top of page

Why choose training from Real Security Doctor?

Well, first off, I'm one of the most qualified security risk practitioners on the planet, with over 25 years of practical industry experience in many areas of security.

 

Who else would you rather learn from?

​

Of course, that isn't a good enough reason on its own.

​

  • I use my broad sector experience to bring the driest, dullest subjects to life.

  • I provide additional professional value and signposts for future career development.

  • I use real-world examples to make the content relevant.

  • My pass rate for formal certification courses is exceptional because I teach the content in memorable ways.

  • I teach with (questionable) humour.

  • I am not contractually obliged to use any of the appalling quality 'official' course materials and teach the subjects in my own way.

  • I think differently about this subject because I understand it and the industry in ways that most people don't. If you want to set yourself apart from your competition, you need to know either more about this thing or think differently about it. With me, you get to do both.

​

UCISMplus.png

[U]CISM+ £999 ex VAT

This is the UNCERTIFIED Information Security Manager + programme. It is an online-only lecture series that anyone who wants to succeed at either CISM or CRISC should undertake. It is NOT approved by ISACA and does not include any testing materials or exam vouchers.

​

It takes the themes addressed in the official CISM course, blends them with those in CRISC, removes ALL repetition and factual inaccuracy and then introduces important elements from the CGEIT course.

​​

There is no hypocrisy here. I am well known for disliking the certification bodies and am openly critical of what they teach and how they teach it. That said, this represents what the 'standard' currently is, and anyone who wishes to work in information security management needs to know what that consists of.

​

Until you do, you cannot argue against it or travel beyond it.

This content is generally being taught badly, at too high a cost. My decision to deliver this programme in this way and at this cost is my attempt to redress the balance.

​

Instead of teaching this course in the usual way (by domain), I have instead broken it down into topics and themes. This reduces all the repetition and overcome the significant inconsistencies and contradictions in the official materials.

Unlocking real security influence.png

Unlocking REAL Security Influence workshop
£499 ex VAT

Many security practitioners complain that they don't get listened to. They complain of being sidelined, and that they cannot get the support they need. This is a critical failure, but it is not theirs. It is a failure in the industry to prepare them properly for the job.

​

I made my fair share of mistakes in this regard. I assumed that a rational appeal to the benefits of being protected would be enough to get organisational support. It doesn't work.

​

I spent years studying the concepts of leadership, communication, trust and influence, and the result is this online workshop. It has helped people move from the sidelines to the heart of the business. Previous participants have been promoted and even managed to move beyond being 'the security person' to become a more valued advisor.

​

This online programme contains video lessons and self-study reflective tasks. It presents a unique model for developing lasting, genuine influence without tricks or manipulation. It's the only programme of its kind in the world.

Unlocking real security value.png

Unlocking REAL Security Value workshop
£499 ex VAT

Alongside the issues of influence, many security practitioners simply cannot explain how they measure and demonstrate the value of their work. This presents a serious danger to their careers in the long-term. As businesses mindlessly embrace automation to perform tasks that require genuine insight, a security practitioner who can only tick boxes isn't going to survive their career. They need to learn how to communicate their value - without bullshitting.

​

That is where this online workshop comes in. You'll learn how to clearly identify and then express the value of protective security work in organisational terms.

​

This will change how you think about what you do - the first step towards changing how you communicate.

Unlocking your real security value.png

Unlocking YOUR REAL Security Value workshop
£499 ex VAT

The last online workshop in the trilogy addresses the problem of expressing YOUR real value as a security practitioner. Assuming that you did the previous workshop on Unlocking REAL Security Value, the next problem is why they should hire YOU and not someone else.

​

This reflective online workshop will help you to identify the value that YOU bring to the work you do, and help you to communicate it without resorting to ego or embellishment. When you know your value, it becomes obvious to everyone else.

​

This is suitable for consultants, job seekers and anyone who lacks the confidence to stand out from the crowd. If you can't, you'll be eminently replaceable.

Real Security Management.png

REAL Security Management Online™

This is the online training programme that supports the Real Security Management™ model. It contains additional detail not in the book.

This will be released in 2025.

Coming soon

Additional training and coaching programmes are not listed here. There is no point in discussing them unless I think they are relevant to you.

Book reviews

'I'm not going to lie, I'm at a complete loss for words after finishing your book. I have made many notes and will need more time to digest everything. It has very much changed my 'world view' on the industry and had me re-think many things. I liked the fact that as I was reading, I kept thinking to myself that I've had some of these thoughts before, but pretty much every mentor I've had convinced me I was wrong and being a junior, I felt I had no leg to stand on. And even more recently, in my new role where I am a one-man infosec dept, it shows how little we are cared about as they silo us. Honestly, just so taken aback by it. Thanks again, it was an awesome read!'

​

--

​

I enjoyed it immensely, the first book in a while that I've read in a single day. I'm a newcomer to the security realm, but it certainly flies in the face of 'conventional security' and makes you really think on what you do rather than just going through the motions that you've been fed on some certification course.

​

--

​

Let’s cut to the chase. Should you read ‘The Problem of Security’? Yeah, you should! Here is why I think you should. I’ll spare you the gory details as I couldn’t do them justice anyway, but here is what I thought.

​

I have many books about information security, on topics such as technology, social engineering, risk management, threat modelling, measuring ‘cyber’. You get the idea, I’ve read a lot of stuff on the subject. But since I’ve been working in Information Security, I have had a sense of disenchantment. It’s that same feeling of disenchantment I felt in my time as a Business Analyst learning about Ishikawa diagrams or the ‘5 Whys’. This is perhaps why I am receptive to Dr Richard Diston’s message, and I make no secret of this. I am one of those ‘poor, clueless bastards who found themselves in security and realised it was where they were meant to be’.

​

Dr Richard Diston lets you know from the very first page what his opinion on the state of the security is. In his own words “The whole thing is utterly fucked”. From what I’ve seen and experienced, I agree. From start to finish, this is a considered critique of the industry. Surgical in its precision, yet written in an informal tone, it’s not the usual impenetrable wall of techno-jargon you’ve come to expect from books about security. It’s accessible and can be read in an evening.

​

What this book does well is force you to consider what you have taken for granted. You know what a vulnerability or threat is, right?! Well you might need to reconsider this after reading this book. There is a real depth of knowledge hiding behind the informal way this book is written and no part of the industry is left untouched. Your fundamental assumptions and views about security will not be unmolested. Even, and especially . . . you, are the target of ire here.

​

You might not agree with everything Dr Richard Diston is saying, but I don’t think that’s the point of his book. I think the point is to make you reconsider what you take for granted and make sure that you have done the requisite thinking about your practice to be able to understand what you do at a deeper level.

​

It might and does feel that it’s written towards those who are already favourably disposed towards his ‘rabble rousing’. Even if you disagree with everything he states, shouldn’t you know what some of the counterarguments are to your views on the subject? That would be the responsible thing to do.

​

--

​

I’m thoroughly enjoying your 3 books. Halfway through the Real Security Management. I will write a review in due course but for me personally it’s not only revolutionary it’s actually compatible with the real world unlike everything else in the conventional educational and academic knowledge canon I’ve swallowed over decades.

The Risk management aspect is the most important stumbling block for me because it’s always been a futile effort and whilst I was on a journey in trying to rethink how it could be done with more utility and practicality you’ve arrived at a logical approach I would never have arrived at, as I kept hitting roadblocks. The simplification of a complex subject is obviously attractive to everyone but the work put into making it more accessible, and bulletproof is outstanding.

​

--

​

I have on my to do list is to write a review. After the past few years of building up a LinkedIn Book pile (saw a post, bought the book, read the first chapter, got distracted, added to the pile... then repeat) I decided to buy Dr Rich Diston's first book. Honestly - I experienced eye strain.... because I stupidly opened the book on a mobile phone and was so engrossed that I read the entire thing in almost one sitting... and then proceeded to buy the next 2. It is the most refreshing perspective I've seen on the topic: actual new thought leadership to the field and not a regurgitation.

​

--

​

Dr Rich Diston has created a security management model that will help capable practitioners embed fundamental protections for their clients. By removing the arbitrary fortune-telling practices of risk management, he has given the security industry a fact-based model to identify gaps in protection and help prioritise the implementation of controls. If you have the moral courage to take on the challenge, the model will give you the tools to add real value to your career.

​

--

​

A figure in the industry which often gets a lot of negative press has produced the most significant information security book I've read thus far.

I've read a fair few, and none of them goes into detail or depth and peels back the layers of human behaviour, risk vs security and influence quite like "Real Security Management" - by Dr Rich Diston.

While you may not agree with his views or approach, I encourage you to put emotions and feelings aside and dive into this book. It's positively impacting my day-to-day work, and I feel more in control of my career and profession despite being within technical security rather than the broader aspects of Information Security. Management.

This book has impacted my way of thinking and working more than "The Goal" impacted my operational mindset.

​

--

​

I purchased The Problem of Security and The Superior Security Practitioner. I did this because: 1.) I do believe that we view security through similar lenses, 2.) to support your work/cause (so far it has been a life raft), and 3.) for my own selfish reasons... As was stated in a previous LinkedIn post, 'a new perspective' was needed. I started looking in the books in search of this needed perspective.

I often read a book 3 times before I feel that understand and comprehend the (deeper) message. I am on round one at the moment. I had to put down The Problem of Security on page 8 because of anger (next to last paragraph). Not at you, but at the security industry situation as a whole.

​

--

​

When you’re reading an amazing book and you go through and highlight sections or parts or phrases that you want to come back to or, read again or, that resonate with you, you know it’s been a worthwhile experience.

Well, I’ve been readingThe Problem of Security by Dr Rich Diston.

The first problem is almost every single line is highlighted because it is that good.

​

--

​

A few chapters into "The Problem of Security" - by Dr Richard Diston, one cannot help but notice the myriad issues it unveils and the discrepancies and inconsistencies in the language employed by today's so-called "professionals." The content presented is thought-provoking and, at times, demands the reader to confront some uncomfortable realities.

​

I find myself compelled to re-evaluate numerous aspects of my understanding; I am in for an extended period of contemplation and reflection. Nonetheless, the book also ignites a desire to inspire change in my area of focus, ultimately contributing to its improvement.

​

Although "The Problem of Security" does not exclusively focus on technical security, it addresses the overarching issues surrounding the concept of security.

​

It is a good idea for prospective readers to approach it with an open mind and be prepared to relinquish some pride. I have yielded a significant portion of mine within the initial chapters (though, much like Rome, it can be rebuilt—Nero, take note).

​

An intellectually stimulating read such as this is essential for my growth as a competent SOC Professional. To truly excel in this field, thinking beyond superficial certifications and challenging the "accepted truths" perpetuated by some accrediting bodies is crucial.

​

Otherwise, I fear that I may remain merely the town crier of SOC, locked in a dark room screaming. "I can make things better.'

​

--

​

​

Real Security Doctor Limited is a UK registered company.

MENU

Legal nonsense

© 2025 The Real Security Doctor Limited.

All Rights Reserved.

bottom of page