Visual Notetaking

I’m a big fan of the book “Back of the Napkin” which is all about using pictures to help with problem solving. Yesterday, I was introduced to a related concept “visual notetaking” where you use images to support other notes you are taking during a meeting. I’m at a two day workshop and we have a professional notetaker who is using this. It really makes the notes much more powerful and useful then just text. Imagine having notes with visual cues to (including but not limited to network diagrams) help you remember what happened. I’m sitting here looking at the posters, the notetaker made in real time with our discussions and it’s amazing how much more useful they are.

Mini Metricon 4.5 Call for Participation

[Posting this here to help get the word out - Chris ]
Mini MetriCon 4.5 will be a one-day event, Monday, March 1, 2010, in San Francisco, California. Through the cooperation of RSA, the workshop will be held at the University of San Francisco, within walking distance of the Moscone Center, the location of the RSA Conference, to be held during the same week. Mini MetriCon attendees are eligible for free RSA exhibit passes.
Like its predecessors, Mini Metricon 4.5 is an informal workshop designed to facilitate exchange of new ideas as well as practical experience in using metrics to drive better security, compliance, and risk management. The day will be divided between open/moderated exchange and short presentations. Participants are expected to come prepared to actively interact as either presenters or active listeners (or both).
Place: University of San Francisco (walking distance to the Moscone Center)
Time: 8:30am to 4:30pm
Participation: by invitation.
Attendance: Limited to 80 people
Additional details, including links to past workshops, presentations, and digests, as well as a calendar with important dates and instructions for submitters is available at securitymetrics.org

Privacy Enhancing Technologies 2009

The organizers of the 9th Privacy Enhancing Technologies Symposium invite you to participate in PETS 2009, to be held at the University of Washington, Seattle, WA, USA, on Aug 5-7, 2009.

PETS features leading research in a broad array of topics, with sessions
on network privacy, database privacy, anonymous communication, privacy
policies, and privacy offline. (The PETS 2009 program is here.)

Like last year, we also present the HotPETs workshop, which showcases hot new research in the field.

We will also be presenting the Award for Outstanding Research in Privacy
Enhancing Technologies to researchers who have made an outstanding
contribution to the theory, design, implementation, or deployment of
privacy enhancing technology.

Important dates:

Stipends deadline: July 2
Hotel group rate deadline: July 5
Earlybird registration deadline: July 9
Symposium: August 5-7

Venue and registration information, as well as the program, can be found
at the PETS 2009 website.

We hope to see you in Seattle!

- The PETS 2009 organizers

How to Present

As I get ready to go to South Africa, I’m thinking a lot about presentations. I’ll be delivering a keynote and a technical/managerial talk at the ITWeb Security Summit. The keynote will be on ‘The Crisis in Information Security’ and the technical talk on Microsoft’s Security Development Lifecycle.


As I think about how to deliver each of these talks, I think about what people will want from each. From a keynote, there should be a broad perspective, aiming to influence the agenda and conversation for the day, the conference and beyond. For a technical talk, I’m starting from “why should we care” and sharing experiences in enough depth that the audience gets practical lessons they can apply to their own work.

Part of being a great presenter is watching others present, and seeing what works for them and what doesn’t. And part of it is watching yourself (painful as that is). Another part is listening to the masters. And in that vein, Garr Reynolds has a great post “Making presentations in the TED style:”

TED has earned a lot of attention over the years for many reasons, including the nature and quality of its short-form conference presentations. All presenters lucky enough to be asked to speak at TED are given 18-minute slots maximum (some are for even less time such as 3- and 6-minute slots). Some who present at TED are not used to speaking on a large stage, or are at least not used to speaking on their topic with strict time restraints. TED does not make a big deal publicly out of the TED Commandments, but many TED presenters have referenced the speaking guidelines in their talks and in their blogs over the years (e.g., Ben Saunders).

Ironically, he closes with:

Bill Gates vs. Bill Gates
Again, you do not have to use slides at TED (or TEDx, etc.), but if you do use slides, think of using them more in the style of Bill Gates the TEDster rather than Bill Gates the bullet point guy from the past. As Bill has shown, everyone can get better at presenting on stage.

bill-vs-bill.jpg

I’ll be doing some of both. As both Reynolds and Bill understand, there are better and worse styles. Different styles work well for different people. There’s also a time and a place for each good style of presentation. Understanding yourself, your audience and goals are essential to doing any presentation well.

Of course, style only matters if you’re a professional entertainer, or have something interesting to say. I try hard to be in the latter category.

If you’re in Johannesburg, come see both talks. I’m looking forward to meeting new people, and would love to hear your feedback on either talk, either on the content or the style.

Security is about outcomes: RSA edition

garner-hard-drive-crusher.jpgSo last week I asked what people wanted to get out of RSA, and the answer was mostly silence and snark. There are some good summaries of RSA at securosis and Stiennon’s network world blog, so I won’t try to do that.

But I did I promise to tell you what I wanted to get out of it. My goals, ordered:

  1. A successful Research Revealed track. I think we had some great talks, a panel I’m not qualified to judge (since I was on it), and at least a couple of sell-out sessions. But you tell me. Did it work for you?
  2. See interesting new technology. I saw three things: Garner’s hard driver crusher (they have a “destroy” button!), Camouflage‘s database masking and some very cool credit card form factor crypto devices from Emue. (I’d add Verizon’s DBIR, but I saw that before the show.) Four interesting bits? Counts as success. Ooh, plus saw the Aptera car.
  3. Announce our new blog at Newschoolsecurity.com. Done!
  4. See friends and make five new ones. It turns out that the most successful part of this was my Open Security Foundation t-shirt. I urge you all to donate and get this highly effective networking tool.
  5. Connect five pairs of people who previously didn’t know each other. I counted seven, which makes me really happy.

What I didn’t want: a hangover. Only had one, Friday morning.

Off to the Moscone Center

Every year around this time, thousands of people converge on the Moscone Center in San Francisco for RSA. I had never given much thought to who Moscone was–some local politician I figured.


I first heard about Harvey Milk in the context of the Dead Kennedys cover of I Fought The Law:

The law don’t mean shit if you’ve got the right friends
That’s how this country’s run
Twinkies are the best friend I’ve ever had
I fought the law
And I won


I blew George and Harvey’s brains out with my six-gun
I fought the law and I won

I learned about Harvey Milk, but didn’t really remember George. I learned who he was from Milk, the movie.

When you hear someone talking about the absolute catastrophe that getting hacked might be, put it in context of human life. Most hacking incidents are annoying, some have real financial impact, and some few have the potential to do real and irreparable harm.

So as we go to the Moscone Center, remember the murders committed by an authorized entrant into city hall. When you hear someone talking about the absolute catastrophe that getting hacked might be, put it in context, and remember George Moscone and Harvey Milk.