Security Development Session In The UK
Imagine if security was cool like Silverlight....
But security is not that cool, so the biggest challenge I faced was presenting security topics in a way that people enjoy it. Here are some techniques I used while I was delivering number of security sessions in MS Services UK.
- I talked about security coding practices. The audience was few technical guys, consultants. So they know pretty much about security - I hardly could tell them something new. So my technique was presenting some effectiveness and efficiency tricks to find flaws and also (most important) give best practices to counter those flaws - either anticipating it through better design or by effective assessments of code. Here are some of techniques:
I also used some hacking exposed to add some salt and pepper - it usually entertain people, these can be good examples:
- I talked to very broad audience during general session about what Security Engineering is al about and "what-is-in-it-for-me" for MS as a whole and for Services organization specifically. Here I showed commonly broad non-security tools to do security stuff. For example, I showed Security .Net Code Inspection Using Outlook 2007. It surprised people that their day-to-day tool of trade actually can do security stuff. I used a lot's of quotes from third parties like I Thought Security And ROI Are Nonsense When Used Together - it sounds more authentic.
- Then I talked about lifecycle integration for security engineering. There is a lots of confusion mostly because of information avalanche and multiple interpretations, so I walked the audience phase by phase explaining proper technique to each phase, possible outcomes, lessons learned from actual engagements and some funny stories from trenches - it is important to have fun, since security is most boring thing in the world.
That was fun, for me at least. I got some nice feedback like "You presented dry topic [security] in very funny way - I enjoyed it very much and it was very informative", "I always thought security is a boring thing - your presentation was very entertaining and with clear messages".
It was actually my first time in the UK and I learned a lot about famous English sense of humor - it was everywhere. I learned that UK is very expensive.
Thank you Graham and James for the opportunity! Looking forward to work with you soon.
Comments
- Anonymous
April 19, 2007
You are the man Alik! - Anonymous
May 05, 2007
This post is inspired by Dave Ladd's Security Education v. Security Training My favorite quote is "We