out? There are already 300 books on how to do risk assessments - the 301st probably won’t move the needle unless it brings something new to the table.
I believe with startups or with books, it is critical to find a niche and own it. I knew my book wouldn’t sell tens of thousands of copies (fewer people are interested in building cybersecurity startups than in reading Harry Potter), but I focused on reaching as many people as possible within my niche. Part of the reason Cyber for Builders resonated with so many people is because it was the only book focused on building in cybersecurity while most of the industry was still talking only about risk. If you want your book to stand out, you will need to find your unique angle. It’s no different than deciding what idea to build a company around in that there are only two options: enter a crowded market and offer something better than what’s already out there (a better book about measuring risk, for example) or create a new market and offer something more niche that doesn’t yet exist (like what I did).
Don’t stress too much about the title upfront but do make sure you’re clear on the core message you’re trying to deliver. That clarity will shape everything else. I left the title until the end, but I still had a clear sense from the start of what the book was about and who it was for. Ask yourself: why does this book need to exist? The answer to this question will define everything else.
Come up with the book outline
Once you have a clear idea of the core message you want to convey, the next step is figuring out what you need to cover to make that message successful. This becomes your book’s outline, the foundation for your chapters.
I recommend taking it one step further: decide upfront how long you want the book to be. For Cyber for Builders, I set the target at 250 pages. Why? Because I wouldn’t pick up a 400-page book myself - it just feels too intimidating. Don’t get me wrong, I used to enjoy long reads, but these days I rarely have the time to dive into something that massive. And let’s be honest, most people don’t finish long books anyway. I wanted Cyber for Builders to be light, finishable, and packed with value.
Structuring a book is an exercise in math and prioritization. Once you know your target length and your key themes, you can work backward:
How many chapters do you need?
How long should each one be? (consistency matters)
What belongs in which section?
What can be merged or trimmed?
There’s always more we could write. The challenge is deciding what must be said, and fitting it into a structure that keeps readers engaged from start to finish.
Create a system around writing
Once you have a structure for the book, it’s time to build a structure for the writing process itself. I’m a big believer in what James Clear said: “You do not rise to the level of your goals. You fall to the level of your systems.” To produce hundreds of pages of value, it won’t be enough to simply have a goal of writing a book, and you can’t rely on bursts of inspiration. You need a solid system.
Personally, I found it impossible to write anything new during the weekdays, so I carved out time every weekend and treated it like a sprint. I’d spend 10-20 hours each weekend writing, every week for several months without skipping. Then, on weekdays, I’d spend 1-1.5 hours per day editing what I wrote the weekend before. That rhythm worked for me as it gave me both structure and momentum.
Your system doesn’t have to look like mine. Maybe you’ll write a chapter or two per week. Maybe you’ll write for an hour each morning. The exact structure doesn’t matter but having one does. Block it off on your calendar and treat it as non-negotiable. If you don’t do that, things will always come up and you’ll never be able to make progress.
Almost everyone says they want to write a book but very few actually do. It’s not because they have nothing to say, it’s because most people struggle with self-discipline and consistency. Having a solid writing system will create that discipline for you. Too many aspiring authors say things like, “I don’t feel inspired.” The thing is, despite what movies taught people, writing a non-fiction book isn’t about inspiration. You aren’t going to be stretching your imagination and coming up with plot twists and turns; you will be putting into words your experience. Writing a book about cybersecurity is about showing up. Don’t wait to feel motivated - just show up, glue yourself to the chair, and write. Then do it again and again until it’s done.
Modern tools for writing a book
In 2025, there are plenty of tools that can help people write almost anything in a very short amount of time. I love new technology but my take on writing and tools for writing is different from what many people preach on the internet. You can call me a laggard here but I didn’t use ChatGPT to write, edit, or do anything else for my book. The only way in which AI touched Cyber for Builders was when I was running the final manuscript through Grammarly.
My approach to using (or rather not using) AI in writing Cyber for Builders stems from the fact that as I’ve discussed, a critical motivator in writing a book for me was organizing my own thoughts. I wasn’t trying to generate a bunch of text; instead, I was looking for ways to organize my thoughts, observations, and years of experience in the field. I can’t deny that ChatGPT is useful for organizing notes, but I think it does not improve one’s ability to think. As someone in my thirties, with a good amount of experience, passion for what I do, and ambition to grow for years to come, one of the most critical goals I have for myself is improving the way I think. I do this by learning frameworks and mental models for thinking through different problems, trying to understand patterns, thinking from first principles, considering second, third, and fourth orders of consequences of important actions, and otherwise training my brain muscles. ChatGPT doesn’t help with any of that. Instead, it takes the craving for instant gratification the internet has already instilled in us and satisfies it quicker than ever before. AI is a great tool for data analysis and automation, but the moment we let it think for us, we will atrophy our brains quicker than anything else.
AI is great for automating manual tasks, iterating on ideas, and organizing notes. It wasn’t a fit for me when I was trying to lay out my thinking for the book, but I find it indispensable for a lot of the daily tasks.
If your goal is getting to the final manuscript as quickly as possible, AI can certainly help. I would still suggest that you write the whole book (yes, the whole book) yourself, edit and proofread it on your own, and only then use AI to give your book a final touch. AI tools are great for helping clarify, rephrase, and proofread, but you don’t want to put your name on ChatGPT-generated text and call that your book. As an author, you are not generating text - you’re sharing insights. There is a big difference between trying to find the best way to share your original insights and trying to generate insights; I suggest you don’t attempt the latter.
As for me, I wrote Cyber for Builders at home and at coffee shops with no connection to the internet. Writing a book is deep work, and I found that having access to the internet, and worse yet having a few open tabs flashing notifications to be a distraction.
Overcoming the writer's block
Although writer's block is undoubtedly a real thing, it doesn’t have to block anything. I am sure you can find all kinds of advice for dealing with writer’s block online, but I would like to share what has worked for me because I suspect it may be a bit different.
If you go to the gym, you will know that there are days when you show up with a lot of energy and enthusiasm but then end up having a terrible workout, and there are days when you question why you even came and 20 minutes later you’re having the best workout of your life. Writing is exactly like that. My approach to overcoming what they describe as writer’s block is to… write. If I have allocated 5 hours to writing, but I don’t feel like I have much to say, I may pick up a different chapter instead, but I will force myself to write for these five hours. Usually, I would find that even though the first 15-30 minutes may be truly painful (and I may later need to rewrite whatever I come up with during that time), an hour later I will get into the flow state and produce something of high quality.
The best way to overcome writer’s block, in my opinion, is to write. Once your brain knows that it won’t free itself from having to think by not being in the mood for it, it’s incredible how quickly it adjusts and starts to produce value.
Focus on the reader experience
When writing a book, it's easy to become overly focused on your own ideas, stories, and process but what truly separates a good book from a great one is a focus on reader experience. The most successful books aren’t just insightful - they’re easy to read and easy to navigate, and they were intentionally designed to keep readers engaged from start to finish. Clarity matters as much as content.
Start with the basics: structure your writing with the reader in mind. Use short, clear paragraphs. Break up large blocks of text to avoid fatigue. Guide readers with subheadings. Make your points sharp, and don’t bury your best insights in long tangents. Readers are busy, and to make them happy you have to respect their time. Editing is also non-negotiable. You can (and should) ask friends or peers to review your work, but don’t stop there. Invest in a professional editor because they will catch what others miss - clarity issues, awkward phrasing, pacing problems, and inconsistencies. A professional editor doesn’t just fix typos, they elevate the entire reading experience.
Don’t be afraid to experiment and do something unique. For example, Kyle Hanslovan of Huntress recommended that I add QR codes that take readers to my blog for deep dives on topics they’d like to read more about, and I am glad I did it because a bunch of people loved the experience.
Finally, don’t underestimate the power of great cover design. Whether we like it or not, people do judge books by their covers, especially in a digital world where first impressions happen in milliseconds. Your cover should be clean, professional, and aligned with the tone and audience of your book. It’s not just decoration, it’s part of the user experience.
Writing a book isn’t just about what you want to say, it’s about how your readers will experience it. Think of your book as a product. If it’s hard to use, hard to follow, or visually unappealing, fewer people will stick with it, no matter how good the content is.
Once the book is live the work just begins
Once the book is live, you are not “done”. On the contrary, that’s where hard work begins. Everything until this point can be done by following some sort of process (like the steps I described above). There are tools, courses, and plenty of advice about writing a book. I would argue that anyone can do it if they have enough patience and if they can make themselves follow some structure.
Once the book is live, however, things change. Now you need to get it into the hands of readers, and for that, there are no silver bullets and no universally applicable advice. It always comes down to your audience, who they are, where they spend their time, where they learn about new books, whether or not they are used to reading books, and a myriad of other aspects. Let’s discuss some of these aspects.
Marketing your book
While I won’t be able to provide you with tailored advice that would be relevant to your specific book, I’d be happy to share what I tried and what worked (and didn’t work) for me with Cyber for Builders.
Build the audience before you have the book
If you’re preparing to write a book, I’d assume you have something meaningful to say. And if you do, why wait until the book is done to start sharing it? Your goal should be simple: by the time you launch your book, you want as many people as possible to already see you as credible on the topic you’re writing about. If you’re already a frequent speaker or well-known in the field, great, that’s a head start. But even if you’re not, nothing is stopping you from building that reputation now. Start sharing your thoughts: post on social media, write a blog, or start a newsletter. Just pick a medium that works for you and show up.
I know many people with solid industry expertise feel uncomfortable about “selling” or “becoming an influencer”. That’s fair but here’s the truth:
If you want people to read your book, you will have to sell it. The world is saturated with content, and no one will magically discover your work without you putting in the effort. I believe there is a big difference between trying to sell yourself and trying to spread the word about your work. You don’t have to be thrilled about the former (I am not) for you to master the latter.
Selling doesn’t mean spamming. There are many ways to build the audience that feels authentic. For some, it’s LinkedIn, for others, it might be Reddit, BlueSky, YouTube, or long-form blogging. The key is adding value and consistently sharing what you know in ways that are helpful for others.
When I launched Cyber for Builders, I already had thousands of newsletter subscribers and LinkedIn followers who were interested in the topics I wrote about. That made the book launch much easier and far more successful than what it would have been if I had none of these ingredients. Audience-building isn’t optional anymore, it’s a critical part of publishing a book and I suggest you start on it now.
Recruit champions and supporters
One of the most impactful things you can do when writing a book is to actively involve others - champions, supporters, and contributors who can add value and help amplify your message. There are many ways to do this. You can ask respected voices in your field to write a foreword (I had two forewords for Cyber for Builders), invite people to contribute short insights or quotes (I had over 40 contributors), collaborate on a full chapter, or even bring on a co-author. You can also ask trusted peers to review early drafts or help you sharpen the messaging.
When other people contribute to the book, it becomes more diverse, more well-rounded, and more credible. Just as importantly, contributors feel a sense of ownership, and when people feel ownership, they’re far more likely to help promote the book and spread the word.
Involving others isn't just about networking, it's about making the book stronger and creating a built-in community around it before it even launches.
Make it easy for people to promote your book
It’s one thing to recruit supporters, and it’s another to get them to help spread the word. The key is to make it as easy as possible. People are busy, and even those who genuinely want to help often won’t unless you remove all the friction.
A great way to increase the chances that more people will spread the word about your book is to provide your supporters with ready-to-use marketing assets, such as sample social media posts, pre-written blurbs or talking points, as well as cover images, quotes, or snippets they can share. For close collaborators, you can even go a step further and pre-write social media content they can simply copy-paste and post. Don’t expect anyone to take an hour of their time and create their own promo materials, you will have to do the work for them, or nothing will happen.
Also, don’t forget that people need reminders. Life gets hectic, and even the most well-intentioned supporters might forget. Be prepared to follow up but do it gently, respectfully, and without getting annoying. A well-timed nudge can go a long way.
Do a big marketing push on a launch day
Once everything is ready - your book, your cover, your landing page, your promotional materials, it’s time to pick a launch day and go big. A coordinated, high-energy launch isn’t just for optics, it’s a strategic move. A single-day push helps you concentrate attention, maximize impact, and get your message in front of as many people as possible. Get all your supporters, friends, colleagues, contributors, newsletter subscribers, and social media followers to post, share, and amplify your book on the same day. Newsletters, LinkedIn posts, tweets, DMs - everything should hit at once. This is how you break through the noise.
Your goal is to create a spike, not just in attention, but in sales. Rankings on platforms like Amazon are based on how many copies are sold within a specific window, usually a day or a week. If you want a shot at bestseller status in any category, consolidating your efforts into one coordinated push gives you the best odds. A big launch day also builds momentum. It creates a sense of urgency and energy that you can carry forward into follow-up marketing, podcast appearances, and future content. Make sure everything is in place, links are working, assets are ready, and key supporters are aligned, and then hit “publish” and go all in.
Invest in social media
When it comes to marketing your book, social media will likely do most of the heavy lifting. Don’t shy away from it. Whether you self-publish or go through a traditional publisher, promoting your book is your responsibility.
Use the momentum wisely. Celebrate milestones, share behind-the-scenes moments, highlight reader feedback, and post frequently, especially during launch. You have a powerful window: the first 2-3 weeks after release is your moment to be loud. A couple of months later, you’ll need to dial it back to avoid fatigue. Six months later, you’ll need fresh reasons to bring the book up, like a podcast appearance, a major milestone, or an award. At launch, people expect you to be excited. You have a short window where you can be “annoying,” and people will actually cheer you on - use that to your advantage. Don’t miss the chance to promote while the energy is high because that’s when the biggest impact happens.
Be smart about going to podcasts
Publishing a book is one of the easiest ways to get invited to podcasts. It’s funny how, as a startup founder, it can be hard to land podcast spots, but once you’re an author, doors open much more easily. A book gives you a clear narrative, a defined topic, and built-in credibility.
Podcasts are great for visibility, relationship-building, and reinforcing your personal brand, but generally they won’t sell a ton of books, so if your goal is direct sales, you’ll want to manage your expectations. What podcasts do well is help keep momentum going and give you an organic reason to talk about your book on social media, in newsletters, and in conversations, without sounding repetitive or annoying.
One important note: not all podcasts are worth your time. If you’re using them to promote the book, make sure the show has some following, and ideally, that audience overlaps with your ideal reader. Otherwise, you're just talking into the void.
Ditch press releases
Issuing press releases for a book launch is generally not worth the effort or cost. In most cases, the ROI is minimal, if not zero. Press releases often get buried in inboxes, ignored by journalists, and read by almost no one who would buy or recommend your book.
Instead of spending hundreds or thousands on PR distribution, use that budget more strategically - send free copies of your book to friends, peers, and respected voices in your field. A personal recommendation or a thoughtful post from someone who genuinely enjoyed the book will go significantly further than a generic announcement that no one asked for. Word of mouth, especially in niche fields like cyber, is infinitely more powerful than a wire service.
Participate in book signings
Book signings can be a great way to build awareness and reach new audiences, especially if you're strategic about where and how you do them. If your book aligns with what certain vendors are doing, you might be able to partner with them for a book signing at major industry events like RSA or Black Hat. These conferences are packed with the exact kind of people who may benefit from your work.
That said, don’t overlook smaller, community-driven events like BSides. If your book speaks to practitioners, engineers, or builders, these grassroots events can be even more effective for meaningful engagement. The key is to be creative and willing to experiment. Traditional book promotion tactics are limited, especially if you’re covering niche topics like what I did. Thinking outside the box and meeting readers where they already gather can go a long way in getting your book into the right hands.
Let’s talk money
While I made it clear at the beginning that writing a book is a terrible way to make money, the conversation about money is still useful. I’ll be pretty transparent here so I hope folks find this information valuable.
Cost of self-publishing a book
Let’s first talk about the cost of self-publishing a book. Many people don’t realize that if they approach this initiative smartly, the cost can be quite low. The most basic costs are as follows:
Book editing
It’s important to know that there are different types of editing, from copy editing, line editing, and substantive editing, to developmental editing. I am not going to define what each is (Google and ChatGPT do that pretty well). What matters here is that depending on the type of editing you will need, it may cost you from relatively little to a lot. My approach was to do most of the work myself (I proofread the book a few times, ran through Grammarly, etc.), then ask friends for help, and only after I’ve done all that, to pay for a copy editor. Make sure that at least some of the people (your friends or the editor you hire) understand the domain and can help make sure you aren’t going to make factual mistakes.
For me, editing was a big deal since English is my third language, and I had no doubts I’d make mistakes. That said, even if you were born and raised in an English-speaking country, graduated with an English language degree, and won the Pulitzer Prize before, you should still get your book edited by a professional. A lot of the basic issues can now be caught by AI, but since your readers will be real humans, I highly recommend you don’t try to save on editing.
Layout design
The layout design is super important as well. You can always tell the difference between a book that was intentionally designed and one that wasn’t. Formatting and layout design matters a lot because they impact the user experience of a reader. I suggest you find a book or two with the layout design you like and bring that as an example to the designer. For me, it was Sounil’s Cyber Defense Matrix (side note - I highly recommend the book!). I liked the simplicity of the layout so much that I decided to work with the same layout designer who did Sounil’s book. The fact that he also did copy editing made the whole process much easier.
Obviously, there are plenty of freelancers you can find on Upwork, Fiverr, etc. but I’ll always work with people who come highly recommended over someone on another side of the planet who may not be. When you are working with a layout designer, make sure you provide them with the dimensions needed for print (Amazon has great support docs if that’s the path you are going to take), and get them to create layout designs for different book formats such as paperback, hardcover, and Kindle.
Cover design
Before anyone even opens your book, the only thing they will see is the cover. Getting a professionally looking cover is going to be very important. I am sure you can now generate something with AI, though not sure if I would do that given the potential issues with copyright and the like. I worked with Sean and the amazing Miscreants, a creative company building memorable brands, bringing new ideas to life, and helping cybersecurity ventures connect with their audience. The Miscreants team did a fantastic job, and I absolutely love the fruits of their labor.
ISBN
The last bit that is worth paying for is an ISBN. The ISBN, or International Standard Book Number, is a unique 13-digit identifier assigned to published books. Think of it like a barcode for books. In the US, the only official source of ISBNs is Bowker which as of April 2025 sells a pack of 100 ISBNs for just under $600. Canada, on the other hand, provides ISBN for free but only to its citizens.
If you are self-publishing a book on Amazon, you don’t actually have to buy an ISBN - Amazon will gladly give you one for free. The caveat is that you won’t be able to use this ISBN if you are ever interested in publishing your book outside of Amazon so you might as well pay that small price for freedom (I would recommend doing it).
Cost of self-publishing a book
When it comes to expenses needed to publish a book it’s no different than with anything else in life: you can go as low as you want or as high as you can afford. It cost me less than $4,000 in total to self-publish Cyber for Builders, which included everything I just described above. I thought that what I was going to bring to the world would be the face of my work, and I wanted it to leave a good impression. I am sure if I wanted to go completely nuts, I could spend $0, and if I had a $100,000 budget I could find a way to spend all that, too. Overall, if you are reasonable, if you can ask for favors where you can but also be willing to pay where needed, $3,000-$6,000 should be a reasonable amount to self-publish a 230-page book.
Marketing expenses
I didn’t have any marketing budget so all I did was pay roughly $350 to issue a press release. I quickly learned that there is absolutely no value in doing this so I would not recommend it. I then also purchased the cyberforbuilders.com domain and set up a redirect to a dedicated page on my blog.
In the end, I did a ton of marketing, from newsletters, social media posts, podcasts, and webinars, to in-person book signings. While there's a cost of my time associated with every one of these activities, I did not spend money on any of them. There is no reason why you would not be able to do something similar to what I did.
Revenue channels for book authors
The economics of self-publishing vs. working with a publisher
Statistically, most authors sell very few copies of their books. Those that work with publishers, generally get an advance, which is a term used to describe an agreed-upon amount of money paid upfront, before any sales occur. This can be anywhere between $5,000 and hundreds of thousands of dollars if the author is famous worldwide. Then, depending on the actual sales of the book, authors will start getting paid when (and if) they “repay” the publisher the original advance. The publisher will also take care of all the costs of getting the book out (editing, design, ISBN, etc.).
On the other hand, self-published authors have to cover the expenses themselves and they don’t get any advance. However, when they sell a copy on Amazon, they get much more money per copy sold than they would from the publisher. In other words, working with the publisher caps the downside (an author would generally not lose money), but also the upside (if the book becomes a worldwide bestseller, they will make less per copy than they would by self-publishing it).
Revenue channels
Let’s discuss revenue channels for self-published book authors.
Amazon book sales
Both the print and the Kindle versions of Cyber for Builders sell for $25. I set the price to $25 for several reasons:
I didn’t publish Cyber for Builders to make money, but I also didn’t want to lose money on it. After spending around $4,000 to bring the book to life, my hope was simply to break even.
I wanted the book to be accessible and reach as many people as possible. At $25, I felt the price was reasonable, especially in the U.S., Canada, the UK, Australia, and other developed countries. I didn’t want the cost to be a barrier or something people had to think twice about.
Everyone has a different threshold for what feels like a no-brainer purchase. For me, that number is around $30. Most good books I buy fall under that. When a book is priced at $45 or higher, it has to be exceptional for me to justify it.
The way Amazon divides revenue is rather interesting. On a $25 Kindle book, I pocket ~$8.75 per copy, while on a $25 paperback, I get ~$11.17 per copy. If you consider taxes, it’s not really much. Many people may be surprised that Amazon takes a bigger cut from Kindle sales even though all it does is make an electronic file available to an e-reader, but another way to see it is that they own distribution and can set rules. There are ways to increase some of these numbers, at least for Kindle, but then we get into exclusivity and other restrictions and I didn’t want to deal with any of that.
If you do some calculations, you can roughly estimate how much money I made from selling just over 4,000 books. Not bad for a side project, but also very far from being able to rely on it as an income source. You also have to consider that about half of these sales occurred in the first two months when the book was “hot”, and now the sales are stable but on the lower side.
Book signings
Book signings can be a solid way to generate additional revenue through both book sales and signing fees. Typically, organizers of these events pay a speaker or appearance fee (often a few thousand dollars) and commit to purchasing a minimum number of copies, usually around 100.
Amazon offers authors what they call “author copies” - printed versions of the book sold at cost. This is ideal for bulk orders, whether for personal use or when an event organizer wants to purchase books in volume. In those cases, I can facilitate the order and offer a discount on the listed price. It’s a win-win: they pay less per book, and I make a slightly better margin.
For a standard-sized signing event, authors can earn anywhere from $3,000 to $25,000. That said, while the economics look good on paper, these events can be tough to organize. Most companies are focused on keeping costs down, which makes book signings more valuable for networking and visibility than reliable supplemental income.
Other sources of revenue
If your goal is to make money from writing a book, the most realistic path is to treat the book as a reputation-building tool and monetize the opportunities it creates elsewhere. Speaking engagements, consulting, product sales, or brand partnerships are where the real revenue tends to come from. The book opens doors; it rarely pays the bills on its own.
For example, if you’re a consultant, publishing a book can help position you as a thought leader in your field, making it easier to win clients or charge higher rates. In my case, after releasing the book, I had dozens of individuals and companies reach out about consulting and collaboration opportunities. Unfortunately, I had to turn most of them down simply because I didn’t have the time.
Cyber for Builders is one of the things I am most proud of but not for the reasons you think
Everyone who decides to write a book in 2025, generally hopes that three things will happen:
That the readers will like the book and that they will recommend it to their friends (there is no better marketing than word of mouth).
That the book will sell in thousands and earn a best seller status (although it does feel like every book is a bestseller these days, it’s still on many people’s bucket list).
That the book will win a prestigious award relevant to its genre (prestigious and credible, that is).
I am incredibly proud that in less than a year since the official release, Cyber for Builders achieved all three. When the book was launched, it took social media by storm with over a hundred people posting selfies with their copy of Cyber for Builders, sharing their reviews, and recommending it to their friends. Following the launch, the book became an instant Amazon best seller in several categories. And, last December, Cyber for Builders was recognized as a Book of the Year by the prestigious SANS Cybersecurity Difference Makers Award.
I am beyond grateful to everyone who helped me make Cyber for Builders such a huge success. I know it may sound cliche, but this book would not have happened without the support of tens and even hundreds of people. It is truly a stone soup. From friends who encouraged me to write, to the industry leaders who were happy to contribute their thoughts and experiences, to those who helped to proofread the book, and many, many others, I am sincerely grateful to everyone who made this possible. You all are stakeholders in my success and that of Cyber for Builders.
Cyber for Builders is most definitely on the list of things that I am proud of. However, it is not because of all the accolades, ranking, publicity, and recognition. Instead, it is because just eleven years ago I immigrated to Canada without speaking a word of English. It has been a fascinating and believe me, not an easy journey learning the language at the age when most people in North America finish their colleges, building life in a new country, starting a new career, immigrating for the second time & moving to the US… I’ve never been afraid of hard work, but I spent years feeling insecure about my accent and how well I spoke English. It’s taken a lot to overcome that and get to where I am now. The success of Cyber for Builders is a great example of overnight success ten years in the making.
All that is to say that if you are looking to write a book, you can find a way to do it. It has taken me a decade to get to the point where I have the basic skills and abilities needed to write. If you speak the language fluently, you are about a decade ahead of me. And, if you have something of value to share, then what’s left is arguably the easiest part - to start writing.
Closing words
In writing a book and in life, be mindful of the wrong kinds of shortcuts and instant gratification. ChatGPT and other tools have made it easier to create and publish something, but they have also raised a bar for what it means to get people to care and read.
Five years ago, there were already thousands of new books written every day, much more than a reasonable person could follow or care about. At the same time, if you picked up a new book at that time, you knew that while its quality could be pretty bad, someone had invested a lot of time and effort into getting it written. Nowadays, people can “write” a book in 5 minutes, so when I see a new book I automatically assume it is probably trash unless there is a compelling reason to think otherwise.
There is not much skill required to “generate” something in ChatGPT with a single prompt. The key to remember is that there is a huge difference between a book that summarizes years of someone’s learnings and experiences and a book that contains a ton of bland text generated with a single prompt or several prompts. AI tools can summarize the average of text they’ve been trained on, but not cover the reflective nuances of things that don’t make it into the open internet. The latter is what I like to focus on, and what I suggest you do too if you’re interested in writing a blog or a book. AI-written content is like fast food for our brains: it’s everywhere, it’s cheap, it’s convenient, and most people in the majorityof cases will end up consuming exactly that. However, if you want to stay healthy, think clearly, and live a good life, it’s better to eat natural food and use your brains to think and write. Just like fast food chains haven’t devalued five-star restaurants, AI tools like ChatGPT won’t devalue thoughtful, human-written content. Convenience doesn’t replace craft, it just fills a different need.
