Friday, February 7, 2014

Lessons Learned: Speaking at a Security Conferance

SOURCE Boston was kind enough to take a chance on me and on April 17, 2013 I gave my first talk at a security conference.  The video was finally released this week so I though it a good opportunity to run down my lessons learned.

I fully admit I was anxious and acknowledged I made quite a few mistakes.  I've given small presentations in the past however, I was always the subject matter expert in the room and felt confident I would be able to speak with authority and answer any questions.  This time I was speaking in front of my peers, many who are wiser and more experienced than I.  Looking back I recall seeing Jack Daniel, Andy Ellis, Josh Corman, Bob Rudis and Ed Skoudis (just to name a few).  The room was small, it could accommodate maybe 50 people and there were about 35 people in attendance.  I'm not sure if this made it easier or more difficult.  On one hand, if I embarrassed myself it would only be in front of a handful of people, however, the small venue made it more intimate.

Below are the lessons learned throughout the process.  Some of these I was able to incorporate before the talk, others I didn't think of until after the conference.

Submitting a Talk:  When you've chosen a topic make sure you give yourself plenty of time to submit. Deadlines can creep up on you.  Also, make sure you follow the instructions.  One thing I constantly hear from conference organizers is that they will reject quality talks if they do not follow the required formatting.

Start Working Right Away:  As soon as your talk is accepted start working on your presentation.  It may seem like you have plenty of time but life inevitably gets in the way.  Business trips, unexpected workload and family events can consume your time.  In my case, a death in the family monopolized a significant amount of time and drained a lot of my motivation to work on my talk.

Practice, Practice, Practice:  This one should be obvious.  Get your presentation done early so that you can rehearse your talk.  If you're anything like me you'll be surprised at how often you tweak the content.  Start with a written script, graduate to note cards and eventually your slide deck should be all you need to give your talk without thinking.

Slides:  Slides should not contain your entire talk.  These should be used to visually supplement your material. This is where you can add pictures, charts and graphs to illustrate your point.  Bullet points should be high level and the font should be large enough to read from the back of the room.  In most cases a talk should be able to stand on it's own so if there are technical difficulties you can continue without slides.

Dry Run:  If you have the opportunity, give a preview of your talk somewhere else.  Most cities have organizations that are looking for speakers (DefCon Groups, ISSA or ISACA chapters, local "city sec", etc.).  This is a great opportunity to practice your talk in front of a live audience and get honest feedback that you can incorporate later.  If you can't find a meeting, try to arrange a Skype call or Google Hangout where you can present in front of a small group.  You'll be surprised at how many people are willing to give you feedback.

Film Yourself:  No one is going to be as critical as you are to yourself.  Watching your own talk will help you work on your timing, get rid of the "ums" and "ahs" and get you to move about (this engages the audience and prevents you from looking stiff).  The dry run mentioned above is usually a great opportunity to film yourself.

Title:  It can be tempting to come up with a witty title for your talk.  This can draw attention and you may get a better turn out.  Just don't get too carried away.  You want people to still know what your talk is about.  In my case I went too far in the other direction.  I titled my talk, "Hacking Back Is A Bad Idea".  This gave away my opinion and may have dissuaded people from attending who did not share my view.  In retrospect, a more appropriate title may have been, "Hacking Back: Is It Right For You?"

Questions:  If you finish your talk early or plan to leave time at the end, you'll have the opportunity for questions.  In a large room you will want to repeat any questions asked.  You're the only one with a microphone and the rest of the audience may not hear the question.  In my case, the room was small enough and the discussion lively enough that I did not feel the need to interrupt to repeat comments and questions.  Unfortunately, this means they were not captured on the recording.

Hopefully you can learn from my mistakes.  I've embedded my video and slides below.

Please be gentle :)