NDC 2014, Vikings, passwords and pineapples (and session videos)

Here was the original plan: propose two talks for NDC, travel over to the other side of the world and do them both then make the long trek home (each trip taking about 33 hours, thank you very much). That was pretty much how it went except that only one of the proposed talks made the cut (I later learned that they seemed too similar which is a perfectly reasonable assessment). So I did the only sensible thing and took the very best parts out of the talk that didn’t make the cut and rolled them into the one that did. And then the week before the event, they asked me to do them both. Uh…

With the originally rejected talk now cannibalised, I fell back to another recent one that had been very successful in webinar format for Pluralsight – my Builders versus Breakers talk. This goes through 10 online attacks, how they happened and how they could have been prevented. I find it a good talk for contextualising security risks by walking through real world attacks with real world impacts. I did this talk on the first day of the event and you can watch it now right here:

"Builders versus Breakers" video

This is a good talk (at least that seems to be the consensus) and whilst sometimes the occasion calls for talking to slides as I’ve done here, there’s also nothing like actually showing real stuff. A couple of days later I did just that with the next talk and it actually worked as a very good follow-on from the first. Wednesday was all about “here’s who got pwned by SQL injection and bad crypto and insufficient SSL” then the Friday talk was “here, let me show you how to actually exploit each of these”. The second talk had a lot more humour built into it too and if the vibe from the crowd is anything to go by, I’d put this talk right up the top of the list in terms of the best ones I’ve delivered over the years:

"How I hacked my way to Norway" video

This was a totally packed room – people sitting on the floor up the front, on the stairs and queuing 5 deep out the entry. Apparently the overflow room had pretty good attendance too (they have each session broadcast on eight separate screens and you listen to the one you want with headphones). Admittedly I did promote the session quite a bit in the lead-up and the promise of pwning Swedish websites was evidently alluring. That probably all contributed to having a view like this from the podium before I kicked off:

Photo of a packed room

There was only really one serious glitch in the talk which was the wifi Pineapple not playing ball right at the end of the session. What should have happened was that a whole bunch of people whose devices had connected to the Pineapple would have been able to load, attempted to login then found themselves over on my site with their (dummy) credentials on full display and the Swedish chef from the Muppets dancing around the place. I suspect the Pineapple was just overwhelmed by the number of connections; several hundred densely clustered people at a tech conference with multiple devices each will do that!

Regardless, the feedback seemed to be rather positive:

The feedback after @troyhunt's talk #ndcoslo

The theory is that on exiting the session you drop in either a green card for good, yellow for indifferent or red for bad. Of those who voted (and there’s always quite a few who don’t, for whatever reason), at final count there were 203 green and… nothing else :)

I find that speaking is something I continue to refine after each session and by all accounts, continue to improve at. Watching the approaches of other speakers and the reactions of the audience is always interesting. The blend of humour and content, how much is ad-libbed, how much the speaker depends on static content and especially how much content there is that people can take away and actually use. For those that are interested, here are some of the talks I’ve seen over the last year or so that have inspired me in totally different ways:

  1. Ben Hammersley at Web Directions 2012. This is notable for the simple fact that it remains the one technology presentation I’ve seen that has no slides, no demos and not a single thing on screen. In fact there was no screen – and it was awesome. I really need to go back and watch it again to better understand just what it was that Ben did so well, but in an era dominated by animated GIFs, memes and live demos, to do nothing more than walk backwards and forwards on a stage for an hour in front of a captivated audience is, IMHO, a massive feat.
  2. Erdal Ozkaya at TechEd Australia 2013. No video for this one unfortunately, but what Erdal does exceptionally well is to fill the room with an infectiously positive vibe. I heard it said in Oslo while talking with people who actually do speaker training that the audience’s passion for a topic will always match that of the speaker and Erdal always does the “kid in a candy store” thing exceptionally well. He’s also very engaging with the audience – lots of questions, lots of direct discussion and lots of interaction. In a later session at another event, I witnessed Erdal do what to most speakers would deem unthinkable – present an entire session with no visuals when the projector broke. Think about how you’d handle that, fellow speakers!
  3. Scott Hanselman at Codemania New Zealand in 2014. Scott’s a well-renowned speaker and deservedly so, but it’s the way he goes about it that I find most interesting. He’s always extremely comfortable with the topic, that much is clear, and he injects a lot of humour into the talk that gets everyone engaged in the underlying topic. What he really does well is relays a lot of stories that illustrate his points and very rarely relies on reading words from pages so the audience is pretty much always focussed on him and not the screen. What you do see on screen compliments what he’s saying rather than the other way around. The subtle Microsoft-deprecating humour only helps too!
  4. Nik Molnar at NDC Norway in 2014. This one from just last week was the first time I’d seen Nik of Glimpse fame talk. What I particularly liked about Nik’s talk is that there was so much useful information that could be taken away from it – immediately actionable information. Of course some talks lend themselves better to this than others, but it causes you to stop and think – what are people going to actually do after seeing your talk? Are they going to say “well that was highly entertaining” yet go back to their desks and take nothing with them? Or, as in Nik’s case, are they going to actually start doing things differently – better – than they did before the talk? Whilst it isn’t in the recorded video, I also liked the way Nik injected humour into the blank space that normally occupies the time between the speaker being ready and the time coming to actually begin the talk (he typed out some quizzes and humorous anecdotes in Notepad).

My next talk in Melbourne next month for DDD should be better again; I’ll take the bits that worked well from NDC, cut the bits that didn’t and take heed of the things I learned from watching other speakers, both the good and the bad. I also had a lot of time talking with other speakers at NDC about their tips and tricks (more so than what I have at any event in the past), and there was a lot of good info in there I’ll carry forward to future events.

Lastly, if you’re on the fence about talking, get off your backside and just do it! Only good things happen as a result, but that’s a story I’ll tell at the proper time :)

Security Speaking
Tweet Post Update Email RSS

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals