Some background: I've been giving the occasional security presentation for about nine years now. I always approach them as a journalist -- framing an issue based on what has come out of my reporting. I tell the audience that I'm not presenting my opinions, but those of security practitioners who I learn from along the way. Now that I'm on the Akamai InfoSec team, the flavor of my talks will move away from the journalistic mold.
Most of the time things go well. I'm not the most dynamic speaker in the world and my slides aren't nearly as good as some of those I've seen others present. But I lost the fear of speaking in front of people a long time ago, and my confidence -- or appearance of confidence, at least -- pulls me through.
I used to think journalists should stay away from public speaking. People would rather hear from famous keynoters like Bill Clinton or Bill Gates, or folks who do the same job they wrestle with every day. Journalists? We're just observers. How boring is that? My mind has changed, obviously. Now I see speaking as an extension of being a good writer. I should be able to talk to people about what I've learned as well as write about it.
So I've sought out opportunities to do so. I've given a couple talks at MIT, the Boston NAISG chapter (I was on board of directors for five years), RSA (as a panel moderator) and various other small events around the country.
My audiences have been good to me. I try to make each talk interactive, because a lively discussion is always better than a lecture, in my opinion.
But in 2010, I gave a talk that bombed.
I didn't stammer or shake. I didn't bring the wrong slides. But this crowd didn't want to hear from a journalist. In fact, the second I got to the slide that said who I am and what I do, people got hostile.
The talk was in New York in a building next to Ground Zero, and the topic was DDoS attacks. I was asked to give the talk at the last minute, and I tossed the slides together a couple days before the event.
I did what I usually do, presenting slides like stories, with quotes, a nut graph, etc. I tossed in a few images I thought were humorous.
When I got to those slides, my audience sat collectively stone faced. That's never good.
I moved to the discussion part probably too quickly, and I asked if anyone wanted to share a story about suffering a DDoS attack. Not the best ice breaker, it turns out.
That's when the hostility really boiled to the surface.
"What could we possibly gain by talking about DDoS attacks against our companies?" one fellow asked.
I stressed that nothing discussed in that room would be written about. What was said in the room would stay in the room.
"Why would we tell this stuff to a journalist?" someone else asked.
To that, another guy said, "The second you said you were a journalist I lost all interest in this presentation."
Game over, I thought.
I thanked everyone for their time and wrapped it up. The event organizer came up to me and half-apologized. Then I got in the elevator and took off.
I've given seven talks since then, and they went well. The audiences seemed to appreciate it. And now that I'm no longer a journalist in the traditional sense, I find myself wondering if things would have gone better that day if I were there as a senior program manager for Akamai InfoSec.
I don't regret giving the DDoS talk. I learned some valuable lessons that day. The biggest lesson was that there's no excuse for diving into a talk without doing your homework on the event and the audience first.
The responsibility is all mine.
I bring all this up because every speaker bombs at least twice. But the good ones don't cower and run from future speaking opportunities.That's one of the many things I've learned from covering the security crowd. When you fall down -- be it a data breach or a botched presentation -- you get up, brush off your pants and move on.