Just before Christmas I had an excellent opportunity to co present one of Javvad’s (@j4vv4d) eponymous InfoSec video blogs. In it we took a tongue in cheek look at the variety of styles of bad presentation that we have observed at various conferences and forums. I should of course stress that neither one of us claims to be keynote material with regards to our own presentation style, but we are constantly struck by how many presentations are unintelligible, difficult to follow, underprepared or any other myriad of things that dramatically reduce the impact and message a presentation is supposed to give.

The video blog (here) looks at ten different styles that we felt were the most heinous; there were a further ten left on the cutting room floor! Obviously it was a humorous view in order to best get the point across but it does underscore a serious point, namely that it is astonishing that for a so called professional industry the quality of presentations is often so low, even at events that you have to pay for. I for one expect more.

What I want to look at now though is not “what” we should be doing to improve these presentations because that has been done elsewhere (here and here); rather I will focus on the “why” because it is important to understand the reasons for improving our presentations and the positive outcomes it will have to our community.

In my opinion, it comes down to three points:

Firstly (and in reference back to the video blog), I see so many people in the audience quite simply just turning off in the face of poor presentation style (be it the slide, the verbal delivery etc). All of us attend these forums and conferences to learn from other people, observe their real world experiences and look to see how we can apply the learning into our own professional lives. And yet the first message we get is that the topic in hand is dull, or inaudible or illegible. In any kind of information security conference all topics should be interesting to one extent or another to all attendees. It is the presenters primary responsibility to make the topic interesting, grab the audiences attention and maintain it throughout.

Secondly, it is a question of value for money. This is very apparent in the situations where an event costs money to attend; I expect a certain level of professionalism, content and delivery, and in too many cases it is simply not apparent. In free events, this is less obvious for the audience (who are often getting free beer and food at the same time), but the poor presenter is letting down the sponsor and perhaps sullying their name and reputation. Of course there is also the reputational damage to the individual giving the poor presentation!

Finally, it is a matter of professionalism for the industry and community. Not only do we need to be taken seriously amongst ourselves but we must ensure we can speak convincingly within our own organisations. If we cannot put across our thoughts, analysis, reasoning, proposals and perhaps most importantly our requests for budget in a convincing and professional manner the infosec industry (and your department) will never be taken seriously.

None of us are perfect, especially when it comes to standing up in front of a demanding audience, but I strongly believe we should be asking our trusted colleagues, peers and acquaintances for feedback each and every time we present. What we get back from them may make for uncomfortable listening, but as long as the feedback is given constructively, openly, without fear of reprisal and with good intentions we will all benefit, as individuals, as organisations and as an industry.