top of page

WELCOME TO THE BITTER PILL WEEKLY POLL

The Bitter Pill is the snarkiest, most brutal weekly demonstration of security incompetence, ignorance and charlatanism in the world.

​

If you think you can handle it, sign up for The Bitter Pill newsletter. It lands every Friday and provides a savage assessment of the weekly poll results. It's sweary. It's rude. It's necessary.

​

It used to be hosted every Monday on Linkedin, but fuck those assholes. A platform full of people who are easily offended but deserve to be. Instead, I will post a new question here every Monday morning, and email the results every Friday. If I can be bothered. You fucking freeloaders get the amount of effort from me that you pay for. 🤣

Book reviews

'I'm not going to lie, I'm at a complete loss for words after finishing your book. I have made many notes and will need more time to digest everything. It has very much changed my 'world view' on the industry and had me re-think many things. I liked the fact that as I was reading, I kept thinking to myself that I've had some of these thoughts before, but pretty much every mentor I've had convinced me I was wrong and being a junior, I felt I had no leg to stand on. And even more recently, in my new role where I am a one-man infosec dept, it shows how little we are cared about as they silo us. Honestly, just so taken aback by it. Thanks again, it was an awesome read!'

​

--

​

I enjoyed it immensely, the first book in a while that I've read in a single day. I'm a newcomer to the security realm, but it certainly flies in the face of 'conventional security' and makes you really think on what you do rather than just going through the motions that you've been fed on some certification course.

​

--

​

Let’s cut to the chase. Should you read ‘The Problem of Security’? Yeah, you should! Here is why I think you should. I’ll spare you the gory details as I couldn’t do them justice anyway, but here is what I thought.

​

I have many books about information security, on topics such as technology, social engineering, risk management, threat modelling, measuring ‘cyber’. You get the idea, I’ve read a lot of stuff on the subject. But since I’ve been working in Information Security, I have had a sense of disenchantment. It’s that same feeling of disenchantment I felt in my time as a Business Analyst learning about Ishikawa diagrams or the ‘5 Whys’. This is perhaps why I am receptive to Dr Richard Diston’s message, and I make no secret of this. I am one of those ‘poor, clueless bastards who found themselves in security and realised it was where they were meant to be’.

​

Dr Richard Diston lets you know from the very first page what his opinion on the state of the security is. In his own words “The whole thing is utterly fucked”. From what I’ve seen and experienced, I agree. From start to finish, this is a considered critique of the industry. Surgical in its precision, yet written in an informal tone, it’s not the usual impenetrable wall of techno-jargon you’ve come to expect from books about security. It’s accessible and can be read in an evening.

​

What this book does well is force you to consider what you have taken for granted. You know what a vulnerability or threat is, right?! Well you might need to reconsider this after reading this book. There is a real depth of knowledge hiding behind the informal way this book is written and no part of the industry is left untouched. Your fundamental assumptions and views about security will not be unmolested. Even, and especially . . . you, are the target of ire here.

​

You might not agree with everything Dr Richard Diston is saying, but I don’t think that’s the point of his book. I think the point is to make you reconsider what you take for granted and make sure that you have done the requisite thinking about your practice to be able to understand what you do at a deeper level.

​

It might and does feel that it’s written towards those who are already favourably disposed towards his ‘rabble rousing’. Even if you disagree with everything he states, shouldn’t you know what some of the counterarguments are to your views on the subject? That would be the responsible thing to do.

​

--

​

I’m thoroughly enjoying your 3 books. Halfway through the Real Security Management. I will write a review in due course but for me personally it’s not only revolutionary it’s actually compatible with the real world unlike everything else in the conventional educational and academic knowledge canon I’ve swallowed over decades.

The Risk management aspect is the most important stumbling block for me because it’s always been a futile effort and whilst I was on a journey in trying to rethink how it could be done with more utility and practicality you’ve arrived at a logical approach I would never have arrived at, as I kept hitting roadblocks. The simplification of a complex subject is obviously attractive to everyone but the work put into making it more accessible, and bulletproof is outstanding.

​

--

​

I have on my to do list is to write a review. After the past few years of building up a LinkedIn Book pile (saw a post, bought the book, read the first chapter, got distracted, added to the pile... then repeat) I decided to buy Dr Rich Diston's first book. Honestly - I experienced eye strain.... because I stupidly opened the book on a mobile phone and was so engrossed that I read the entire thing in almost one sitting... and then proceeded to buy the next 2. It is the most refreshing perspective I've seen on the topic: actual new thought leadership to the field and not a regurgitation.

​

--

​

Dr Rich Diston has created a security management model that will help capable practitioners embed fundamental protections for their clients. By removing the arbitrary fortune-telling practices of risk management, he has given the security industry a fact-based model to identify gaps in protection and help prioritise the implementation of controls. If you have the moral courage to take on the challenge, the model will give you the tools to add real value to your career.

​

--

​

A figure in the industry which often gets a lot of negative press has produced the most significant information security book I've read thus far.

I've read a fair few, and none of them goes into detail or depth and peels back the layers of human behaviour, risk vs security and influence quite like "Real Security Management" - by Dr Rich Diston.

While you may not agree with his views or approach, I encourage you to put emotions and feelings aside and dive into this book. It's positively impacting my day-to-day work, and I feel more in control of my career and profession despite being within technical security rather than the broader aspects of Information Security. Management.

This book has impacted my way of thinking and working more than "The Goal" impacted my operational mindset.

​

--

​

I purchased The Problem of Security and The Superior Security Practitioner. I did this because: 1.) I do believe that we view security through similar lenses, 2.) to support your work/cause (so far it has been a life raft), and 3.) for my own selfish reasons... As was stated in a previous LinkedIn post, 'a new perspective' was needed. I started looking in the books in search of this needed perspective.

I often read a book 3 times before I feel that understand and comprehend the (deeper) message. I am on round one at the moment. I had to put down The Problem of Security on page 8 because of anger (next to last paragraph). Not at you, but at the security industry situation as a whole.

​

--

​

When you’re reading an amazing book and you go through and highlight sections or parts or phrases that you want to come back to or, read again or, that resonate with you, you know it’s been a worthwhile experience.

Well, I’ve been readingThe Problem of Security by Dr Rich Diston.

The first problem is almost every single line is highlighted because it is that good.

​

--

​

A few chapters into "The Problem of Security" - by Dr Richard Diston, one cannot help but notice the myriad issues it unveils and the discrepancies and inconsistencies in the language employed by today's so-called "professionals." The content presented is thought-provoking and, at times, demands the reader to confront some uncomfortable realities.

​

I find myself compelled to re-evaluate numerous aspects of my understanding; I am in for an extended period of contemplation and reflection. Nonetheless, the book also ignites a desire to inspire change in my area of focus, ultimately contributing to its improvement.

​

Although "The Problem of Security" does not exclusively focus on technical security, it addresses the overarching issues surrounding the concept of security.

​

It is a good idea for prospective readers to approach it with an open mind and be prepared to relinquish some pride. I have yielded a significant portion of mine within the initial chapters (though, much like Rome, it can be rebuilt—Nero, take note).

​

An intellectually stimulating read such as this is essential for my growth as a competent SOC Professional. To truly excel in this field, thinking beyond superficial certifications and challenging the "accepted truths" perpetuated by some accrediting bodies is crucial.

​

Otherwise, I fear that I may remain merely the town crier of SOC, locked in a dark room screaming. "I can make things better.'

​

--

​

​

Real Security Doctor Limited is a UK registered company.

MENU

Legal nonsense

© 2025 The Real Security Doctor Limited.

All Rights Reserved.

bottom of page