Have you ever attended a security conference (or any conference for that matter) and thought about giving a presentation yourself, but don't know where to start? Well, I am here to help! This blog post will guide you through the process of applying for a conference, writing the talk, and what to do when you get to the conference.

Application Process

Finding a conference that you are interested in speaking at is the first step on the road to your first talk. For me personally, my first presentation was at a conference I had attended multiple times over the years, and I knew I would be “comfortable” presenting there. Once you have found a conference that you may want to submit a talk to, you should take a look at some of the previous year’s talks to see what other topics have been presented. This helps give you a baseline of what might be a good topic to present and what type of audience will be attending.

Most conferences will want you to have a topic picked out when you submit a call for papers (CFP), unless you are being asked to present, then that may come at a later date. When picking a topic, you will want to pick something you are knowledgeable about and can speak confidently to. For example, I am a Mobile Application Penetration Tester; my talks are mostly about getting started in that field, so I would not feel comfortable presenting on being a Blue Team expert. Now this does not mean you can’t find a topic, learn it, and present on it, but this might make things more difficult than they need to be.

Once you have identified a topic, submit it to a CFP. The example below is from GrrCON Security Conference.

This conference’s CFPs page shows that they are actively accepting submissions. If the conference was not accepting submissions, you would see something similar to the CFP page below.

When filling out a CFP, you need to be prepared to answer questions about you and your talk.

• Presentation Time
  • The conference will ask you what time frame the talk will be. This is a key part of the conference talk process. You will need to know if you can produce enough content to fill 25-50 minutes. My talks run about 25 minutes, but I could potentially add more content to make it longer if I was offered a 60-minute session.
• Presentation Title
  • The title is what is going to attract the audience, so it needs to be eye-grabbing.
• Presentation Abstract
  • The abstract is where you describe your talk and what content the audience will get out of it.
• Speaker Bio
  • Speaker bio this is the part where you get to talk about yourself. This portion can be utilized to tell the audience your experience and sell why they would want to see your talk.

Examples:

• Speaker's Bio
  • Whitney Phillips is a Security Consultant at TrustedSec, an information security consulting company based out of Ohio. Whitney has 12 years of experience in information security and IT ranging from support tech, Blue, Purple and Red team engagement. Her primary focus now is Mobile and Web Application Penetration Testing. Whitney has a Bachelor of Information Security and Part 107 Drone PilotCertification. In her spare time, she volunteers for the Michigan Cyber Civilian Corps MiC3.Whitney has presented at: DEFCon, GrrCon Security Conference CypherCon, Day of Shecurity, TrustedSec Podcast and Breaking into Cyber Security Podcast.
• Title of Presentation - Could be more eye catching.
  • Mobile Application Penetration Testing
• Abstract
  • In this talk, I will introduce how to test mobile applications from an attacker's perspective. I will show different rooting and jail breaking software for both Android and iOS that I have had personal experience with and ways to obtain both Android APKs and iOS IPAs. I will finish the talk by going over various tools used to perform testing. This talk will have references to the tools I use and examples. These tools will range from static analysis of the application, reverse engineering, and different ways to bypass jailbreak and root detection. This talk is a high-level overview and way to get started in mobile testing. I have been a mobile tester for 6 years now and have watched it grow tremendously. I have given this talk at DEF CON, GrrCon, and CypherCon and I am adding and updating as I go.

After the CFP has been submitted, you will have to wait for the conference’s decision. Some conferences may provide details as to when the CFP is closed and when acceptance notices are sent out.

If your talk has been accepted, you will need to formally accept the invitation and may need to submit a photo for your speaker bio.

Creating the Presentation

A large part of the presentation is the content that is being delivered. Visual aids like slide decks are a good way to enhance your verbal message. When writing a slide deck there are a few items to consider.

• Your slide deck should be visually appealing without being overwhelming.
• Use graphics and memes.
• Use short bullet points to convey key information.
• Avoid ‘death by power point’ (slides that are just endless bullet points)

The start of your presentation should consist of a title slide with your name. It could look something like the picture shown below.

Next, you should have an about me slide, which is one of the most important parts of the presentation. Why? This is your chance to tell the crowd about you, your expertise, and makes for a perfect segue into your topic.

You can see my last role was as a Mobile Application Penetration Tester, and I use that to transition into my talk. I also use this time to collect my thoughts. When you are up on stage, you may have a brief moment where you forget why you are there in the first place. Talking about yourself and then the topic you know most about helps course correct and gets you on your way. Another way to break the ice or slow down time in your talk is to add some memes. Memes go a long way in security conferences, but also help you slow down when presenting. It gives you a moment to gather your thoughts before moving on to the next topic.

This slide was used in my last presentation at DEFCON. I was asked to talk about Augmented Reality, which was a completely new topic for me at the time, and I needed to add a mobile security spin onto it. I used this slide to explain how this talk came about, and described how I felt a little out of my element at first like Big Bird.

Now that we have a beginning established, we want to move on to content. When I am building out my slide deck, I write down slide titles I want to cover and from there am able to take those individual titles and build content around it. My slides tend to be more photos of the topic I am presenting on versus several pages of bullet points.

Below is an example of a topic I am very familiar with. As you can see, the slide itself has reference information to the tool and a picture of what its logo looks like. After that, it is up to me to explain the information and keep the audience interested. Keep in mind the font for these slides should be big so the crowd needs to be able to see it from the back of the room (For example, 48 point font).

This is an example of a slide where I wasn’t comfortable with the content, so I added extra bullet points as reminders. Anybody can read slides and bullet points, so it’s your job as the presenter to get the crowd interested in what you have to say.

Title slides are great way to give yourself a break during your presentation while also helping you collect your thoughts for the next topic.

Other items to consider when creating slides are screenshots. The photo below shows a screenshot that could be better. While it does show the command in use, is hard to see and will not be any clearer on a bigger screen. Make it a goal to ensure the text of a screen capture will be legible from the back of the room.

You may even want to incorporate the command in text format as well on separate slide for a reader to copy down the content easily.

One final item to note on technical slides if you are doing a live demonstration practice this ahead of time. Test the demo on the Internet at the conference. If you are using the conference Internet at hacker conference, be aware that it may not be secure. The “demo gods” are not forgiving and sometimes these don’t work as they should. For these reasons prerecording your “live demo” will help you ensure it will work at the time of presentation and take away from presenting in front of an entire crowd. Recorded demos can be paused and explained throughout the talk and you are not left fumbling through your demo. 

The final slides that you should include are Questions and Contact pages. This allows the audience to ask questions about your talk, and if they want to request a copy of the slide deck, then they know where to reach you. Be aware of what information is placed on the contact page. These slide decks may be available on the Internet, so limit the amount of personal information and only give out contact information that you feel comfortable with.

After the slide deck has been completed, the next step is to run through the content to see if the information makes sense. Proofreading and peer review of the content will help ensure that mistakes will be fixed before the presentation. Once you have a completed slide deck, I highly recommend practicing the presentation. I would suggest doing a presentation to your friends, or perhaps a lunch and learn at work. This will help with speech and timing of the presentation. You may find that you present faster in public than what you do at home. I’ve had 30 minutes of content at home, and once I stepped in front of a crowd, it tuned into 15. I believe it’s the combination of nerves and making sure you will get through your content within the time frame.

Conference Time

The day of the conference can be exciting, but you may also be nervous. Here are some steps I take when presenting that may help you with your first presentation.

Before the Presentation:

• Make sure that the laptop you are using will play the slide show.
• Make back-ups of the presentation on USB sticks; also email it yourself.
• Once at the conference find out where you will be presenting.
  • Check the laptop connections prior to your talk to make sure your device is compatible. There is nothing more stressful than two minutes before you are about to present and random equipment constraints pop-up.
• Sit in on the presentation before so you are on time and can get a feel for the room.

At the Start and During the Presentation:

• If you have the option of a lapel mic or handheld, I go for lapel mic, so I do not need to focus on where my mic is positioned.
• I try to focus on looking to the back of the room versus just one person; it makes it feel like people are not looking at you.
• Your “about me” speech will get you through the first five minutes, and this part of the presentation helps make the rest run smoothly.
• Finally, make sure to take short breaks and check your time; it is okay to take a few seconds to collect your thoughts.
• Once you get comfortable with presenting, the next time you can crack a joke and get the audience involved. I always like to ask who has been to the conference, it helps kill time and break the ice.
• Once you have reached the end of your talk, ask the audience if they have any questions, and be prepared to answer some after the talk for people who do not want to ask in front of a crowd.

I hope this blog will help anyone wanting to create their first conference talk. These tips and tricks are just from my personal experiences and what has worked for me. You will continue to find new tricks once you have accomplished your first talk.