Building Better Security Presentations

Write The Abstract

Now I’m very aware step one should of course be doing all the research and then building the presentation, but that never happens. Step one is almost aways writing an abstract for most folks I know.

  • You’re an expert in the field. I don’t mean good at it, I mean you’re confident you’ll be the top person in the room on whatever you’re discussing. If you’re #2 or 3 the people ahead of you better like you.
  • You’re nuts and not afraid of failing on stage.
  • There is no 3.
  • be funny and/or enigmatic
  • tell people what new thing they’ll be able to do after your talk

Homemade Ramen & Threat Intelligence: A Recipe for Both

Julia Child said “No one is born a great cook, one learns by doing.” The same thing could easily be said of threat intelligence analysis. In this talk you’ll learn the recipe and techniques for building an in house threat intelligence capability (as well a a great bowl of ramen). The focus will be on what you can do today, now, regardless of budget, fancy feeds, or background. Chef’s knife not required.

We went more silly funny for this one. What does 🍜 and CTI have in common? It’s clearly a metaphor but where we go with it is (I hope) intriguing. It also details the takeaway: how to build a CTI program (and as a bonus how to make some delicious Japanese soup).

Write Your Outline

Generally speaking I’ve already got the bones of the talk in my head when I start an abstract, but a formal outline is different. It needs to be fully fleshed out; not down to the slide level necessarily but at least to the major & minor sections. I build this out pretty slowly using a common pattern.

Highest Level

- Intro
- Body
- Conclusion

Medium Level

My dad knows his way around a good presentation and his format was beautifully simple:

Tell ’em what you’re gonna tell ’em.

Tell ’em.

Tell ’em what you told ‘em.

Charmingly colloquial but also effective. When in doubt rule of three is a good pattern to follow. In fact I’m going to take the high level outline and break it into 3(ish) again.

  • Who I Am (Branding)
  • Why To Listen To Me (Authority)
  • What I’m going to Tell You
  • Main Point 1
  • Main Point 2
  • Main Point 3
  • Main Point 4 (Optional)
  • Main Point 5 (Optional)
  • What I Told You & A Key Take Away
  • Reminder of Who I Am
  • Resources
  • Thanks (Not one of the 3 but important)

Outline Slides

At this point I take my outline and translate it into whatever I’m going to build my slides in. I used the simplest, most basic template imaginable and just get started knowing I’ll change things around.

  • PowerPoint: It’s usually easily available in business settings and no one will blame you for it. It’s probably required if you have a corporate template. If you don’t it’s fine, but hard to make look like not PowerPoint.
  • Google Slides: The Google office suite is feature wise lacking compared to desktop suites, it’s not missing anything key. My beef against it is the templating system doesn’t make it easy to really change the templates, so you better like what you start with. That said it’s the best way to collaborate remotely with a co-speaker. It’s also okay to build content in, then import into something else to tweak.
  • Keynote: It’s Mac only, so either you have it or you don’t. Its design centric, so it’s possible to make really nice looking presentations, but it’s very hard to use if you’re not presenting off your own system. The PowerPoint export is all but unusable.
  • Deckset: Another Mac only tool that’s nice because it doesn’t let you mess with things. There are static templates you can’t change and the only formatting available is Markdown. The themes are limited, but if you’re the only one using it no one will notice. If you’re one of 10 people using it, even with different themes, everyone will notice.
  • JS Frameworks: There’s a wide variety of JavaScript/HTML/CSS based tool sets. They’re nice if you’re working with coders, but can take a lot of fiddling. They are nice for collaborating in a SCM like GitHub.
  • Prezi: Don’t. No one wants to pass out from motion sickness watching your 7th slide do a 270 kickflip indie into slide 8.

Pick a Theme & Gather Pictures, Fonts, & Colors

Ok, there’s a lot to this one so lets break it down:

Theme

When I say theme here I mean a grand idea for the presentation. Here’s an example:

Pictures

Your theme is highlighted by the pictures. There is one key and one key only for pictures in presentations: BIG! Seriously you want the biggest images you can get, both in terms of size of image (# of pixels) and size on the slide. This is a fundimental problem with building presentations.

Size, Fonts, & Colors

Okay this is where I might get a little bit ranty but it’s also the #1 thing people do poorly in their presentations. It comes down to two simple things:

  • YOUR FONTS AREN’T BIG ENOUGH!
  • YOUR COLORS DON’T HAVE ENOUGH CONTRAST!

Colors

What about colors? To understand colors you have to understand contrast. Here’s an example:

  • Background: Almost always a big neutral. Black or white work easily but using the right colors can make slides pop.
  • Base Text Color: Something super super high contrast with the background color. Maybe something easy on the eyes so avoid neons.
  • Accent Color: So something very different than your base text color, usually something bright and noticiable. The goal is to call attention. I’ll often use a different typeface for my accent text as well, just to extra make sure it stands out.
SpeakerDeck: Introduction to Open Source Security Tools
  • Background: This varied a slight bit slide to slide (Yep you can do that too!). I used white backgrounds to denote major sections. The general slides used a bright (and on brand for GitHub) blue.
  • Base Text: This swapped with each background with black text on the white section slides (contrast for days!) and white text on the blue backgrounds.
  • Accent Color: Used very very sparingly (which you should do with your accents in general) I used a medium grey. Normally I’d want more contrast but this presentation was done for a webcast, so I was less worried about it than on a projector screen.

Build The Content

Alright, so you have a design (color, typeface, etc) and an outline, maybe even some pictures and a theme; the basics of what you want to say. At this point I begin putting my outline into slides building a skeleton of the presentation in my presentation tool of choice.

  • Less on a slide is more. Everything word you add is more people have to pay attention to. Pictures can often replace paragraphs.
  • Move stuff around like mad. My initial skeleton and end presentation look nothing like each other and that’s part of the plan. Laying the whole thing out and moving it all around is the only way to know what works.
  • Write stuff, edit stuff, walk away, look at it again. You’ll have insights you’d have never thought before.
  • Think as much about what you’ll say during each slide as what’s written on it. This can often change your words or image thoughts.

Practice your Slides

Another piece that I think is super personal is how you practice your slides. My method is multi part, and is as much about pre-practice prep as anything. While I’m building my slides I read through them generally dozens of times. I make lots of notes, even knowing I’ll never reference them. They’re more about remembering what I need to remember (super meta right?).

Wanna go for bonus points? Keynote lets you record your practice.

Give your Presentation

Work Out Your Equipment (AHEAD OF TIME!)

One of the biggest pieces that trips up novice speakers (aside from font choices) is equipment. Generally speaking you’ll have four key pieces of equipment to think of: a remote, a computer, a projector, and a mic.

  • Remote: Honestly you want this to be boring, not intersting. I prefer to use my own but they’re all the same. I use a Logitech R800 and practice with it as well. I know the buttons without looking and know the range without it missing a click. If the venue requires something else I go with it, but try to give it a try first.
  • Computer: Often you won’t have control of this and just need to use whats there. It’s easiest for you if you can use your own computer and easiest for the conference if you use their system. Ultimately I try to be prepared for either. The big issue is connectivity: always have the ability to connect your system to HDMI and to VGA.
  • Projector: You you can’t control the projector in most cases which is why you make your slides projector proof: big words, big pictures, maximum contrast. If you’re lucky they’ll have some big, high lumen projector with a nice screen and everything will pop. If you’re unlucky and it’s an old projector against a white wall… well your slides will at least be readable.
  • Microphone: If you’re not used to using one a microphone can be a comedy of errors including feedback, being too quiet, being too loud, pops, etc. I always assume/hope for a lapel mic, the kind that they clip to your clothing (and wear something easy to clip to like a polo or button up shirt) so I can just talk & move without thinking about it. Hand held mics are okay, just keep it close to your mouth (seriously watch professionals use them, it looks like they’re eating an ice cream cone), but the worst is a podium mic. 😢 I pace & move when I talk and you can’t do that with a podium. Again just stay close to it. No mic? Be louder than you think you need to without shouting.

Lead In with a Joke

I’m not usually comfortable until the first time I get the audience to laugh. I don’t know why, this is a magic phase change to me. I suddenly start to feel comfortable, get out of my own head, and focus on the topic. Here’s one I use very often during my intro stolen from a coworker (Thanks Jesse!):

Here’s a good GIF for early in a presentation. RIP though… maybe not a good one.

Speak Slowly & Calmly

Public speaking makes people nervous and for many, including me, those nerves come out as speaking quickly. I conciously force myself to slow down, especially at the beginning. Eventually the practice will take over and you’ll find your natural rhythm but until then give yourself a quick self reminder to speak slowly. Also if you struggle with enunciation think that through as well. Mumblers are quickly tuned out by many people so focus on slow and understandable.

Being Nervous is Okay

We’ve touched on this but lets have some #REALTALK about nerves. In many ways being nervous before a talk is an imposter syndrome thing and talking about it is the key. I’ve spoken publicly dozens of times, taught 40 hour classes, done work presentations, briefed leadership, lots of stuff and I still get nervous every time I speak no matter the audience. In fact writing this blog post is making me nervous. So don’t worry if you are nervous, everyone is. Just remember by the time you walk on stage you’ve done the work, built your slides, practiced, and you were selected because you have something interesting to say and people want to hear it. Easier said than done, but that’s the truth.

Roll with the Punches

Present enough (and by enough I mean even once) and stuff will go wrong. It’s not fun. Devices don’t work, batteries die, people in the audience do dumb stuff; if it can go wrong it will. Let me given an example from my last presentation.

I was presenting in Brazil at Mind The Sec. It was a great event. However I made a mistake in preparation. I put my presentation together assuming I could present of my own laptop, a 2016 MacBook. If you aren’t an Apple fan you might know what’s coming but if not the beauty (and in this case downfall) of the Macbook is it only has one connector and it’s USB-C. You need dongles. And I was prepared for that, I had my usual go to USB-C ➡️ HDMI adapter ready to go.

Except the venue didn’t have HDMI connector but only VGA. So they asked me to transfer it to a PC. Sadly I was using Speakerdeck… which is Mac only. Not great. So what did I do? Took a draft version of the presentation, which I’d started in Keynote, exported it to PowerPoint, and gave them that. The content was all there, but zero styling… none. So what did I do? Laughed at myself, was extra descriptive, and did my best to hit my points. What happened? Well everyone told me it was great. I choose to believe them.

Call Attention to your Presentation

  • Upload your slides: I use SpeakerDeck. An alternative is Slideshare. Either is great and lets you point people to what you’ve done.
  • Link to your presentations: I share them off my site. You could share them via Twitter. Get eyes on those slides you spent all that time on, and video is even better.
  • Convert to Blog Posts: I am trying to convert a number of my presentations to blog posts (except the ones that started as blog posts and became presentations). If I don’t plan to give it again it seems to make sense.

Getting Started Speaking in Security

If you’ve gotten this far I hope it’s because you’re thinking about presenting. If you are on the fence please take the advice of my good friend Shia:

Conclusion & Resources

Even I’m tired of this post at this point, but I hope you’ve found some ideas or resources that will help. If you’re looking for more (and you should, in all my rambling I’ve hardly touched on many topics) here are a few I like:

TLDR: Your images are too small, your fonts are too small, you have too many words, your colors don’t have enough contrast.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Scott J Roberts

Scott J Roberts

Network Defender, developer, speaker, writer, author of O’Reilly’s Intelligence Driven Incident Response, & SANS instructor. Bad guy catcher.