In a recent blog post, I talked about some nightmarish tales from some of my speaking gigs. As a result I’ve kind of developed a list of common tips and tricks I do to help mitigate things. Now I really do love speaking, and at this point I no longer get too nervous, because I’ve seen things go ever so bad. I also over prepare, which helps put the mind at ease. So here are my list of speaker tips, mainly geared at the Infosec speaker.

General Tips

Rehearse. Rehearse the presentation, especially for time. I don’t just mean speaking out loud to your laptop with the clock running. You should also give the talk to fellow employees at your job, or try it out on a small group at a local tech meetup.

Cables. Assume the worse when it comes to connectors to the projector system, travel with several. Even though most modern projectors can handle HDMI and a USB C to HDMI adapter and cable will work in most cases, assume the worse. I’ve seen HDMI simply stop working on a projector, and had to use that ugly 9-pin connector on the side that no one else but me seems to know what it did. And yes, I had the connector to make it work.

Backup. You’d be surprised how often this has saved my ass. Keep a backup of your presentation on a USB drive in your pocket, in case of laptop failure/theft/whatever, so you can plug in to maybe the conference organizer’s laptop and have it work. It is not very common, but I’ve also had gigs where I showed up and they had one laptop already hooked up, and all presenters had to use that. Having the USB stick backup made it easy. I had even saved it in a couple of different formats, to make it easier for then. Granted this doesn’t work very well if there is a demo in your talk, but this single shared laptop thing seems to only happen at events where you are just talking over slides without a demo.

No Internet. Assume no Internet, so if your presentation contains a demo or a video or something, you have local copies of everything. If your demo involves attacking another system, make it a local container and not some vulnerable system you’ve set up online. First, it is easier to deal with since there is less that can go wrong. Second, you’re in front of a curious audience who now has the IP address of a vulnerable system up on the Internet, and your demo shows how to break in.

If you must… Alright, if you absolutely have to have live Internet during your presentation, tether. Don’t trust the conference wireless, and even using Ethernet might be questionable albeit more stable, but it is being shared with a conference full of nerds learning about security. Ask in advance as best you can about cellular service at the venue, and if it is that important, invest in a hotspot (and rehearse your talk with it). Which reminds me…

New tech. I highly recommend you do not try out a new piece of software or purchase some new device, and then decide to try it out at the conference or hotel the night before. Everything you bring you should be familiar with, from a hotspot to tethering to a VPN. Your talk should only depend on equipment you know cold.

Demo backup. If you’re doing a demo, make sure you have a local copy of a video of the demo working perfectly as a backup. Just in case.

Imbibement. In the past I have given talks while drunk, and have done shots with audience members and all of the other stupid things one does at hacker conferences. Now, not so much. It is perfectly acceptable to give a talk while sober and aware. Most things end up on YouTube these days, so you really don’t want to be that person. I get it though, if a part of your routine is a shot of whiskey or bong hit before curtain time and that works for you, fine. Just remember that employers these days have access to YouTube just like everyone else, so consider some restraint.

Prepare for questions. Imagine that your Infosec hero or renowned subject matter expert in the field is in the audience, and that they have two or three questions about each slide. Figure out what you think their questions might be, adjust your presentation, and have those answers ready. Once when doing a talk involving some networking stuff, I imagined Dan Kaminsky sitting in the audience, ready to ask questions. I went through my talk, made some adjustments, and made sure I knew all the details on the lower level points I wasn’t going to include in my talk because I had 50 minutes, not 6 hours. Sure enough, Dan fucking Kaminsky is in crowd, and I can see him really into the talk and yup, he asks several deep dive questions. Thanks to preparing for it, I had decent enough answers to not look like an idiot. Just remember: WWDKD? Or Runa? Or Tavis? Or Wendy?

Bathroom visit. Do a bathroom visit before your talk. Starting with an empty bladder is a good thing, and check yourself in the mirror. Make sure everything that is supposed to be covered, buttoned up, and zipped up actually is. You would rather notice that booger on your nose in the bathroom than have your friends point it out in the uploaded video of your talk.

Climate change. Often speakers fly to different locations with different climates, different airborne allergens, and humidity levels. Have tissues at the ready. Even the room you’re speaking in could be different from the hallways. This happened recently - the venue was in a different region of the country, the hallways were hot, but the auditorium was cold. As soon as I hit the podium, my nasal passages opened up. Luckily I had tissues for such an occasion.

Notifications off. I have a lot of really immature and stupid friends. During talks I have been sent all number of messages designed to pop up alerts on the screen, and depending on setup these can appear over the top of slides. As you can imagine, an alert that says “You’re fired” or “Your pornography is on backorder” is somewhat distracting. Oh sure, it is funny when it happens to someone else… Nonetheless, turn off notifications.

Content

I do have a few recommendations on the actual content and delivery that have helped me, and might help you as well.

Learn the content. Know the material backward and forward. Over learn and under deliver. This helps with confidence in your delivery.

Flexibility. Some talks are by nature more conceptual than technical, like a keynote. If you have a talk that can go either deep technical or light technical with more conceptual material, be prepared to go either route on the fly. If it is an established conference with past presentations on YouTube, I’ll watch several to get a feel for the type of crowd, otherwise I’ll ask the conference organizers. But if you’re unsure, be prepared to go both ways. An easy way is to watch the audience and just see what is working. If more than half the audience is glazed over or on their phones, you may need to add a verbal sentence or two for each slide that explains a technical concept in a less technical way. Feel free to drop right back into the ones and zeroes, because you want to keep the hardcode nerds interested, but remember not everyone is at the same level.

Rigidity. There is a time to be flexible, and a time to stick to your guns. Jeff Moss once told me a good Black Hat talk had no less than half the audience zoned out, but certainly close to half. Bear in mind Black Hat talks are expected to be technical, so at that kind of conference you no longer try to carry the non-technical along with you by simplifying. Personally I still read the crowd a bit and try to help the zoned out and the lost, but at those type of conferences I don’t worry about a detailed explanation of some packet header in a network trace with a bunch of hex dumps on the presentation screen for extended periods while Dan Kaminsky asks questions and we explore details that probably only Dan and I care about. Yes, this has happened, it was actually a lot of fun for both of us. That makes a great Black Hat, ToorCon, or ShmooCon talk - it makes for a shitty RSA conference talk or virtually any keynote.

Watch yourself. This one might hurt, I know it has me. Most talks are recorded onto video, and most videos end up on YouTube. Watch your talk. You are going to be the harshest critic, if you see something you hate, well, you have the power to change it and make it better the next time. A good test is to get up and video record yourself in your office or living room or dining room giving the talk. Do it in one take. Force yourself to get through it, trust me it will be somewhat uncomfortable. Watch the entire thing back. Take notes, make changes, redo the talk, refine.

Those Fucking Slides

I have issues with slides, so here are a few slide-specific tips.

Slideless. If possible, try to refine your content to work in a talk where you don’t even need the slides. If you can convey the message without the slide, try to do so. I’ve done talks where I really wanted the audience to focus on my words so I included a blank black slide. I mainly use the slides to emphasize a specific point as opposed to detail out everything. If you wish to give them the slides afterwards with all of the details, just include all of your detailed notes in the note part of the slide, not in the slide itself.

Bullets. Good god, man. Lose the bullets. A lot of people write their full outline in the slides, advance from slide to slide, and just read the text off of them to the audience. This is expected and boring. If you wish to be expected and boring (and forgettable) do the bullet thing.

Black background. I have been in talks where the first slide was some graphic, and then the talk started and the second slide was black text on a white background. The white was so blinding that a decent chunk of the audience moaned, some put on sunglasses (including me) and several people left. Yes, I get you want your text readable. Try a large white font on a black background. This especially applies if you are speaking in the morning, and you expect a few people in the crowd with hangovers.

Memes. Limit your use of memes. Personally I never use them. I try to challenge myself to get them to laugh using my words. Nonetheless, I know memes are popular. They are to presentations what bullets were last decade or century, but overusing them is distracting. Ask yourself this - do you want to be remembered for your content or your use of memes? You use too many, and your message will get lost.

Limit your text. My general rule is to try to limit the text as much as possible. If I need to convey a series of thoughts to get a concept across, I will have one line of text on the screen in white on a black background, the next slide will have that first line in grey and a new line in white, and so on. I lead the audience through the text visually.

Use animation. Mix it up. I don’t mean fly stuff all over the screen, but I do mean something along the lines of simple animation. I once put of a complete screen full of text (headers of a malicious phishing email), and the part I wanted to highlight I had turn red, the rest faded away, and the red moved to the center of the screen while I discussed it. Visually people are used to seeing information like this via YouTube, television, movies, and so on. This does wonders for helping to explain a technical concept to a non-technical audience, as well as quickly showing the techno nerds the parts you wish to emphasize. It beats the hell out of a meme.

In Conclusion

Don’t be afraid to ask for help. Don’t limit yourself to asking friends unless you know your friends are extremely honest. Usually your friends tell you whatever you are doing is great, regardless of reality. Run the talk by others, particularly peers.

I hope this helps you, let me know if you have tips as well - I am always looking for ways to improve my talks.