Standing in front of PowerPoint Part 1: Discovering Security Cons

They say you always remember your first time. For me it was 1995 at the British Educational Training and Technology show at Olympia. The college I attended had a sponsorship deal with a company who were exhibiting and they wanted someone to talk about the use of IT in day to day education. While my contemporaries stared at their shoes I thrust my hand up and a few weeks later was being handed a full on Madonna wireless headset and presenting to an audience of bemused show visitors and stand staff who enthusiastically watched a 15 year old geek talk about using IT while a friend of mine used various trigger words to know when to change slide or quickly alt-tab to another application to make a point.

21 years later, that’s the only time I’ve ever had a voice activated slide deck.

Since then I MC’d mountain bike events for Future Publishing and Red Bull, appeared on the Extreme Channel and even had a few goes doing car videos on Youtube. I’m not an extrovert but public speaking isn’t something I shy away from, it’s fair to say.

Chris on the mic for a mountain bike show
Chris on the mic for a mountain bike show

Then my first con. BSides London 2014. It was overwhelming and exhilarating. I’d never even watched a hacking talk online, but now I was surrounded by people sharing the results of their research, sharing their secrets, doing things I understood but could never actually do. On the train ride home, I started preparing my ideas for a talk of my own.

There are often discussed points as to why you should do a talk at a con; it may be for personal development, commercial reasons, to try and raise your professional profile to help your career, or simply because you have a cool thing you want to share with people. There’s no requirement to, though. I think it’s a great thing to give back to the security community, but there are many, many ways to do that. For me, I think a lot of presenters don’t do it because they think they should, but rather because they are driven to.

It’s also worth remembering that organisers choose talks, and that’s your first round of validation. If your talk is not selected then they think it wouldn’t be a good fit. It stings to be rejected, but if you are accepted then it’s a sign that other people believe in your idea.

My ideas weren’t technical, they didn’t unveil a new attack or highlight vulnerabilities in a thing, they talked about people. They were both offensive and defensive, they brought some experience I’d gained through work and hoped to fill in some of the gaps I saw at different BSides events. And no-one would accept them. Eventually I got a slot at the second Steelcon event in 2015 and I found the talk on the other track was about the myths of plane hacking. In hindsight this was A Good Thing, as it meant my first security talk was for a modest audience, and it was definitely a learning experience.

To build on that first experience I decided to do a presentation for Steelcon 2016. In my next guest post I’ll take you through the process; the highs, the lows and how Google image search is your friend.

By Chris Ratcliff