Scarfone Cybersecurity is dedicated to helping Federal agencies, media outlets, and other organizations communicate security information to external and internal audiences. Founded by Karen Scarfone, the company is based on the belief that security professionals will continue to fall behind attackers until we, as a security community, become more adept at communicating with each other.


Scarfone Cybersecurity offers a range of services that can help you communicate your ideas, products, standards, and recommendations to others. Karen can write white papers, articles, books, technical standards, blog postings, corporate policies, and other materials for you and with you on a wide variety of security topics. She can review and edit your publications to whatever extent is needed, everything from a quick proofread to an in-depth technical review to a complete rewrite. Karen can also provide mentoring and coaching for security authors who want to improve their publications and make the writing process a less painful experience.



Scarfone Cybersecurity has a unique approach to writing based on the spiral lifecycle model (from software development principles). Writing is an iterative process that merges two difficult skills in the security realm: knowing what to say, and knowing how to say it.


Karen strives to communicate your messages in a clear, accurate, and honest way. She only works on projects that she believes in. And she always looks for something new to say and a new way to say it, even when she's writing yet another white paper on the hot topic of the day.

Here are links to samples of credited writing projects where Karen was the primary author.


​+ Threat Intelligence for Dummies (ebook)

+ NIST SP 800-94 Revision 1, Guide to Intrusion Detection and Prevention Systems (IDPS) (technical standard)
+ ​Uncheck Yourself (white paper, registration required)

Reviewing and Editing


Scarfone Cybersecurity provides an all-in-one service for technical and editorial reviews and edits. Karen will scope and prioritize her efforts based on your schedule and the desired level of effort to maximize the improvements in the publication.

Because Karen is an expert in both security and technical writing, she can handle all the necessary edits at once, ranging from reorganizing a publication or identifying technical errors and omissions to correcting errors in grammar and spelling or reformatting a Word document.


Karen has been a key editor for many publications over the years, including the following:


+ NIST Cybersecurity Framework

+ Framework for Cyber-Physical Systems

Coaching and Mentoring


Scarfone Cybersecurity offers coaching and mentoring services for security authors of all skill and experience levels. The goal of coaching and mentoring is to help authors produce higher-quality publications more quickly and with less aggravation and stress.


Karen does not have a standard curriculum because every author has a unique combination of areas that would most benefit from strengthening. Some authors need to focus on improving their organizational skills, while others should be more concerned about technical research and analysis. Novice authors may find it most valuable to have a crash course in identifying scope, purpose, and audience and developing outlines.


In most cases, grammar and spelling trouble is not the primary issue with writing, but Karen is happy to help those authors as well by noting their patterns and pointing them to helpful style guides and online dictionaries.