Continuing on the “things I learned from speaking” track, the next step is why I did what I did. What would prompt someone to speak at their first InfoSec con ever? And for that, it’s time for a story.

Picture this, if you will. You’re young, impressionable, and have just discovered the incredible community that is the InfoSec community on Twitter. You find a few names you recognize from your blogs, and follow them. Then you go down their follow list and start following anyone who mentions security in their description. Suddenly, you’re sitting at a few hundred people followed, and without realizing, you’ve stepped into a community of truly awesome people. You don’t know them by much more than some their handles, maybe their display name, but you now know you’re part of a community, if only on the fringe.

Then, one day, one of those people who seem to be talking with everyone all the time mentions he’s on your side of town. (I’ll give you a hint; he’s got a beard almost double my age.) One random lunch later, and I had decided that I needed to go to any con I could get my hands on. So imagine my excitement when I heard a con was coming to my state! That con was BSidesAustin.

Almost as soon as BSidesAustin had been announced, I put my name down on the wiki and began making travel plans. I wasn’t going to miss this. (As an aside, at one point I told my family that I wouldn’t be going with them on our family vacation so that I could go to BSidesAustin. Just to give you an idea of how dedicated I was to going.)

But then, in my con-noobish eyes, I saw a problem. One month out from the event, there were only about 4 or 5 speakers signed up, and most of those had denoted only twenty-minute talks. I did some quick napkin math and realized that there weren’t enough people signed up to fill time for the day. And if there aren’t enough speakers signed up, then people won’t come, and then the con might not happen. And there was no way that I would ever let that happen! So I mulled it over for a few days, and made a decision. I was going to speak at BSidesAustin.

And why wouldn’t I? I had taken Professional Presentations, so I knew* how to give a presentation, right? So I thought for a while, and decided that since the only real experience that I had was being young and an InfoSec professional, that would be what I would speak about. I asked a few people who I could bounce some ideas off, what they thought, and in short order, had added my name to the list of

speakers with a quick title and description. The talk was titled “The Young and the Restless.” It wasn’t until a few weeks later that I got my real wake up call.

*See my previous post for some of the revelations I had when I realized that I, in fact, didn’t know much about giving a talk.

Tune in next week to witness thrilling breakdowns, startling revelations, and heroic rescues!

Note from Michael: I am excited to share this guest article from Joseph about his experiences speaking at BSides. I’m encouraging him to share more ideas in the future – and we might just get him as a contributor!

Last month, I attended my first security conference ever. It was also the first time that I spoke at a security conference. As a relative newcomer to the industry, I stepped out on a limb to give that talk, and it has rewarded me in spades. More, preparing for that talk taught me a few things that I’d like to share.

We aren’t preparing our up and coming speakers how to properly speak

While BSidesAustin was my first time to speak at a security conference, (which brought its own new set of nerves I had never experienced before) I am one of those people born with a predisposition to public speaking.

In order to earn the rank of Eagle Scout, I was required to earn a “Communications Merit Badge” culminating in a public speech of at least 10 minutes.  I completed that requirement by opening a fund raising luncheon with an audience that included mayors, State Representatives, and of Scout and political leaders.

As a computer science major at the University of North Texas, I took a required course called Professional Presentations, which taught – or claimed to teach – how to give professional presentations in the workplace. When I began preparing for BSidesAustin, I called on the experience that I had from my Eagle Scout experience and blended it with the lessons learned from this class, and my outline looked something like this:

• Introduction
• Agenda
• Point One
• Point Two
• Point Three
• Conclusion
• Questions and Answers

It’s a tried and true method of delivering a talk, right?

It’s what was ingrained in us as we learned that semester. What I realize now is that this method should be considered “tired and broken.”

The problem with this method is that it doesn’t engage an audience. Audiences have become conditioned to expect this method of delivery, and when they see a speaker beginning their talk in that style, the audience begins to tune out the speaker. So by your second slide, you’re already fighting an uphill battle for your audience’s attention. This is the last place you want to be as a new speaker.

When I began my preparations for BSidesAustin, I began to prepare my talk in the way I had been taught. It wasn’t until I sat down with my mentor and he explained the importance of properly engaging my audience that I threw out my slides and rebuilt my talk from the ground up. It felt like a leap of faith.

The reaction from my engaging talk was stunning, convincing me that we need to shift our thinking and change our behaviors if we are going to grow as a profession and make a difference.

Based on that experience and the way my eyes were opened (by my mentor and others), here are some considerations for the future:

We need to continue providing venues for new speakers to break the ice

BSidesAustin was an incredible experience, not just because of the community that was there, but also because of the fact that it gave me a place to try my hand at speaking about security.

It was a welcoming community that gave me the feedback I needed to grow in my speaking abilities. And yet, I still know that I couldn’t give either my BSidesAustin or BSidesBoston talks at my local ISSA chapter, NAISG group, or DC meetup. We have established speaking styles that we expect, and this keeps new speakers out of the places that, especially in the Dallas area, could desperately use them.

We need to personally be encouraging and mentoring new speakers to speak

I’ve said it in each of my talks, but I’ll say it over and over again, I would never have been able to execute my talk in Austin with any real measure of success without the help of my mentor.

Once I gave my first talk, the second one was much easier to give. But the most interesting thing that came out of my mentorship, was that I could immediately turn around and start taking the same advice I was given and give it to others who were preparing for their first talk. I used it in my Boston talk, and I’ll say it again, what you do now makes a lasting impact.

We need to offer additional opportunities to connect, engage and learn

Tools like the security catalyst community, career compass and the forth-coming guild with mentoring are great; we need more!

Stacy Thayer just had a great mentorship panel at SOURCEBoston, and when I asked her what motivated her to create the mentorship panel, she said it was a result of the mentorship she had when she was getting her start. It just keeps paying off.

Hopefully this gets you thinking about how you can get involved, and perhaps reconsider how you give your own talks.

Michael again: want to get involved? We’re relaunching the Security Catalyst Community this summer. We are expanding beyond forums and incorporating the Career Compass and mentoring (complete with training and guidance). Get constructive, get engaged and join us.

“You must be the change you wish to see in the world.”
-Mahatma Gandhi

In Part I of Change is Good, I gave you an overview of our developments at The Security Catalyst. This time I want to focus specifically on communications.

Our new website will be launched at the end of this month. It will offer useful resources for individuals and organizations along with information on our innovative toolkits, training and support such as the:

• Information Protection Toolkit
• ‘Speaking About Security’ training sessions for security professionals
• Catalyst Sessions for one-on-one and team support
• Presentations designed to engage, empower and enable your teams
• Catalyst Club – unique coaching, job-aids and the ability to practice and improve

The Security Catalyst blog and podcast will gain new energy thanks to the addition of two new team members. With their support, we are developing a production schedule which will allow me to share research, analysis and opinions with you on a more regular basis. Shortly, you will notice a new blog template. In a few weeks, you’ll noticea slight change to it’s location (it will be found at /blog). We all have a lot to share, and we’re looking forward to the change.

We are about to start rolling out the changes. You have already seen the new logo. Soon you will experience the new look, feel and functionality of our web-based services. We are excited to finally share these fruits of our labor.

Watch for ‘Change is Good: Part III’ next week.