June 9, 1900

How We Wrote a 300 Page Security Book in Two Weeks

Keith Basil

An entrepreneurial and performance-driven executive focused on creating long-term corporate value and growth. Former Senior Principal Product Manager, Cloud Platforms, at Red Hat. Founder of Fourth Cloud, exploring cloud technologies and solutions related to emerging decentralized cloud and edge computing platforms. Looking to cultivate a community and network of cloud professionals interested in decentralized infrastructure, applications and business models.

Former Red Hat Senior Principal Product Manager Keith Basil shared that his team wrote a 300 page book on security in two weeks—thanks to being able to successfully collaborate remotely using tools like MURAL, Slack, Docs, Google Hangouts, and Figma. This was the "first ever first ever virtual book sprint," and we wanted to share Keith and team's story for the MURAL community.


We wrote a book in two weeks. This article is essentially a retrospective on the how and what we learned in the process. It was an incredible experience and some of the learnings have transcended into our “new normal” working model. Hopefully you can take a few things away from our effort.

What We Did

We wrote a book on OpenShift security in two weeks.

We had the privilege of working with Barbara Rühling, the CEO of Book Sprints to successfully complete the first ever virtual book sprint. We had participated in a physical, face-to-face version some years ago and were initially hesitant about undertaking such an intense project with a virtual team across three different time zones. Let me just say that the Book Sprint facilitation team is awesome. We knew that Red Hat would provide a good candidate for this model as we were already very comfortable with remote work prior to COVID-19 affecting the globe. The Book Sprint team introduced a handful of tools and techniques that enhanced the order, efficiency and openness of the entire project. If it’s an indicator of our joint success, we went from concept to a book that’s both #1 in new releases and #4 overall in the System Administration category on Amazon early on.

Why We Did It

We took on this effort to produce an authoritative body of work to help customers configure OpenShift given their specific security requirements. It is extremely useful to have strong and relevant documentation that allows cross-functional teams to leverage product knowledge. And by teams, we mean both internal and external teams. In short, we expect the book to:

  • Augment our existing product documentation by providing deeper and more specific domain expertise in the area of security
  • Support our public sector work by providing core content for the creation of Secure Technical Implementation Guides (STIGs)
  • Support compliance-as-code projects with baseline narrative content
  • Assist security architects in understanding the detailed capabilities of the product
  • Highlight competitive differentiation based on the security capabilities of the product

How We Did It

The book sprint process is unique and intense. Normally these efforts are done in an environment that facilitates face-to-face interaction and collaboration. COVID-19 impacted our original plans as we had intended to meet at a Red Hat office and fly everyone in for a week of uninterrupted work on the book. Our facilitators were based in Europe and would have been denied entry into the country for our scheduled week. We also had quite a few Red Hatters in Europe that at the time were officially prevented from entering the United States.

With the global lockdown starting to take hold, we hesitantly pivoted to a never-been-tried-before virtual model. Shawn Wells and I were the only team members that had participated previously in a book sprint and we knew the challenge was ahead of us. We also knew that if any team could do it, it was going to be a Red Hat team. The key to success with this model is experienced and trusted facilitation, and excellent logistical support. Our Book Sprint facilitation team came through with flying colors.  

The three main Mural boards used for our work.

One of the most amazing things to experience is the unfolding of the organizational process. We went from brainstorming to crowdsourced rough outlines in one day. We used a decision board to set rules, develop our audience personas and gather logistical feedback. The group magic was created on the brainstorming board. The task matrix kept us focused and provided team accountability.  

Our tool implementation looked like this:

Our tool implementation model.

The Tools We Used


No alt text provided for this image

MURAL brands itself as a digital workspace for visual collaboration. This was the first time our team was exposed to a collaboration tool of this nature. Working with this tool was fundamental to aggregating input from our members. We used Mural for brainstorming, small intra-sprint retrospectives and maintaining task assignments.  

Google Calendar, Hangouts, and Docs

No alt text provided for this image

The google suite is self-explanatory. The calendar invites were used to build a list of participants and to anchor or seed the initial set of docs. One relatively recent feature of Google calendar is that it will prompt to and automatically set permissions on documents attached to the invite. Hangouts were set and reused for all plenary meetings and we established breakout rooms per chapter once the outline was established. We had required everyone to install the grid view extension for Hangouts as it makes a huge difference when you see the entire team at once. All content was written in Google docs.


Figma is a collaborative design tool. Book illustration support was included in our facilitation services. This is an absolute luxury as it allowed us to remain focused on the actual content. We could simply sketch out a diagram by hand, take a picture of it and drop it into our document. Once there, we’d tag the illustrator alias and they would build a clean and brand compliant version of what you scribbled down.  

Hand drawn images converted by the illustration team.
Hand drawn images converted by the illustration team.


Lastly, slack was the chat tool that bound our team together. One organizational technique we used was to have channels for each chapter and channel descriptions that had the embedded links to the Hangout and chapter document. In this regard, slack was our map for all the interactive work happening in parallel. Some team members also implemented the Google docs integration so that notifications from the documents would immediately be made known in channels.

The Wrap Up

No alt text provided for this image

After our intense two weeks, we ended up with over 60,000 words and more than 300 pages! We had a great retrospective and were honored to be the first team to do a 100% virtual book sprint with Barbara's company.

The book’s outline crystallized as:

  1. Risk Management and Regulatory Readiness
  2. RHCOS Security
  3. Container Security
  4. Kubernetes Security
  5. Identity and Access Management
  6. Networking Security (System & Communications Protection)
  7. Auditing
  8. Encryption and Secret Management + Data Protection
  9. Securing CI CD

Remember that illustrator team? Toward the end of the project, they surprised us with some possible book cover options. In true fashion, we built a form to capture everyone's feedback (including external people). Here are what those results looked like:

Crowdsourced book cover results.

The Book Sprint team assembled the document as a PDF file, ePub and worked with us to meet Amazon’s print on demand formatting requirements. So with that, the OpenShift Security Guide is ready:

We would like to thank our diverse team of Red Hatters for taking on this effort. It was a special project indeed.  Our virtual OpenShift Security Guide authors and rock stars:

Gabe Alford, Keith Basil, Bruce Benson, Erica von Buelow, François Duthilleul, Christopher Grimm, Frédéric Herrmann, Ben Howard, Jakub Hrozek, Nathan Kinder, Khary Mendez, Pierre-André Morey, Chris Negus, Kirsten Newcomer, Kevin O’Donnell, Juan Antonio Osorio, Bryan Parry, Matt Rogers, Ava Schulman, and Shawn Wells.