The Art of Report Writing

Enhance report quality and understand the full pentest process. Learn key phases, efficient tactics, with exercises and a final report assignment. Gain skills for thorough findings, improve writing style and review effectiveness.

Buy Now

Why Buy this Course?

Everyone knows that hackers are thirsty for knowledge and strive to be deeply technical individuals. However, two of the biggest areas I've seen professional hackers lacking in are report writing and client communication. Since it's the least favourite part of hacking for a living, these soft skills are often forgotten and can hold back significant potential and career advancement.

When you learn that your client is a resource to power your assessment, and that a report document is often the only deliverable they will receive, you'll realise how important it is to spend time improving your communication and report writing abilities.

This course will fast-track these soft skills by guiding you through the entire assessment process—from receiving the scope, to creating and delivering reports, and verifying that clients have remediated the findings. Clients will receive comprehensive reports that clearly outline risks and recommended remediation, minimising the need for follow-ups.

Lessons will aim to instil the feedback I've given my team members in the past that propelled them from average to excellent report writers.

- Luke Rogerson

Practical Learning

Understand how to enhance your report quality and improve the efficiency of the reporting and pentest process. Learning through examples, exercises and a final assignment, you'll have plenty of opportunities to put your learning into producing exceptional report content.
Skills Acquired

Improve your report writing by being more thorough and thoughtful. Learn to critically review your own work and understand the impact and context of your client's environments and services. The course includes many tips and insights to enhance productivity and efficiency.
Real-World Application

This course goes beyond skill-building, to equip you with the essential knowledge needed to tackle real-world reporting and client challenges. You'll learn to communicate effectively, strengthen client relationships, and drive actionable security improvements. It prepares you to manage demanding clients and meet the rigorous demands of the cyber security field.

Course curriculum

1. Chapter Introduction
  FREE PREVIEW
2. Pre-assessment Tasks
3. Pre-assessment Tasks - Exercises
4. Kick-off Meetings - Standard Kick-off
  FREE PREVIEW
5. Kick-off Meetings - Technical Kick-Off
6. Kick-off Meetings - Exercises
  FREE PREVIEW
7. Client Report Consumption
8. Client Report Consumption - Exercises
9. Report Audience
10. Report Audience - Exercises
11. Communication During the Assessment
12. Communication During the Assessment - Exercises
13. Chapter Summary
1. Chapter Introduction
2. Consistency
3. Consistency - Exercises
4. Grammar
5. Grammar - Exercises
6. Conciseness
7. Conciseness - Exercises
8. Tense
9. Tense - Exercises
10. Voice
11. Voice - Exercises
12. Tools
13. Tools - Exercises
14. Facts vs Opinions
15. Facts vs Opinions - Exercises
16. Writing in a Second Language
17. Writing in a Second Language - Exercises
18. Fancy Words & Colloquialisms
19. Fancy Words & Colloquialisms - Exercises
20. Chapter Summary
1. Chapter Introduction
2. Chapter Introduction - Exercises
3. Overview
  FREE PREVIEW
4. Overview - Exercises
  FREE PREVIEW
5. Miscellaneous Data and Sections
6. Miscellaneous Data and Sections - Exercises
7. Executive Summary
8. Executive Summary - Exercises
9. Recommendations
10. Recommendations - Exercises
11. Overview of Findings
12. Overview of Findings - Exercises
13. Scope
14. Scope - Exercises
15. Caveats
16. Caveats - Exercises
17. Findings
18. Findings - Exercises
19. Appendix
20. Appendix - Exercises
21. Additional Report Sections
22. Additional Report Sections - Exercises
23. Chapter Summary
24. Chapter Exercise
1. Chapter Introduction
2. Chapter Exercises
3. Finding ID
4. Finding ID - Exercises
5. Severity and Risk Ratings
6. Severity and Risk Ratings - Exercises
7. Other Finding Metadata
8. Other Finding Metadata - Exercises
9. Title
10. Title - Exercises
11. Impact and Context
12. Impact and Context - Exercises
13. Description
14. Description - Exercises
15. Description - Additional Context
16. Description - Additional Context - Exercises
17. Making Description Openers More Concise
18. Making Description Openers More Concise - Exercises
19. Evidence
20. Evidence - Exercises
21. Redaction of Secrets and Sensitive Data
22. Redaction of Secrets and Sensitive Data - Exercises
23. Recommendations - Introduction
24. Recommendations - Fixing what was Found
25. Recommendations - Finding Other Instances
26. Recommendations - Preventative Recommendations
27. Recommendations - Examples
28. Recommendations - Considerations and Summary
29. Recommendations - Exercises
30. Location or Area
31. Location or Area - Exercises
32. References
33. References - Exercises
34. Finding Templates
  FREE PREVIEW
35. Finding Templates - Exercises
  FREE PREVIEW
36. Tool Output Text for Issues
37. Example Issues
38. Chapter Summary
1. Chapter Introduction
2. The QA Process
3. The QA Process - Exercises
4. Preparing for QA
5. Preparing for QA - Exercises
6. Dealing with QA Feedback
7. Chapter Summary
1. Chapter Introduction
2. Secure Storage, Secure Delivery
3. Secure Storage, Secure Delivery - Exercises
4. Finding Spreadsheet
5. Finding Spreadsheet - Exercises
6. Chapter Summary
1. Chapter Introduction
2. Post Assessment Meeting
3. Post Assessment Meeting - Exercises
4. "We want to remove this finding from the report"
5. "We want to remove this issue from the report" - Exercises
6. "We disagree with the risk rating for this finding"
7. "We disagree with the risk rating for this finding" - Exercises
8. Requesting Feedback
9. Requesting Feedback - Exercises
10. Chapter Summary
1. Chapter Introduction
2. Remediation Verification - Introduction
3. Remediation Verification - Preparing
4. Remediation Verification - Finding Status and Closing Findings
5. Remediation Verification - Capturing Evidence
6. Remediation Verification - Tracking Results - Updated Report
7. Remediation Verification - Tracking Results - Other Documents
8. Remediation Verification - Lesson Summary
9. Remediation Verification - Exercises
10. Removing Issues from Report When Remediated
11. Removing Issues from Report When Remediated - Exercises
12. New Findings
13. New Findings - Exercises
14. Chapter Summary
1. Chapter Introduction
2. Motivation vs Discipline
3. Limiting Distractions
4. Bullet Points into Paragraphs
5. Chapter Summary
1. Assignment Format, Goals and Prep
2. Guidance
3. Assignment - Introduction
4. Assignment - Scope and Context
5. Assignment - Findings
6. Assignment - Self Assessment Task
1. AI and its Place in Report Writing
1. Beyond the Course

About this course

149 lessons
£199

FAQ

Do I need to have any cyber security experience to understand the course content?

It would be preferable to have some cyber security penetration testing experience, although not essential. As a self-study course it is expected that students will research and learn any terminology or practices that they are unfamiliar with that are referred to in the course.
Do you cover red team reports?

Writing red team reports is not covered on this course. However, much of the core reporting concepts in terms of content and delivery would be transferable to red teaming reports.
Is there any more information on what's covered in the course or examples of what the lessons are like?

Yes. Check out the free lessons - All of the lessons in the "Introductions" chapter are free and will tell you a bit more about the course. There are also a number of other free lessons throughout the course.
Are there any practical elements to this course?

While there are many exercises in the course that ask you to perform tasks, none are related to testing vulnerabilities. The course does contain some exercises that might cover testing some tooling, however, any evidence required for writing up findings for reporting exercises is provided in the course.
Is there an exam for this course?

There is no exam, but you can earn a certificate of course completion by finishing all the chapters.

Testimonials

Student Reviews

Incredibly thorough and insightful

Adam Worricker

So much depth and breadth in this course! Certainly helped me realize the differences between a ‘good’ and ‘bad’ report, and has helped me to improve both my...

So much depth and breadth in this course! Certainly helped me realize the differences between a ‘good’ and ‘bad’ report, and has helped me to improve both my deliverables and communication with clients

Read Less

Fantastic course

Sam Oughton

A great course with loads of useful tips to improve my report writing, accompanied by well thought out exercises for me to hone my new skills!

Read Less

Great Instructor and Great Course

Daniel Lopez

For a large part of my career I was fortunate to work with Luke. I was able to personally experience all the knowledge that he has ended up capturing into th...

For a large part of my career I was fortunate to work with Luke. I was able to personally experience all the knowledge that he has ended up capturing into this course... and I can say that it completely transformed my reporting skills. I wholeheartedly recommend this course. I've seen the effort Luke has put in to making this, and I had the opportunity to review the amazing content before its public release. If you want to grow as a pentester, this course is for you.

Read Less

Instructor

Director Luke Rogerson

Director of ogSec Consulting Ltd
ogsec.co.uk
--
Luke brings a significant amount of experience from his 10-year tenure as a cyber security consultant, where he specialised in leading and participating in technical due diligence assessments for high-profile mergers and acquisitions. His expertise extends beyond conducting security assessments to include code reviews and web application testing, as well as reviewing team outputs. His commitment to high reporting standards ensured that clients always received quality reports and findings, enabling them to make informed decisions based on the informative and contextual deliverables.