Saturday, February 7, 2009

ShmooCon Day 1 wrap up

So quick wrap up on Day 1.

The only talks I caught were the end of the smart key one, which seemed cool and the Watching the Watchers one by the cadets. It was good, not overly technical, but still good.

Did lots of chatting with old friends and met some new ones which is always good. Its always nice to turn names into faces.

ShmooCon Firetalk on Attacking Oracle with the Metasploit Framework went pretty good, its hard to look at everyone when you are in a circle and there was no mic so I pretty much had no voice by the end of it but I think it went pretty good and I got some good feedback and questions from some people in the audience after. The demo video is posted.

Jack Daniel talked about FOI, Failure On Investment as the only measure people are using to actually measure anything security related, which is true but is also why most senior security professionals in the US make 6 figures, you get paid enough to educate and push through those types of issues.

I didnt catch the name for the guy after Jack but he talked about how powerpoint has removed the ability for people to tell a story and other standard tufte quotes. I've had similar discussions with Michael from Security Catalyst. Again I don't disagree but there are times for powerpoint and if powerpoint rules are applied a presentation can be tolerable. The common counter for powerpoint is to just handout the slides with notes or whatever. That works great for a presentation to 10 people at work but certainly doesn't scale to a security conference. I like slides for people that do talks at security conferences that actually have content in the slides. Slides that consist of pictures of a lock, turtle, toilet, cigarette, and a trash can probably make/made perfect sense for the people who were actually sitting in the crowd but if all I get is the slides later it doesn't mean crap. I dont see how I could have pulled off my talk without powerpoint, its hard to talk about code or see the output from metasploit without actually showing it. But comments always welcome.

Ok, that is all for now...trying to get g0ne up and moving from his house so we can head back into D.C. for the talks today.


Security Catalyst (Michael) said...

To be clear - powerpoint/keynote and other visual aids are essential. What I rail against is the approach I see and experience all too often: "i had a presentation to give, so I opened Powerpoint and started typing." I have rarely seen that work.

As we discussed, there are many times where an image, screen capture or diagram needs to be displayed. Ironically, I am now more interested in a whiteboard or "old-fashioned" overhead projector to convey the idea - but the reason for that is it allows me to construct on-the-fly with others watching, greatly improving their capacity to learn (since many choose to copy it down - the same way).

To be clear, I'm not against powerpoint - just how it is used as a crutch and prevents people from truly communicating.

FWIW, I still look forward to your presentation - with or without powerpoint!

CG said...

great comments as usual. thanks Michael!