Tuesday, April 22, 2014

A small rant on presenting at conferences

The more conferences I run the more sympathy I have for other conference organizers, even the big commercial ones, and the more inclined I am to follow their rules and requests- but I expect the conferences to have a clue about what’s involved in delivering a good presentation and facilitate that, not hinder it.

If there are glitches at a BSides or other smaller, volunteer-run, or new events I’m OK with that.  It happens.  What I can’t stand are conferences which try to manage the speakers in ways that prevent delivering quality presentations.

First and foremost, I hate having to rely on the conference’s laptops for presentation.  I completely understand the desire to avoid the regular struggles of getting the right settings between a new laptop and the projector or display at the beginning of each session, but most “house laptop” situations I’ve been in are far worse than the lost couple of minutes of the VGA adapter shuffle.  The most common gripe I have is the loss of presenter view.  I want my notes, damn it- stop stealing them from me.  If I have to use your damned laptop, with its lack of fonts, odd and/or old versions of software, aspect ratio distortion and such- please, in the name of all that is good, give me presenter view.

And then we have your slide templates.  I’m sorry, but they suck.  Every. Single. One. Of. Them. Sucks.  Sure, mine suck, too- but in ways I expect.  Your templates and themes take away layout flexibility, they screw up notes pages, and sometimes even hinder basic functionality I rely on.  But then, you want me to use your crappy laptop, so those functions don’t work anyway.

I get it, you run cons, you don’t speak at them, so I’ll forgive you for past transgressions.  But not future ones, our audiences deserve better.



Friday, April 11, 2014

Threat Modeling, by Adam Shostack

Adam has a new book out, Threat Modeling: Designing for Security, and it is a great resource for anyone in security.  As with New School of Information Security, this is one to grab, read, and keep on the shelf (e-shelf?).

The layout is great, after a short introduction Adam takes you into an easy, but informative practice exercise.  After the exercise there is a more in-depth introduction, which builds on what you learn in the exercise- and also answers some questions which inevitably come up during the exercise.  From the first couple of chapters the book gets progressively deeper into threat modeling theory and practice.  Even if enterprise threat modeling isn’t your world, reading the first few chapters will help you think about securing systems and software more clearly and logically.

I know there are different views and opinions on threat modeling theory and methodology, but even if you approach it differently from Adam, I think you’ll find it informative and valuable.

Those who know me know that I’m a real fan of Adam’s work, he explains complex topics in easy to understand ways- concise and clear without “dumbing things down”.

Gunnar Peterson, who actually knows about this stuff, has an in-depth review of Threat Modeling on his great 1 Raindrop blog.

Grab a copy and give it a read.