top of page

Let's get properly introduced.

Before you do anything, I recommend watching these introduction videos in numerical order.  Let's make sure you know what you are dealing with... I am not everyone's cup of tea, and most people are not mine.

1. Introduction to Real Security Doctor

​

Let's get off on the right foot, shall we?

3. About Real Security Doctor

​

Don't skip this. 

​

5. The mistake I made

​

I've made a LOT of mistakes. This is one that YOU might make, so let me help you avoid it.

2. We need to talk...

​

Still here? Good. Now watch this. Expect brutality.

4. Where are you?

​

It's time to talk about something more important - you.

6. Coaching and training options

​

Want my help? Here's how that might look.

The Real Security Doctor client portal

I decided it was time to create a platform for serious security practitioners to get together, free from the bullshit, apathy and idiocy that is rampant everywhere else.

​

You can get in there. You just need to become a customer.

​

I am done with 'pearls before swine'.

​

You'll be officially upgraded from 'filthy freeloader'  status because you bought something. I don't care if it was only a book or two - I genuinely appreciate your support, and you'd be welcomed into where I keep 'the good stuff'. And some well-meaning and affectionately delivered snark, of course.​

​

portal.png

The portal is dynamic, so you'll only see and get access to content relative to your level of engagement with RSD. When you become a customer, you'll get an invitation to the 'vanilla' version and can go from there.

​

It's the new home of the Surgery, and there will be all manner of good stuff coming your way. As I get to grips with the potential of this new platform, the more I see the possibilities.

​​

The portal is even available as a stand-alone branded app. Just open it in your mobile browser and look for the message that you'll get. This will make your engagement a lot easier.

​

As the portal develops, I am sure there will be plenty of opportunities to find new ways of using it and sharing great content with people worth sharing it with. The easiest way to become a client? Buy a book or three.

​

The books

There are currently 3, with more in the works.

The Problem of Security ipad.jpg

My first book was The Problem of Security.

​

I always had nagging doubts about the things I had been taught about security and risk management. Nothing quite fit in 'the real world' and during my doctoral studies I realised that the conventional body of security knowledge was critically, fundamentally flawed.

​

This book has been read by people all over the world, from all areas of the industry, and many people have thanked me for writing it. I describe what they suspected, excepted they couldn't put it into words and often felt that it was them 'not getting it'. They were happy to learn that it's not them. The industry, the body of knowledge and everything else is broken, smouldering bullshit.

​

Making things better involves understanding the problem in the first place.

​

It's a PDF, so no, the Ipad is not included.

1696258929.jpg

The second book was The Superior Security Practitioner.

​

After the first book, some people (who hadn't actually read it) accused me of being little more than a monkey who sits on the sidelines and throws shit at the industry. 'If you're so clever, why don't you tell us how to fix it.'

​

Fair enough. I thought long and hard about that, and realised that these critics all want yet another box-ticking exercise to improve the security industry - and that's the problem. Instead, I created a complete Occupational Competence Model that for what security practitioners need to be. The what we DO is ultimately less important. All the knowledge and competence in the world will make no difference if the security practitioner is someone of weak character. They won't survive their careers, regardless of how much they know.

​

This book discusses what we should be focussing on in our career and personal development.

RSM Ipad.jpg

The third (and most recent book) is - Real Security Management™ - presents my model and philosophy for value-driven organisational protection. This is the 'how' to do things better.

 

This book contains nine new trademarked concepts, more than any other book written on the subject ever written. This is new thinking, not some stale repetition of what you've heard before. You know that stuff doesn't work in the real world. This does and people are using it.

​

I took up the arguments from the first book about 'risk' and addressed them in a practical, useful and pragmatic way - successfully separating the objective reality of protective practice from the subjective fantasy of 'conventional wisdom'. Here, I present a model to support defensible protective decision-making, from 'what to protect' to 'how much protection'. 

​

It also provides a means for accurately demonstrating protective value in a defensible way, relative to what the organisation really cares about. 

Look out for the package deal option in the checkout to get all three.​

and coming soon...

Complete Bitter Pill.png

I teased this recently in The Surgery, and it appears that there is an appetite for it. As a result, I am going to publish a book that contains all of the Bitter Pill polls at the front and then each of the Bitter Pill newsletters at the back.

 

This will allow a reader/victim to score themselves on the polls and then check out how they did in comparison to the fuckwits that attempted it when I posted it on Linkedin.

​

The newsletters will be refreshed in this new delivery context, and I will expand on the thinking behind The Bitter Pill in general, including how it started and why it stopped. Are you 'the shit' or just shit?

​

Find out.
 

​Watch this space. If you want more information, get yourself into the client portal.

Career Diagnostic calls

If you want my help, it all starts with booking a zero-risk, no-obligation Career Diagnostic session.

 

We'll find out together what you want to do and what you need to do. It's not for talking about security stuff - it's about talking about what matters - your career. There is no need to 'prepare' for this. It's likely to be the first genuine conversation about your career that you've ever had.

 

If we can work together, the fee comes off the price of whatever in-person training or coaching you buy in the following three months. If I cannot help you, you get a full refund without argument. It's that simple. Zero risk.

​

Book your call using the button below.

Training, coaching and mentoring

It's worth explaining the difference.

​

I provide training to ensure that people have the knowledge they need. God knows that nowhere else in the security industry does that.

​

I provide coaching to ensure that people have the skills to use  their knowledge.

​

Imagine paying a tennis coach for lessons when you don't even understand the rules of tennis. You wouldn't. The same goes here. If people engage me for coaching and it becomes apparent that they don't have the knowledge they need, it won't work.

​

Training is about the subject - coaching is about your performance. Mentoring is about your personal development. I do that too, in the right situations.

​

Details about the online training that I provide are here, where you can find the courses that are currently available. I don't provide a huge amount of information about my programmes because that is not how I sell them.

 

Not sure what course to do? Book a career diagnostic. Doing so before spending money on a course is the smart thing to do, and it has saved people many thousands and years of their lives.

Live 2025 event

LIVE EVENT.png

The next Real Security Doctor Live event will take place in Manchester, UK on May 14th to 16th.

 

The last live event in 2024 was an absolute blast and minds were melted, and I expect this to be the same.


The first two days will be devoted to an in-depth look at Real Security Management™, delivered in a workshop style to apply the principles against real security management problems. It will include new content developed after the publication of the book for the visual representation of the model for reporting to the business.


The first two days cost £1400 and there are 15 tickets left at this price.


Delegates can choose to add the optional final day of the event, where I will discuss becoming a self-employed consultant and the business end of packaging and selling your insight on your own terms. There are 6 tickets available for the final day. The final day costs £1000.  This content could pay for itself many times over.


To attend all 3 days, the cost is £2400 ex UK VAT. If you want to attend, get in touch with me using the button below.

Not a Surgery member yet?

That is where serious security people get together to engage in a more thoughtful way about what they do. You don't even need to worry about what your fucking boss will say. Don't expect a bunch of 'cyber' assholes all jerking off over IT shit. If that is your thing, stick to LinkedIn or Reddit.

​

The Surgery is £75 per month (including any applicable taxes) and includes:

​

  • Access to the live monthly webinar (via Zoom) on the first Friday of every month (Noon, UK time).

  • Access to the large archive of recordings from previous webinars.

  • Access to the community, where you can interact with security people of quality.

  • Access to premium, Surgery-only content.

  • 10% discount on online training. (excludes coaching programmes and in-person events).

  • Direct engagement with Dr Rich with a slight reduction in snark.

​

The price you join at is protected from price rises for the life of your subscription. If you leave or fail a payment, you'll need to rejoin at whatever the current rate will be. Can't say fairer than that.

THE SURGERY.png

If you're in the UK, you can join the Surgery with the button below, which sets up a Direct Debit using GoCardless. You can cancel at any time, but don't expect to come back any time soon. I operate a 90 day window on leavers to avoid abuse of the service.

If you're outside the UK, you can sign up using Stripe below. Same rules apply.

Book reviews

'I'm not going to lie, I'm at a complete loss for words after finishing your book. I have made many notes and will need more time to digest everything. It has very much changed my 'world view' on the industry and had me re-think many things. I liked the fact that as I was reading, I kept thinking to myself that I've had some of these thoughts before, but pretty much every mentor I've had convinced me I was wrong and being a junior, I felt I had no leg to stand on. And even more recently, in my new role where I am a one-man infosec dept, it shows how little we are cared about as they silo us. Honestly, just so taken aback by it. Thanks again, it was an awesome read!'

​

--

​

I enjoyed it immensely, the first book in a while that I've read in a single day. I'm a newcomer to the security realm, but it certainly flies in the face of 'conventional security' and makes you really think on what you do rather than just going through the motions that you've been fed on some certification course.

​

--

​

Let’s cut to the chase. Should you read ‘The Problem of Security’? Yeah, you should! Here is why I think you should. I’ll spare you the gory details as I couldn’t do them justice anyway, but here is what I thought.

​

I have many books about information security, on topics such as technology, social engineering, risk management, threat modelling, measuring ‘cyber’. You get the idea, I’ve read a lot of stuff on the subject. But since I’ve been working in Information Security, I have had a sense of disenchantment. It’s that same feeling of disenchantment I felt in my time as a Business Analyst learning about Ishikawa diagrams or the ‘5 Whys’. This is perhaps why I am receptive to Dr Richard Diston’s message, and I make no secret of this. I am one of those ‘poor, clueless bastards who found themselves in security and realised it was where they were meant to be’.

​

Dr Richard Diston lets you know from the very first page what his opinion on the state of the security is. In his own words “The whole thing is utterly fucked”. From what I’ve seen and experienced, I agree. From start to finish, this is a considered critique of the industry. Surgical in its precision, yet written in an informal tone, it’s not the usual impenetrable wall of techno-jargon you’ve come to expect from books about security. It’s accessible and can be read in an evening.

​

What this book does well is force you to consider what you have taken for granted. You know what a vulnerability or threat is, right?! Well you might need to reconsider this after reading this book. There is a real depth of knowledge hiding behind the informal way this book is written and no part of the industry is left untouched. Your fundamental assumptions and views about security will not be unmolested. Even, and especially . . . you, are the target of ire here.

​

You might not agree with everything Dr Richard Diston is saying, but I don’t think that’s the point of his book. I think the point is to make you reconsider what you take for granted and make sure that you have done the requisite thinking about your practice to be able to understand what you do at a deeper level.

​

It might and does feel that it’s written towards those who are already favourably disposed towards his ‘rabble rousing’. Even if you disagree with everything he states, shouldn’t you know what some of the counterarguments are to your views on the subject? That would be the responsible thing to do.

​

--

​

I’m thoroughly enjoying your 3 books. Halfway through the Real Security Management. I will write a review in due course but for me personally it’s not only revolutionary it’s actually compatible with the real world unlike everything else in the conventional educational and academic knowledge canon I’ve swallowed over decades.

The Risk management aspect is the most important stumbling block for me because it’s always been a futile effort and whilst I was on a journey in trying to rethink how it could be done with more utility and practicality you’ve arrived at a logical approach I would never have arrived at, as I kept hitting roadblocks. The simplification of a complex subject is obviously attractive to everyone but the work put into making it more accessible, and bulletproof is outstanding.

​

--

​

I have on my to do list is to write a review. After the past few years of building up a LinkedIn Book pile (saw a post, bought the book, read the first chapter, got distracted, added to the pile... then repeat) I decided to buy Dr Rich Diston's first book. Honestly - I experienced eye strain.... because I stupidly opened the book on a mobile phone and was so engrossed that I read the entire thing in almost one sitting... and then proceeded to buy the next 2. It is the most refreshing perspective I've seen on the topic: actual new thought leadership to the field and not a regurgitation.

​

--

​

Dr Rich Diston has created a security management model that will help capable practitioners embed fundamental protections for their clients. By removing the arbitrary fortune-telling practices of risk management, he has given the security industry a fact-based model to identify gaps in protection and help prioritise the implementation of controls. If you have the moral courage to take on the challenge, the model will give you the tools to add real value to your career.

​

--

​

A figure in the industry which often gets a lot of negative press has produced the most significant information security book I've read thus far.

I've read a fair few, and none of them goes into detail or depth and peels back the layers of human behaviour, risk vs security and influence quite like "Real Security Management" - by Dr Rich Diston.

While you may not agree with his views or approach, I encourage you to put emotions and feelings aside and dive into this book. It's positively impacting my day-to-day work, and I feel more in control of my career and profession despite being within technical security rather than the broader aspects of Information Security. Management.

This book has impacted my way of thinking and working more than "The Goal" impacted my operational mindset.

​

--

​

I purchased The Problem of Security and The Superior Security Practitioner. I did this because: 1.) I do believe that we view security through similar lenses, 2.) to support your work/cause (so far it has been a life raft), and 3.) for my own selfish reasons... As was stated in a previous LinkedIn post, 'a new perspective' was needed. I started looking in the books in search of this needed perspective.

I often read a book 3 times before I feel that understand and comprehend the (deeper) message. I am on round one at the moment. I had to put down The Problem of Security on page 8 because of anger (next to last paragraph). Not at you, but at the security industry situation as a whole.

​

--

​

When you’re reading an amazing book and you go through and highlight sections or parts or phrases that you want to come back to or, read again or, that resonate with you, you know it’s been a worthwhile experience.

Well, I’ve been readingThe Problem of Security by Dr Rich Diston.

The first problem is almost every single line is highlighted because it is that good.

​

--

​

A few chapters into "The Problem of Security" - by Dr Richard Diston, one cannot help but notice the myriad issues it unveils and the discrepancies and inconsistencies in the language employed by today's so-called "professionals." The content presented is thought-provoking and, at times, demands the reader to confront some uncomfortable realities.

​

I find myself compelled to re-evaluate numerous aspects of my understanding; I am in for an extended period of contemplation and reflection. Nonetheless, the book also ignites a desire to inspire change in my area of focus, ultimately contributing to its improvement.

​

Although "The Problem of Security" does not exclusively focus on technical security, it addresses the overarching issues surrounding the concept of security.

​

It is a good idea for prospective readers to approach it with an open mind and be prepared to relinquish some pride. I have yielded a significant portion of mine within the initial chapters (though, much like Rome, it can be rebuilt—Nero, take note).

​

An intellectually stimulating read such as this is essential for my growth as a competent SOC Professional. To truly excel in this field, thinking beyond superficial certifications and challenging the "accepted truths" perpetuated by some accrediting bodies is crucial.

​

Otherwise, I fear that I may remain merely the town crier of SOC, locked in a dark room screaming. "I can make things better.'

​

--

​

​

Real Security Doctor Limited is a UK registered company.

MENU

Legal nonsense

© 2025 The Real Security Doctor Limited.

All Rights Reserved.

bottom of page