Sponsored by:

Speaking

A 59-post collection

Dissecting a tech talk: How I topped the charts at NDC

Recent I wrote about Speaker style bingo which called out a bunch of common anti-patterns I see (and indeed have done myself) in technical talks. If I’m honest, I’m a bit surprised at how much attention that post garnered and it appears to have really resonated with people. When I wrote that post, I was back home but between speaking events in Europe so was both reflecting on the talks I’d just done and preparing for the upcoming ones. I find that writing material like that really helps me crystallise things in my mind so whilst it’s great that many people found it useful, I was also using that exercise as preparation...

.NET Rocking in Oslo!

I had a crazy trip to the Norwegian Developers Conference in Oslo this month; 2 days of workshops, a user group presentation, 2 conference talks, a podcast and a panel discussion. Despite the craziness of it all though, I was massively pleased that after the dust settled on the more than 150 speakers presenting over 200 talks, I found myself up here: Those little buzzers in front of the screen were hit on the way out and it so happened that I had a huge number of the green ones selected for my second talk on “Making Hacking Child’s Play” which put it way up in the top ranked spot. Mind you, the first talk on...

Speaker style bingo: 10 presentation anti-patterns

For the first time in about as long as I can remember, I’m at a conference and not actually presenting anything. It’s enormously liberating actually and it’s allowed me to soak up a heap of info without being preoccupied with actually, well, doing stuff. Mind you, I’m chairing half a dozen sessions at AusCERT 2015 but that amounts to introducing someone, sitting back to enjoy their talk then thanking them very much. Anyway, all this sitting around and watching other people talk about technology really got me thinking about speaking style. I work enormously hard on refining my own style and a huge amount of how I present today is influenced by...

Yow! Conference talk – Hack yourself first

Back in December, I was privileged enough to be asked along to the Yow! Conference road show down here in Australia. I say “road show” as myself and a bunch of speakers from around the world spent a couple of days in Melbourne, a weekend up in sunny Queensland, a couple of days in Brisbane then jetted down to Sydney and spent a couple of days there. It was pretty much the same content in each city, but obviously different audiences. This was my first Yow! and it was a little different to most of the events I’d attended before. Very little Microsoft, lots of functional programming and Java plus a lot of higher level talks...

Secure Account Management with .NET Rocks!

A little while back I wrote about The Conversation, that’s the one I often have with developers looking to build web applications which need to manage accounts but who perhaps haven’t quite thought through all the ins and outs of it. That was also the launch of a new Pluralsight course Secure Account Management Fundamentals which goes through a heap of things that usually come up in these conversations. I’d like to think that at the very least, it’s thought provoking but it’ll also potentially save you from some rather serious ramifications should things all go wrong. A couple of weeks back I caught up with Carl and Richard on...

App sec in Europe!

Through what I can only describe as enormously fortuitous circumstances (and I’ll better qualify that in a later post), I have the bandwidth to do a bunch of things over the next few months that previous commitments kept me from. One of the immediate things I’m now doing is saying “yes” when I previously had to decline. Yes to conferences. Yes to training. Yes to consulting and in the context of this blog post, yes to folks in the EU. I’m off to Europe a couple of times over the coming months for two awesome events. The first is OWASP’s AppSecEU in the Netherlands in May: I’m doing...

Are your apps leaking your private details?

For many regular readers here, this is probably not overly surprising: some of your apps may do nasty things. Yes, yes, we’re all very shocked about this but all jokes aside, it’s a rather nasty problem that kids in particular are at risk of. There was a piece a few days back on Channel 4 in the UK about Apps, ads and what they get from your phone where a bunch of kids had their traffic intercepted by a security firm. The results were then shared with the participants where their shocked responses could then be observed by all. I got asked for some comments on this by SBS TV here locally which went to air...

Sony, North Korea and Cyberwarfare on RunAs Radio

It was the story that got weirder and weirder and will likely remain the high water mark for impactful security breaches for, well, probably not very long given this industry! Be that as it may, the Sony saga was unprecedented in many ways and it provoked some really interesting discussions. A couple of weeks back I suggested that many of us are working for the next Sony Pictures insofar as a lot of the atrocious practices they followed being pretty much par for the course in large enterprises. This to me is one of the key lessons we should be taking away from all this – you may be nothing more than one bad employee or one nasty piece of...

Hacking your API first at TechEd Australia 2014

I’ve been doing a lot of talking about API security recently because frankly, there’s a lot to talk about. Those little web services that sit behind the rich client apps on our devices and increasingly behind our Internet of Things have a nasty habit of having some really serious vulnerabilities in them. I’m talking about everything from leaking data to allowing unauthorised users to perform actions they shouldn’t be allowed to all the way through to entirely useless SSL implementations because certificate validation has been disabled. Pretty much every time I set out to look at the APIs being called by my devices, I find nasty stuff. Even just yesterday I was...

10 email security fundamentals for everyday people

A couple of weeks back, this bloke hit the news when his private emails were leaked and disclosed that he was fond of, shall we say, a very “colonial” vernacular when it comes to talking about our indigenous people: That he is (was?) a professor at a university would normally suggest that he’s a pretty switched on guy, but the evidence is clearly to the contrary. Speaking of people we’d normally assume to have above average intelligence, you’d probably not expect a Senator to offer a foreign athlete a handful of taxpayer funds to travel over here and then suggest that he be “compensated for the long haul, sexually of course&...