The Art of the Conference

3 Comments
3CD62A58-7C5E-4117-B427-816FC0F83DEDYes, I know, it has been nearly nine months since I last graced this blog with my presence. What can I say, it has been a busy time… But as they say, if you want me something done, ask a busy person, and eventually they will get around to it. Just ask @hostunknowntv about the podcast I have been preparing for the last eleven months.
One of the reasons I have been busy (apart from the day job that sees me frequently travelling abroad) is that I have been somewhat in demand at conferences and forums. This is a lovely stroke to the ego when asked to keynote somewhere, but also a challenge because I have to come up with a new twist on an existing talk or even a brand new talk. Creating a talk from scratch takes hours and hours, much longer than the 6 CPE hours that (ISC)2 and ISACA allow you to claim. I would estimate anything from 20 to 40 hours for a 25 to 50 minute talk.
I am not complaining mind, the process may be long, but it really helps me form opinions, generate new ideas and even form unique points of view that I can apply to my day job (one of the reasons I always recommend standing up and presenting your ideas to your peers in the industry as a great way to further your own career).
So it frustrates me immensely that after I put this huge amount of effort into producing not a only a presentation, but also a performance for a conference, that the tools I am given to do so are all to often below par. Let me explain;
I like using Apple Keynote; it has a better look and feel to Powerpoint, handles animations better, and allows a finer control of the placement of images and text. I realise this is probably an entirely subjective perspective, but it is one I stand by. I can’t tell you the number of times a conference has insisted that I can’t use my own laptop and have to use PowerPoint. The conversion process not only screws up the formatting, but also the general placement and even the fonts. Those slides I spent hours on look like something from a Dunder Mifflin sales deck.
Secondly, when I can use Keynote or my own laptop, the audio visual teams almost always insist on using VGA;more often than not this messes with the proportions of the main screen, leaving my widescreen presentation stretched into a square shape. Again, I spend hours making sure the images are not distorted, text looks balanced, and then lazy A/V makes my slides look like they are being viewed through a fishbowl. Surely HDMI or even DVI is standard enough now, and the digital signal is far less likely to screw up aspect ratios.
Thirdly, secondary  and tertiary screens are important. The normal “comfort” screen in front of the speaker is starting to become more popular, but more often than not it only displays what is being shown behind me, not the secondary presenters view of the current slide, next slide and timer (the latter of which are rarely used by most conferences…). At RSA in San Francisco I was presenting on their Live TV stage, and they had a comfort screen with the presenter view and at the back of the room a screen with my main presentation on as well. Perfect!
Why is this so important?
I personally feel that the quality of presentations at most conferences, InfoSec or otherwise, is very poor. There is plenty of subject matter expertise, but it is delivered in a poor way (see this video for some heinous examples). Conference organisers should be doing everything they can so that a presenter can deliver as effective a presentation as possible, and not worry about their deck being messed around with by either the A/V or a sub optimal “presentation laptop”, or even having to struggle with their delivery. The easier it is in the speaker, the better the presentation and the more effective and impactful an experience it is for the audience.
Should I be able to stand up and talk without my slides, not rely on comfort screens or even know what slide is coming up next? Yes, of course, in an ideal world, but very few people who speak are professional presenters, have demanding day jobs, and often finish their decks days or hours before the day. Conference organisers, please help us produce the very best performances for the benefit of your audience, and get some of these basics sorted out!
And hopefully that bar will raise just a little bit higher and benefit everyone in the industry and community.

That was the week that was; InfoSec Europe, BSides and the Security Bloggers Network

2 Comments

?????????????????????????????????????????A lot of good stuff has already been written about this last week with regards to BSides London, InfoSecurity Europe and the Security Blogger awards, so this post is a personal recollection after the haze of too many late nights, early mornings and good times.

Tuesday 29th bought BSides London, and once again the volunteers surpassed themselves; it retained two tracks but definitely felt expanded with the workshops and a new location for the rookie track. The organizers should feel rightly proud of what they have done, and those of you who didn’t turn up on the day (and therefore denied others of a ticket) should take good long look at themselves in the mirror.

photo 5

The Danger Zone Dream Team

I had to spend the afternoon over at Infosecurity Europe as I was on a panel titled “One big threat to cyber security: IT Geeks can’t talk to management” alongside Dwayne Melancon and Stephen Bonner. It was only 25 minutes long but I felt we managed to push a lot of good advice and takeaways into it, and the conversations continued afterwards in the hallway. I even managed to get a reference to Kenny Loggins into one answer, something I feel rightfully proud of.

BmZdYWHIIAAf1Lq.jpg-large

Joseph & Ian rocking the BSides Rookie Track

photo 1

Trying to look young again…

Then back to BSides to see Joseph Gwynne-Jones speak on the rookie track. I was mentoring Joseph this year, and to be honest I found it very challenging as Joseph is profoundly deaf; we couldn’t speak in the run up to BSides and could only communicate over email and Twitter. I advised as best I could, reviewed slides etc, but what was crucial was the ability of his interpreter being able to effectively communicate the jargon etc on the day. Given Joseph wouldn’t meet him until the morning of the conference this would be quite a challenge. As it turned out Ian Hodgetts  did a marvelous job, and was also on hand to interpret into British Sign Language (BSL) of all of the talks Joseph went to. We believe this is a first for an info security conference. Joseph obviously did an absolutely cracking job and I was able to spend some time with him and Ian afterwards talking about what else we could do in the future to improve further. It was an eye opener for me, and an absolute education in how important it is to communicate clearly and effectively in these kinds of conferences to absolutely everyone who attends. At the after party I was able to wear the hoody that was generously given to me by the Abertay Ethical Hacking Society, and feel like a student again (if not look like one).

photo 4

Best Personal Security Blog

Wednesday bought Infosec Europe again after a few early morning meetings, (including some scheming and rubbing of hands with invisible soap with the good folks of 44CON at the 44Cafe – I can’t wait for September!) but the highlight was of course the Security Bloggers Awards. Between me and Host Unknown I was up for eight awards in total, and came away with the award for Best Personal Security Blog, again! I was both surprised and touched that I was able to get this award again. Host Unknown didn’t fare as well unfortunately, but I can guarantee that the next twelve months will put us in a very strong position for next year, both at the European awards as well as the USA awards at RSA. Unfortunately Andrew was indisposed to help us collect a Host Unknown prize (that we didn’t win).

BmobKKsIgAAdZfj.jpg-large

Confirming what everyone already knew

(I have said this before but will say it again, everyone who is not only involved but also nominated for the blogger awards represents the very best of our industry in that they are all contributing their time and expertise to the community; I can’t recommend enough that if you are reading this that you also read their blogs too. Also, none of this would have happened without Brian Honan, Jack Daniel, Tenable, Tripwire and Firemon; thank you all.

Thursday bought another panel, this time in the Keynote Theatre with a panel on “Risk and control: Effective risk assessment methodologies to drive security strategy and investment” (alongside Vicki Gavin, Paul Haywood and moderated very well by Dave Clemente. It was a good, vibrant session and with plenty of questions both during and after the session.

photo 2

Inspired by the success of the CI Double SP film, we create a band called “CISS (P)”

A selfie, with a very famous CISO of Restricted Intelligence

A selfie, with a very famous CISO of Restricted Intelligence

Finally for the afternoon I got involved in only what can be termed a “flash mob” for Twist & Shout (as soon as that is released I will show it here!) and then got engrossed in the hallway track with the likes of Shan Lee, Quentyn Taylor, Peter Stephens, Jim Shields, Dave Lewis, Wim Remes, of course my conference partner in crime Javvad, and the lovely folks of Eskenzi and Acumin.

If there is one thing that is apparent form the above it is that any conference week is only valuable from the people you meet there. This list must be barely 10% of the people I shook hands with, shared a drink or said hello to, all of whom influence me to one degree or another. Whatever your thoughts on the infosec conference scene, this aspect alone is what makes it worthwhile. Apologies to anyone and everyone I have missed out.

InfoSecurity Europe is a show that has gone from strength to strength over the last few years, with the education programme improving; combine this with an excellent BSides London Conference, this week in Europe is one to look out for (although next year Infosec Europe and BSides will be from 2nd to 4th June at Olympia).

NOT another Heartbleed Post

2 Comments

no-heartbleed-218x218But rather a heartfelt thank you and cry for your support! In exchange for not writing yet another piece on Heartbleed (enough coverage by me here  from last week) I thought I would take this opportunity to talk about the European Security Blogger Awards.

In it’s second year only, the competition has certainly heated up with a large number of high quality blogs, blogs and podcasts on offer to vote for. There is a good commentary from IT Security Guru and Brian Honan on what it is all about here.  I am thrilled, excited and pleasantly surprised to have been nominated in five categories this year:

  • Best Corporate Security Blog
  • Best Personal Security Blog
  • Most Entertaining Blog
  • Most Educational Blog
  • Grand Prix best Overall Security Blog

(I’m not sure how I got into the corporate blog category, but it’s all good!)

Thank you to all of those who nominated this blog in all of those categories, but with the quality amount of the competition I shall have to start practicing my Hollywood Oscars “really upset but can’t show it that I lost to that charlatan” face when the winners are announced.

One of my other internet tenancies has also been nominated three time, Host Unknown:

  • Best Security Video Blog
  • Most Educational Blog
  • Best New Security Blog

With less than a year in “business” it is great to be nominated here as well, and we have a number of very exciting activities coming up over the next few months.

I said this last year, and it is worth repeating again; this list of nominations represents the very best of what the information security blogging community has to offer. Some of it serious, some of it humorous and some of it acerbic, but all of it providing a viewpoint of one kind of another that is worth listening to, reading or watching. Use this as a shopping list for your RSS reader.

Voting closes on Wednesday 23rd April, and the awards will be announced on Wednesday April 30th at the Prince of Teck Pub, Earls Court.

Thank you again to those of you who nominated me, time for the voting campaign to begin!

A late start back to 2014

Leave a comment

YEAR+IN+REVIEW1This time last year I posted a WordPress summary of my blog and stated I was going to focus on “growth” for 2013. Fortunately WordPress sent the same summary as last year and so I am very pleased to say that I have achieved that, certainly in regards to posts, content and followers.

It was a hugely busy year as regards me and this growth, with just some of the highlights including;

* Establishing Host Unknown alongside Andrew Agnes and Javvad Malik, and making a start in showing that security education really doesn’t have to be dull.
* The opportunity to be a mentor to Gavin Holt for the Rookie track at BSides. Gavin is an extremely talented and intelligent InfoSec professional and I was thrilled to have been able to help him present.
* The inaugral RANT conference and being able to play a part in the day for the lovely people at Acumin.
* Presenting at RSA Europe again.
* Getting involved with The Analogies Project, curated by the very talented Bruce Hallas,  in addition to being asked to be a regular contributor to the Iron Mountain Information Advantage blog.
* Winning Best Personal Security Blog at the inaugral European Security Bloggers Awards.

Combine the above (just the tip of the iceberg) with a dramatic increase in followers of the blog and of Twitter and an increase in the number of requests to present I am extremely pleased with 2013.

The word for 2014 therefore is “maintain”. Much as I would like to grow last years levels of activity it did cut into my day job quite considerably so I need to be a little more selective in my activities. That said, I have already presented at Securi-Tay3 in Dundee and have another one for the 451 Group in a few weeks. I will post something about Securi-Tay3 in a few days time when the videos have been published.

There are so many people to thank for the success of 2013, some of whom are mentioned above, but there are many others out there to whom I thank; I have very much been fortunate enough to stand on the shoulders of giants, allowing me to grow as a professional in the infosec field.

(View the full WordPress blog report here)

Moving forwards I have plenty of thoughts for content for this blog over the coming months so stay tuned for more details, and thank you for following me in 2013!

A fun filled week, moderating, presenting, acting.

1 Comment

leader-summit-headerLast week was a very busy week for me in the information security arena, which given not that long ago I said I was winding down for the end of the year into Christmas was a little surprising.

On Tuesday I was asked, somewhat last minute, to moderate a panel on Threat Intelligence at the InfoSecurity Leadership Summit. This is not a primary area of interest for me, but given I was moderating the panel and not on the panel itself I felt I had nothing to lose. With about 10 days notice, one short conference call and a rapidly drawn up set of notes the session went very well, although we had a very limited amount of time resulting in no questions from the audience which was disappointing. I do think I achieved my three key objectives for the session though:

  1. Start and finish on time
  2. Keep the panel from drifting off topic
  3. Make the panel look good

Moderating a panel is somewhat less glamorous (if that is the right word) than presenting or being on a panel, but I like the good folks at InfoSecurity so was happy to help out. The experience was useful for me as well, as moderating is very different to being a talking head. The conference itself was also very good, especially given it was the first one the folks at InfoSecurity have done in this space. I look forward to next years.

The day after, on the 4th December I flew to Frankfurt to attend the World Class Mobile Collaboration conference, where I was asked to present an old favourite of mine, An Anatomy of a Risk Assessment. Due to some technical difficulties I had to present an hour before I was scheduled to which somewhat put me on the spot, but actually worked out rather well. I had some great conversations with people in the break afterwards and swapped contact details with a number of them too. It was a very enjoyable but exhausting day though as I had to return that evening to get back to my day job. They kindly recorded the presentation, below:

http://vimeo.com/81118214

And finally, on Friday 6th a Christmas Message video was released that I was involved with in collaboration with Host Unknown and Twist & Shout. I blogged about it on the day but I wanted to mention it again as I do think it is a good example of putting points across in bite sized chunks that are memorable and effective (Twist & Shout are very good at this). There will be some behind the scenes footage being released next week, so look out for it on Twitter and the Host Unknown blog.

Back to work for a rest for the next two weeks I think!