Presentation Style IS Important

Leave a comment

Poor Presenter Type.004Just before Christmas I had an excellent opportunity to co present one of Javvad’s (@j4vv4d) eponymous InfoSec video blogs. In it we took a tongue in cheek look at the variety of styles of bad presentation that we have observed at various conferences and forums. I should of course stress that neither one of us claims to be keynote material with regards to our own presentation style, but we are constantly struck by how many presentations are unintelligible, difficult to follow, underprepared or any other myriad of things that dramatically reduce the impact and message a presentation is supposed to give.

The video blog (here) looks at ten different styles that we felt were the most heinous; there were a further ten left on the cutting room floor! Obviously it was a humorous view in order to best get the point across but it does underscore a serious point, namely that it is astonishing that for a so called professional industry the quality of presentations is often so low, even at events that you have to pay for. I for one expect more.

What I want to look at now though is not “what” we should be doing to improve these presentations because that has been done elsewhere (here and here); rather I will focus on the “why” because it is important to understand the reasons for improving our presentations and the positive outcomes it will have to our community.

In my opinion, it comes down to three points:

Firstly (and in reference back to the video blog), I see so many people in the audience quite simply just turning off in the face of poor presentation style (be it the slide, the verbal delivery etc). All of us attend these forums and conferences to learn from other people, observe their real world experiences and look to see how we can apply the learning into our own professional lives. And yet the first message we get is that the topic in hand is dull, or inaudible or illegible. In any kind of information security conference all topics should be interesting to one extent or another to all attendees. It is the presenters primary responsibility to make the topic interesting, grab the audiences attention and maintain it throughout.

Secondly, it is a question of value for money. This is very apparent in the situations where an event costs money to attend; I expect a certain level of professionalism, content and delivery, and in too many cases it is simply not apparent. In free events, this is less obvious for the audience (who are often getting free beer and food at the same time), but the poor presenter is letting down the sponsor and perhaps sullying their name and reputation. Of course there is also the reputational damage to the individual giving the poor presentation!

Finally, it is a matter of professionalism for the industry and community. Not only do we need to be taken seriously amongst ourselves but we must ensure we can speak convincingly within our own organisations. If we cannot put across our thoughts, analysis, reasoning, proposals and perhaps most importantly our requests for budget in a convincing and professional manner the infosec industry (and your department) will never be taken seriously.

None of us are perfect, especially when it comes to standing up in front of a demanding audience, but I strongly believe we should be asking our trusted colleagues, peers and acquaintances for feedback each and every time we present. What we get back from them may make for uncomfortable listening, but as long as the feedback is given constructively, openly, without fear of reprisal and with good intentions we will all benefit, as individuals, as organisations and as an industry.

 

That was the week that was – RSA Conference Europe 2012

Leave a comment

Having arrived at the Hilton Metropole on Monday lunchtime and finally left the hotel (virtually for the first time) on Friday morning, I am left with a sequence of mad, fascinating, zany, intriguing, bizarre, educational, alcoholic and downright enjoyable experiences. I knew what to expect having attended last year. In no particular order (except by which they fall out of my head) here are my high points, and occasional low points.

Meeting Wendy Nather (@451wendy) of the 451 Group  at last and having lunch with her and Kai Roer (@kairoer, and a constant and welcome companion throughout the week);Dinner at The White Swan with my fellow panellists/debate team, Christian Toon(@christiantoon), Geordie Stewart, Rowenna Fielding (@InfosecGeekLady), Kai Roer, Javvad Malik (@j4vv4d), Gemma Paterson (@GemmaPats) and Chris Batten (@Acumin), and supposedly talking about our debate the next day but actually just sharing inapproriate jokes (mostly led by Chris…); The actual debate itself, not a massive attendance although not only were we up against stiff competition numbers were down somewhat anyway; meeting my first bona fide infosec journalist John Leyden (@jleyden) of The Register as well as my second, Dan Raywood (@DanRaywood) of SC Magazine; Meeting James Lyne (@jameslyne) who is not only a genius but also has the audacity to be charming, funny and an all round lovely guy, goddamm him; Watching Christian Toon bluff his way into the Media/Analysts party on Tuesday night, and watch Javvad have to do nothing to get into the IOActive party on wednesday night because everyone knows him; spending nearly an hour chatting with Javvad talking about blogging, public speaking, charlatans and heroes and being very pleasantly surprised at how much we have in common on these topics; walking out of Bruce Schneiers keynote because I found it dull and unengaging which was a real disappointment; finally making my mind up about Ira Winkler after watching his presentation; wishing I wasn’t late for Josh Corman’s (@JoshCorman) keynote, watching Hugh Johnson again, a master of working the room and engaging his audience, and marvelling at what a thoroughly lovely guy he was; spending time with Brian Honan (@BrianHonan) again and always enjoying his funny yet surprisingly modest company; Eating Schawama’s with Javvad and @sirjester, and subsequently meeting the aforementioned James Lyne and Dan Haywood; failing to win a single thing in any of the prize draws, yet still coming back with five t-shirts and a bag of booty; Watching Javvad and Emma Tweet each other whilst standing side by side; Being amazed, yet finding myself also tweeting almost every 10 minutes in synchronisation with everyone else you happen to be with – what has this world come to?; getting beered up with Chritian Toon on Tuesday and not being able to work out why I feel so drunk and he seems so fresh. The next day it turns out he is nearly 15 years younger than me! I obviously look young for my age, and he the opposite!; Spending a fascinating 90 minutes with Josh Corman on Thursday night and being impressed with how genuine, non judgemental and actually concerned he is about our industry; receiving my first ever Friday Five’s in Twitter and seeing it suddenly explode with activity as everyone joined in, for 10 minutes!; Watching Javvad being awarded his RSA Rockstar t-shirt.

There are many other people I met, chatted with and discussed topics raised in the presentations that are just too numerous to mention. If I have missed you out I apologise profusely and blame my poor memory and being inundated with great times.

The photos throughout this article barely scratch the surface of the fun and educational experience of the week, and I am already looking forward to RSA 2013 in Amsterdam next year!

10 Rules of Risk Management… In 10 Movie Quotes

3 Comments

I had an absolute blast last night presenting at the Acumin RANT forum (https://www.rantforum.com) on the topic of “10 Rules of Risk Management… In 10 Movie Quotes”. The premise was simple – people don’t remember rules or dull facts, but they do remember things that emotionally touch them in some way. Each quote and movie opened up a conversation on an aspect of risk management (although the term “rule” was a little inaccurate of course). Given it was the RANT forum, and I was competing for the attention of the audience against the allure of a free bar, there was plenty of opinion and discussion flowing around the room throughout. Hopefully a few of the points I was trying to make will have stuck as a result of quotes such as “You’re gonna need a bigger boat” or “I see dead people”.

I felt the audience engaged and participated throughout with lots of very verbal agreement and disagreement throughout, and it was exciting to be right at the centre of the maelstrom. If you have never been to a RANT before just imagine one person being surrounded by a large number of people only a few feet away; with your back to the projector screen, there is no lectern to hide behind and no stage to stand on. It’s do or die, and a  #Fail never far from your thoughts!

Not everyone agreed with the points I was making of course but that just generated further conversation. I had some excellent follow up conversations with a number of people, including a great idea for my next presentation which a stated up front I might shamelessly steal – I think i got his agreement that doing so was OK! I had some very positive feedback afterwards as well for which I am very appreciative of; if you are reading this and want to provide more feedback, of both kinds, then please do. Without wishing to sound too “new age”, feedback is a gift you can give someone that will allow them to grow and improve. Without it we continue to make mistakes and miss the opportunity to learn.

Gemma (from Acumin) and I tried something new this time as well, filming the presentation with two cameras. It will take me a few days to splice the footage together, but as soon as it is done I will have it posted here. I know some of those who attended were interested in both reviewing and sharing the footage, as well as the slides; these are below, as well as a slideshow of the deck. I use Keynote  for my presentations, so the PowerPoint conversion is never a true representation. If in doubt, use the PDF. Someone mentioned last night that they may want to link to the content here too. I have no objections to this, just credit me and don’t muck about with the content!

My thanks to Acumin for hosting the evening, and thank you to all of you who took part, especially the very lucky prize winners! (If you wanted a pen but didn’t get one let me know and I will do my best to send one to you).

This slideshow requires JavaScript.

Files for download:

PDF – 10 Rules of Risk Management

PPT – 10 Rules of Risk Management

Keynote – 10 Rules of Risk Management (native)

Movie from the evening – Coming Soon

“An Anatomy…” at the BCS

Leave a comment

A short post to give the Wiltshire branch of the BCS a pointer to the slides from the presentation I gave last week on Tuesday 24th July in Swindon. It was an excellent evening, although I suspect the turnout was somewhat diminished by the weather!

The audience also included members of the IET which bought a very interesting slant to the questions at the end. I have also exchanged a few views with folks over Linkedin as well, and if you are still awaiting a response from me please bear with me!

The one thing that did however fail was the video recording of the talk; unfortunately it gave out halfway. I was going to edit the footage anyway and then perhaps link to an alternative recording of the same talk, but I have taken the decision not to as it is a messy compromise to try and stitch two different talks together to get the entire content in one place. As a result I have decided to simply link to a previous recording, specifically the BsidesLondon one I gave in April.

So, thank you Geoff Hunt for having me along to speak to the Wiltshire branch of the BCS (where I am also a largely absent member of the committee!) and especially thank you to the folks in the audience for your interest and your questions. If any of you do happen to have any more questions, please don’t hesitate to ask them in here, via email or Twitter. Any feedback is also of course very much welcomed.

The video can be found here, and the slides can be found here (note that the presentation is originally in keynote format, the PPT export may look slightly different).

Style vs Content – Getting the Point Across Effectively

1 Comment

I have just had to present to a team on their information security responsibilities whilst they are on their current project. Their client has very specific requirements, and for a variety of reasons it was important to reinforce the key requirements again.

This was at short notice, and so I spent every spare moment I had throughout a long day last Thursday creating the presentation from scratch. After reviewing Master Services agreements, security schedules and other documents relating to the project I had to try and consolidate all of this into a meaningful presentation. I even Tweeted about my experience:

This is a battle hardened and very creatively talented team, working stupid hours and closing in on an important milestone of work. The last thing they wanted was to listen to the “corporate security guy” for twenty minutes, but for all the right reasons it was important that it was done today, and with the client present.

So I had: 1 – a disengaged audience, 2 – 24hrs notice, 3 – a client present, 4 – strong interest from HQ (“send us the presentation when you finish it so we can check it through” and finally, 5 – changes to be incorporated two hours beforehand (see 4).

Pop Quiz – do you use the corporate deck, smart and extensive bullet points, approved imagery and and a shirt and tie? Or do you focus on getting key message across, come what may?

And this is the crux of my point – the moment you try and deliver a corporate message in a corporate format your audience is going to switch off. One suggestion I received from a well meaning executive was to basically provide a list of the twenty requirements of the client in the presentation and then hand out copies to be signed by each team member. In this instance people would remember the first two, last two (at best!) and just blindly sign the rest. While this would technically meet the objectives (everyone must agree they understand the security requirements) they really wouldn’t absorb the message.

My approach? Simple, high impact and memorable. As the example below shows, not many words and a memorable picture (in the actual presentation Borat merged to Simon Cowell showing a thumbs down and back and forth). In this way, the image hits them first (thumbs up/thumbs down), the message (check X when doing Y), and that’s it! (The message has obviously been sanitised to protect the innocent).

 Of course, there were many other slides along this nature – I also used references to The Oatmeal, Dilbert and Defcon 18 amongst others. And each slide put across a very specific point.

At first glance, the deck looks awful, plain and badly designed. However, the simplicity of it ensures the message very clearly comes across with the imagery ensuring that message remains memorable.

Three things came across very strongly at the end. Firstly, the questions and comments at the end were engaging, sensible and eminently relevant. This made me very confident that the message was put across and understood, and that this approach was the correct one in this circumstance.

Secondly, the client saw this engagement, and has since requested a copy of the presentation to demonstrate how the team had been successfully “trained” and and updated on security practices.

Finally, in front of this creative audience it became crushingly obvious that I really have to up my game when it comes to clip art…