If you’ve been following and noticing my lack of posting lately, it’s because of two reasons:
- I’m doing a lot of tracking little stuff projects at work that is sucking up my time.
- I was out of town last week at a conference, TechEd in New Orleans.
I had a presentation which I entitle “Behind the Spam: A Look at Spammers, Scareware, and other Sundry Subterfuge.” It’s not the first time I have presented it; in fact, I did it again today for a Junior High school where I modified the content slightly to fit the younger audience.
The idea behind the presentation was based upon something I had noticed several months ago in my team. I found out that I was heavily silo’ed into the spam area. I knew about other threats out there but wasn’t too knowledgeable. So, I decided to educate myself and did a lunch time presentation for colleagues. Many of them are in Development, Test or Operations and don’t know much about the cyber-security space, so my presentation was designed to do just that – take a look behind the spam and look at the entire threat landscape. In addition, I wanted to talk about spammers themselves (who are they? how much money do they make?) as well as their distribution vehicle – botnets. I got good feedback from this presentation because most of us just don’t get a chance to keep up on everything. I took it upon myself to educate myself in my spare time and redistribute my knowledge.
Fast forward to TechEd. My goal was to do the same thing but put more of a pro-Microsoft spin on it. I talked a bit more about what Microsoft is doing in the cyber-security space, removed all of the profanity, nudity and pointed accusations (at foreign governments) and spoke about how my division uses some of this information to combat the spam threats. In short, I was going through the entire threat landscape and straddling the non-technical and technical parts. As we all know, combating spam and malware is a highly technical and difficult process. There’s lots of in-depth technical knowledge required to iron out the details, and I decided that I wasn’t going to go into that much detail. Instead, my goal was to take a highly technical topic and make it accessible to the average person.
I also made sure to add one main point – if you took nothing but one thing away from my presentation, it was this: Make sure that you are running up-to-date software. If you’re running Windows XP, you should upgrade to Windows 7. If you’re not going to upgrade to Windows 7, then at least ensure that you are running all of the patches that Microsoft releases. If you don’t want to upgrade your software because you have to pay for it, then at least upgrade the free stuff like Adobe Acrobat, Flash, and Internet Explorer 6. That’s free. And updates are regular. Install them. My message here was simple: newer software is less prone to security updates. Yes, it’s simple but that is the point. Sometimes the simple things can have a big impact.
Now, obviously, security is more than than just installing the latest version of the software. But I wanted to boil down the message to one thing and that was what I picked. When you present something and you want the audience to come away with something, don’t add too much because it goes past them. Since I wasn’t sure of their area of expertise (technical, but not in cybersecurity) I had to make sure that my message was accessible.
I also tried to present my topic in a humorous and entertaining way. Now, one of my hobbies is magic, specifically mentalism. Mentalism is the branch of magic that deals with magic of the mind – predictions, thought reading, remote viewing, that sort of thing. I wanted to merge the two – inject some magic into the presentation and use it to underscore what I was talking about. I would do an effect and tie it together with my point. Because I had so many points, the goal here was to use entertainment as a way of cementing in people’s minds my point. For example, I did a card effect where I had someone select a card, and then I guessed what it was. I then explained that there were four possible ways I could have done the effect. Each of them was equally valid for getting the identity of the card. In just the same way, spammers (miscreants) have a variety of different ways of attacking your computer.
The presentation was alright. I altered my performing style for mentalism in summer 2009 to inject a lot more energy into it. I get excited when I present, and when I get excited about my topic, I tend to talk a little too fast. I got a lot of negative feedback around that. I’m working on it, but I’d rather be nailed for talking too fast because I am excited than for being a boring speaker. The other reviews were mixed. Some people loved it, others hated it (“Card tricks? WTF!” wrote one reviewer). I will admit that there are some parts of my message that I could have been a bit more clear about. Maybe rather than underscoring 1 point, I could have hit three (update your software, run antivirus, don’t click on stuff you don’t understand – obvious stuff, but still important). But I’m still pleased that I did my presentation and took a complex topic – cybersecurity – and made it accessible to the average technical person. Perhaps it could have been more technical, and perhaps I could have spoken slower, but I still think I hit the important points and next time I will be even better at it.