top of page

Client reviews and testimonials

To make this easier, I've split them into reviews for coaching and training services, and the books.

Training & coaching

 

'Just want to thank you for putting together a fantastic training product, finished it yesterday and I haven’t gone through anything so refreshing – going to struggle to look at IT/InfoSec without wanting to giggle like a child.'

​--

​

'There’s no subtle way of saying this: Dr Diston bluntly and completely disembowels the status quo around security and risk management, justifies why it’s not fit for purpose, and introduces principles that actually achieve results in the real world.

If you are ready to reconsider your understanding of security practice, to swallow a bitter pill, to become one of the minority of practitioners actually helping businesses be safer rather than fluff up a failing bureaucracy, if you actually care, then this course is for you.

It’s quite simply the best I’ve ever seen. It actually gave me goosebumps, and frankly, any course that goes against the present failing thinking shouldn't be ignored.'

--

'I have followed Dr Rich for some time on LinkedIn and enjoyed reading his insightful content and pictures of his cat. He is a breath of fresh air in the security and risk management field and isn’t afraid to challenge the status quo.

​

I consider myself to be well read in the SRM field with a sprinkle of real world experience and sometimes need a nudge in the right direction, call it a professional hug. On many occasions Dr Rich’s content has done this for me by confirming what I already knew or by introducing new perspectives on approaches to different challenges. I appreciate Dr Rich’s candidness when talking about the real issues and monumental fubars at operational level that I have also had first-hand experience.

What price do you put on continual improvement? Dr Rich’s content continues to add value to my learning and translates well into my everyday work practices.

​

Sharing is caring and I would highly recommend Dr Rich’s content to industry newcomers and old hands alike, maybe it is time to teach an old dog some new tricks.'

​

--

​

'I just completed the Real Security Practitioner course and I cannot begin to tell you how invaluable this course is! I feel as if I now hold an immense amount of power just from the knowledge that I’ve gained through the course. This alone is worth the VIP membership I purchased. Thank you so much for creating it! I learned things not even my masters program taught, things that are foundational for any security practitioner and that have provided so much clarity for me. I feel like I’ve been walking around with a blindfold, just doing what everyone was doing, even though none of it made sense. I’ve never bothered to question it because I did not have anything to base that questioning on. Now I do! Thank you again!

​

I am re-watching it to make sure I get a good grasp on all the concepts. Time well spent!'

​

--

​

'It's friggin awesome. It's clear, concise, precise, easy to understand, "measurable" (boy is that great to show to board or C-Level), actionable, and, best of all -> defensible and easy! No more BS! Don't take my word for it. Go and find out for yourself, (as any properly educated grown up would do).'

 

--

 

'The joint [U]CISM+ course is a must course for all Security Professionals or those wishing to pursue a career in Information Security. A massive personal thanks to Dr Richard for making this course really enjoyable, providing extensive personal knowledge and anecdotes which made technical elements easy to understand. A truely outstanding instructor and I will definitely be booking further courses with him. Once again, many thanks for an excellent course'

​

--

​

'HOLY FUCKING SHIT!

​

This is a testament that you can be a security practitioner without feeling like a fraud and struggling with all kinds of syndrome etc. I just completed Dr Richard Diston's 2 day Real Security Practitioner Course at a hefty price and IT WAS WORTH EVERY PENNY.

Until now, I have been trying to make a career out of Cyber Security and Penetration Testing in an attempt to make a difference from a security perspective. Despite spending all my resources and doing everything the right way, I felt like shit because I couldn’t demonstrate any kind of real value that I could add from a security perspective to an organization!

​

The stages when you attend the Real Security Practitioner…

​

1.    Oh that’s bad

2.    Oh that’s even worse

3.    Oh That’s the fucking problem of security

​

Then comes in the knowledge empowerment.

​

1.    Oh yeah, that makes sense

2.    Oh yeah, that clears it up

3.    Oh yeah, that is it

4.    Oh yeah, this is the way to do it

5.    Oh yeah, this is the way how you can do it right

6.    Oh yeah, this is some serious level shit which can change my career!

7.    Oh yeah, that’s how I demonstrate my value to the organization

8.    Oh yeah, that’s how I can do it without compromising my values

9.    Oh yeah, that’s how I get the collaboration of the organization

10.  Oh yeah, that’s how I protect the organization with the organization

​

By the end of the course I was like a funko pop bobble head toy! All the years I spent learning, mastering or whatever the hell I was doing it was all pointless without direction until now.

​

If you have read his second book – “The Superior security practitioner” where he describes an individual of the current state and if you feel like he’s describing you, please go ahead and enroll in this course – your future self will thank you for making this decision.

Dr. Rich – Thank you from the bottom of my heart for the clarity and purpose you brought into my professional life.'

​

--

​

'Dr Rich, Firstly, thanks for your time and evident passion this week, the content of the combined course was incredibly insightful! Having completed the recommended reading I did feel slightly overwhelmed with tech jargon and acronyms, I was slightly apprehensive about the course. Three mind melting hours and the muddy waters cleared. I've done the 'generic' tests on various 'learning' platforms and honestly, pre-course I failed most of them! Finished the (U)COMBO course yesterday, got up this morning and passed 3 straight off. Re-reading content in the books I now feel I understand it, not just trying to memorise it for an exam, that's down to clear, insightful and well delivered training from a very well informed position! If anything this course has ignited my thirst to pursue a new career with vigour, invest in my education, add value to an employer and organisation and most importantly to make me credible while doing so! CISM tomorrow morning, CRISC Monday, I will see how I get on but I'm confident! Without doubt, not only an educational course but an engaging experience, raw and without 'fluff'. Sincerely, thank you.

​

Once that's done I need to book (yes, and pay!) for a session aimed at roadmapping out my next steps as far as education and certification go (but only where required!). Without doubt, not only an educational course but an engaging experience, raw and without 'fluff'. Sincerely, thank you.'

​

--

​

'The [U]CISM+ combo course was delivered in an interactive and open environment by a knowledgeable teacher with real world insight, who has a brilliant ability to make every topic both informative and interesting. Thank you for going the extra mile to explain in depth not just what is required, but why and how it should be done properly. You really are a terrific teacher and I’m glad that I found you at the beginning of my transition and can learn from you so I can do it right -thank you for all that you do.'

​

--

​

'Just a quick note to say the value of your [U]CISM+ course clearly paid out. Passed the exam in 1.5 hours without ever touching ISACA's over priced manual. More critically, it wasn't the material but the mindset I found most beneficial from your content. Anywho, cheers and I continue to follow your feed.'

​

--

​

'Awesome course, really informative. Richard made the material easy to understand and even managed to add humour to it. Thanks a million!'

​

--

​

'The Dr listened to my answers to his questions and provided me with some guidance in a direction. He gave me a direction I didn’t even realized I needed at the time. This chat will not be a waste of your time!'

​

--

​

'It was really insightful, having a framing and structure in order to understand and reflect is immensely useful. I've done a lot of reading around concepts of influence with a lean towards understanding social engineering and how empathy can be applied to either influence or manipulate. This brought a lot of these concepts together in a way that can be used a security practitioners in a work context but it was reassuring that core principals and values are reasserted throughout. Powerful stuff, it was a good time.'

​

--

'There's only a handful of people who can convince me to get up at 3am for a training course... Dr Rich Diston is one of them.

I had the opportunity to attend another one of his courses this morning, 'Unlocking Security Influence'.

​

It was an incredibly insightful look into the mirror about how we operate as security practitioners and how we can better plan our interactions across the organization to achieve more favorable outcomes. The amount of insight, experience, and work that goes into these courses is evident, and usually leaves me with weeks worth of ideas to chew on.

​

As usual, it was delivered with his signature snark that makes it engaging and approachable even when the introspective look gets uncomfortable.

​

I couldn't help but cringe a little bit thinking about some of my previous peer interactions and how many of the mistakes I could easily pinpoint. But a fantastic opportunity to do better in the future and learn from my mistakes.

I can't say enough good things about how much I've learned from Dr. Diston and look forward to continuing finding the uncomfortable places where I can learn new skills! Do yourself a favor and add Real Security Doctor to your learning plan.'

​

--

​

'So, on Wednesday I was part of the cohort that Unlocked Security Influence with Dr Richard Diston. Building on previous persuading, influencing and relationship training I'd done (including a genuinely excellent course with Oxford Said Business School years back) it was arguably from a security perspective the best piece of education I've ever received.

​

The contextualisation around security practice as opposed to more generalised relationship models made it all directly applicable in context immediately. The models were richer and more detailed than those I'd used before and yet effortlessly simple to use.

​

If I had one critique it would be that there was a large amount of introspection involved on times I had clearly screwed up in the past. This was powerful, helpful and massively uncomfortable. The Doc's glee at this aspect was well-deserved. I only swore at him under my breath.

​

Almost annoyingly brilliant, this course was worth its weight in platinum.'

​

--

​

'When I enrolled in Dr. Richard Diston's "Unlocking Security Influence" workshop, I did not really know what to expect rather my question to get better in establishing relationships when people are approached by a security practitioner like me and my colleagues and how to talk to the business. Frankly IT and Business are diametrically opposed in terms of their nature of colourful personalities and that's fine. The course gave me a structured understanding of how to influence from a security context and connect as a human being.

​

The magic of this workshop lies in its ability to bridge the often cold, impersonal, imaginarily constructed world of tech with the rich, complex landscape of human relationships. In today's rapidly evolving technological age, where it's so easy to focus on risk and vulnerabilities, and to approach business people with a charisma of fear, Dr. Diston's approach is a breath of fresh air. It's an approach that recognizes the importance of establishing partnerships, solving problems collectively, co-creating, and building long-term relationships. This is not just about navigating fast-changing technology; it's about navigating human connections in the context of that technology.

​

It's curious, and perhaps an oversight, that such as crucial as interpersonal skills aren't a core part of our certifications. In a world where technology has the volitale ability to easily disconnect us, where big tech disruptions sometimes threaten to unravel society's fabric, it's courses like these that remind us of our shared humanity.

​

Dr. Diston, thank you for not just teaching us about security but about the essence of being human in a digital age.'

​

--

​

'I booked the call with Dr Richard Diston because I have been following him for some time now and after beginning to ask questions to myself, my peers, employer and clients about the current security practice I have been feeling alone and wondering what the heck I was doing. I wanted help to figure out where I was in my career, and where to go next and I got the answers I needed. Served with zero bullshit. Richard is really enjoyable to talk to, at least for one hour ish, and I would highly recommend anyone wondering where their security career is going, to book a call with him.'

--

'If you're blowing training budgets, or worse, spending your own money on expensive providers that regurgitate course material you could easily read from the book, stop. If you're scooping up freebie webinar courses on Udemy then blowing your budgets on retakes, stop.

​

Fortunately, there is a middle-ground that will not only optimise value, you'll even enjoy it. Dr Rich Diston, a.k.a The REAL Security Doctor, has crafted courses that cut out the stuff you don't need, and never will in the real world and adds stuff you almost certainly WILL need that marries up with the syllabus perfectly. Groups are small, interaction is high, knowledge retention is facilitated. You actually learn stuff!

​

Dr Rich offers courses for CISM and CRISC, two of the most sought-after industry certifications (and often pre-requisites for senior security positions) as well as ISO 27001 LI. If you're considering taking these qualifications, look no further. As a CISM, CRISC and CGEIT graduate, I can't rate his training mdelivery highly enough. He even does courses at weekends to work around your schedules!'

​

--

​

'As harsh as the DR may seem sometimes, talking with him and being taught by him ultimately is the best thing that happened to my career. This is not an opportunity to miss if you want that truthful constructive criticism.'

​

--

​

Thanks for yet another 'Damascus Moment'.

I'm only on the fringes of the security world and I am unashamedly freeloading because I find your content so very insightful and entertaining.

I need my fix of straight-thinking pleasure and your waspish focus delights me. So much satire never sees the light of day in these modern times so I relish discovering intellects such as yours.

I believe that I am retraining my thinking muscle thanks to you

I'd like to think I'm no longer wilfully blind.

​

--

​

'This post is how I maximised confidence in my ability as a security risk practitioner, gained respect at work, and boosted my career prospects.

​

Last year my company booked me on a risk management course. It was okay. I got the certificate, but I didn't learn anything.

The content was “Risk Manager” level, but I left it knowing very little new knowledge. I felt it was a little foundational and lacked any authentic thought leadership. If I'm honest with myself, I was pretty disappointed. It wasn't the instructor, it was the content.

​

I received the career certificate to add to the list. Some of the other ones I'll have to pay every three years to prove that I'm still capable.

​

I have done many courses, but I felt like I was still a novice. These courses were fairly easy to me. I felt that I lacked the knowledge to hold my own on the job confidently. I was doing it, but I felt there was more.

​

That was when I contacted a guy on LinkedIn who was asking thought-provoking questions. He had a podcast, and I listened to some. The content was excellent, and it was about things nobody else was talking about.

​

I reached out, looking for more. He directed me to his community, where he posts regular blogs and has a backlog of webinars to watch. Now, I'm Scottish and typically frugal. I don't like paying for things, especially training, but I took the leap.

​

I began watching the content. It was difficult to watch at times because of the scathing tone he spoke in. However, what he was saying was on another level. Nobody else is talking about our industry in this way.

​

A few months later, I signed up for a course bundle. I self-funded this purchase. It was the most I had ever paid for training myself, but, I was investing in myself, my future career, and my early retirement.

​

I have a good brain in my skull. My heart is in the right place. I want to be a world-class security risk practitioner.

To do that, I needed the best training.

​

As a result of Dr Rich's Surgery, the monthly webinars, the Security Risk Masterclass, the Security Influence course, and the Real Security Practitioner course, I am fully confident in my ability to succeed in this industry.

​

This is a genuine review. I have done the training. I am implementing this knowledge at work. My advice on security risk is requested regularly. I'm providing advice on building out our risk program.

​

If you want to have similar results... You need similar effort and training. Start off with the Surgery.

​

Dr Diston doesn't know I'm writing this. He's a pariah of the industry for the way he speaks, but if more people listen to his teachings, we will stand a far better chance of being respected as an occupation. His teachings will be reflected in my courses going forward.'

​

--

​

'It contains ZERO filler content, a rarity among books these days.

​

His use of analogies and metaphors are exquisite, but more importantly it makes learning incredibly enjoyable Eg - comparing "security as a business enabler" to working in a hostile location from a police man holding up a "no murder" sign then taking the credit for the absence of an event.

​

While reading it I couldn't help but imagine being on the receiving end of a Gordan Ramsay like bollocking 🤣 but in a very good way.

You warmed my heart when you mentioned Obsidian. I use it regularly to link themes and ideas across a variety of books. My graph is getting quite hectic!

​

Lastly, your delivery is totally unique. To me it's like you've taken stoic wisdom from "Meditations by Marcus Aurelius" and blended it with life-altering advice akin to "12 Rules for Life by Jordan Peterson".

​

Keep up the excellent work 🙌🙌🙌'

​

--

​

'Only done one course, to be honest, but it transformed a lot of what I do to the point I am entrusted to assume higher responsibility in my field, If you are technical, these courses will elevate your career to get your feet under the tables that matter in your career.'

​

--

​

What might you have to say?​​

​

Book reviews

'I'm not going to lie, I'm at a complete loss for words after finishing your book. I have made many notes and will need more time to digest everything. It has very much changed my 'world view' on the industry and had me re-think many things. I liked the fact that as I was reading, I kept thinking to myself that I've had some of these thoughts before, but pretty much every mentor I've had convinced me I was wrong and being a junior, I felt I had no leg to stand on. And even more recently, in my new role where I am a one-man infosec dept, it shows how little we are cared about as they silo us. Honestly, just so taken aback by it. Thanks again, it was an awesome read!'

​

--

​

I enjoyed it immensely, the first book in a while that I've read in a single day. I'm a newcomer to the security realm, but it certainly flies in the face of 'conventional security' and makes you really think on what you do rather than just going through the motions that you've been fed on some certification course.

​

--

​

Let’s cut to the chase. Should you read ‘The Problem of Security’? Yeah, you should! Here is why I think you should. I’ll spare you the gory details as I couldn’t do them justice anyway, but here is what I thought.

​

I have many books about information security, on topics such as technology, social engineering, risk management, threat modelling, measuring ‘cyber’. You get the idea, I’ve read a lot of stuff on the subject. But since I’ve been working in Information Security, I have had a sense of disenchantment. It’s that same feeling of disenchantment I felt in my time as a Business Analyst learning about Ishikawa diagrams or the ‘5 Whys’. This is perhaps why I am receptive to Dr Richard Diston’s message, and I make no secret of this. I am one of those ‘poor, clueless bastards who found themselves in security and realised it was where they were meant to be’.

​

Dr Richard Diston lets you know from the very first page what his opinion on the state of the security is. In his own words “The whole thing is utterly fucked”. From what I’ve seen and experienced, I agree. From start to finish, this is a considered critique of the industry. Surgical in its precision, yet written in an informal tone, it’s not the usual impenetrable wall of techno-jargon you’ve come to expect from books about security. It’s accessible and can be read in an evening.

​

What this book does well is force you to consider what you have taken for granted. You know what a vulnerability or threat is, right?! Well you might need to reconsider this after reading this book. There is a real depth of knowledge hiding behind the informal way this book is written and no part of the industry is left untouched. Your fundamental assumptions and views about security will not be unmolested. Even, and especially . . . you, are the target of ire here.

​

You might not agree with everything Dr Richard Diston is saying, but I don’t think that’s the point of his book. I think the point is to make you reconsider what you take for granted and make sure that you have done the requisite thinking about your practice to be able to understand what you do at a deeper level.

​

It might and does feel that it’s written towards those who are already favourably disposed towards his ‘rabble rousing’. Even if you disagree with everything he states, shouldn’t you know what some of the counterarguments are to your views on the subject? That would be the responsible thing to do.

​

--

​

I’m thoroughly enjoying your 3 books. Halfway through the Real Security Management. I will write a review in due course but for me personally it’s not only revolutionary it’s actually compatible with the real world unlike everything else in the conventional educational and academic knowledge canon I’ve swallowed over decades.

The Risk management aspect is the most important stumbling block for me because it’s always been a futile effort and whilst I was on a journey in trying to rethink how it could be done with more utility and practicality you’ve arrived at a logical approach I would never have arrived at, as I kept hitting roadblocks. The simplification of a complex subject is obviously attractive to everyone but the work put into making it more accessible, and bulletproof is outstanding.

​

--

​

I have on my to do list is to write a review. After the past few years of building up a LinkedIn Book pile (saw a post, bought the book, read the first chapter, got distracted, added to the pile... then repeat) I decided to buy Dr Rich Diston's first book. Honestly - I experienced eye strain.... because I stupidly opened the book on a mobile phone and was so engrossed that I read the entire thing in almost one sitting... and then proceeded to buy the next 2. It is the most refreshing perspective I've seen on the topic: actual new thought leadership to the field and not a regurgitation.

​

--

​

Dr Rich Diston has created a security management model that will help capable practitioners embed fundamental protections for their clients. By removing the arbitrary fortune-telling practices of risk management, he has given the security industry a fact-based model to identify gaps in protection and help prioritise the implementation of controls. If you have the moral courage to take on the challenge, the model will give you the tools to add real value to your career.

​

--

​

A figure in the industry which often gets a lot of negative press has produced the most significant information security book I've read thus far.

I've read a fair few, and none of them goes into detail or depth and peels back the layers of human behaviour, risk vs security and influence quite like "Real Security Management" - by Dr Rich Diston.

While you may not agree with his views or approach, I encourage you to put emotions and feelings aside and dive into this book. It's positively impacting my day-to-day work, and I feel more in control of my career and profession despite being within technical security rather than the broader aspects of Information Security. Management.

This book has impacted my way of thinking and working more than "The Goal" impacted my operational mindset.

​

--

​

I purchased The Problem of Security and The Superior Security Practitioner. I did this because: 1.) I do believe that we view security through similar lenses, 2.) to support your work/cause (so far it has been a life raft), and 3.) for my own selfish reasons... As was stated in a previous LinkedIn post, 'a new perspective' was needed. I started looking in the books in search of this needed perspective.

I often read a book 3 times before I feel that understand and comprehend the (deeper) message. I am on round one at the moment. I had to put down The Problem of Security on page 8 because of anger (next to last paragraph). Not at you, but at the security industry situation as a whole.

​

--

​

When you’re reading an amazing book and you go through and highlight sections or parts or phrases that you want to come back to or, read again or, that resonate with you, you know it’s been a worthwhile experience.

Well, I’ve been readingThe Problem of Security by Dr Rich Diston.

The first problem is almost every single line is highlighted because it is that good.

​

--

​

A few chapters into "The Problem of Security" - by Dr Richard Diston, one cannot help but notice the myriad issues it unveils and the discrepancies and inconsistencies in the language employed by today's so-called "professionals." The content presented is thought-provoking and, at times, demands the reader to confront some uncomfortable realities.

​

I find myself compelled to re-evaluate numerous aspects of my understanding; I am in for an extended period of contemplation and reflection. Nonetheless, the book also ignites a desire to inspire change in my area of focus, ultimately contributing to its improvement.

​

Although "The Problem of Security" does not exclusively focus on technical security, it addresses the overarching issues surrounding the concept of security.

​

It is a good idea for prospective readers to approach it with an open mind and be prepared to relinquish some pride. I have yielded a significant portion of mine within the initial chapters (though, much like Rome, it can be rebuilt—Nero, take note).

​

An intellectually stimulating read such as this is essential for my growth as a competent SOC Professional. To truly excel in this field, thinking beyond superficial certifications and challenging the "accepted truths" perpetuated by some accrediting bodies is crucial.

​

Otherwise, I fear that I may remain merely the town crier of SOC, locked in a dark room screaming. "I can make things better.'

​

--

​

​

Real Security Doctor Limited is a UK registered company.

MENU

Legal nonsense

© 2025 The Real Security Doctor Limited.

All Rights Reserved.

bottom of page