Security Development Session In The UK

Imagine if security was cool like Silverlight….

But security is not that cool, so the biggest challenge I faced was presenting security topics in a way that people enjoy  it. Here are some techniques I used while I was delivering number of security sessions in MS Services UK.

I also used some hacking exposed to add some salt and pepper – it usually entertain people, these can be good examples:


  • I talked to very broad audience during general session about what Security Engineering is al about and “what-is-in-it-for-me” for MS as a whole and for Services organization specifically. Here I showed commonly broad non-security tools to do security stuff. For example, I showed Security .Net Code Inspection Using Outlook 2007. It surprised people that their day-to-day tool of trade actually can do security stuff. I used a lot’s of quotes from third parties like I Thought Security And ROI Are Nonsense When Used Together – it sounds more authentic.
  • Then I talked  about lifecycle integration for security engineering. There is a lots of confusion mostly because of information avalanche and multiple interpretations, so I walked the audience phase by phase explaining proper technique to each phase, possible outcomes, lessons learned from actual engagements and some funny stories from trenches – it is important to have fun, since security is most boring thing in the world.

That was fun, for me at least. I got some nice feedback like “You presented dry topic [security] in very funny way – I enjoyed it very much and it was very informative”, “I always thought security is a boring thing – your presentation was very entertaining and with clear messages”.

 It was actually my first time in the UK and I learned a lot about famous English sense of humor – it was everywhere. I learned that UK is very expensive.

Thank you Graham and James for the opportunity! Looking forward to work with you soon.

Comments (2)

  1. Graham Calladine says:

    You are the man Alik!

  2. alik levin's says:

    This post is inspired by Dave Ladd’s Security Education v. Security Training My favorite quote is "We