General discussion


I'm in between a rock and a hard place - can I have some help, please?

By gadgetgirl ·
By way of explanation, a bit of background?..

I was opted onto a group formed within the IT department and given the remit of improving departmental communications. For our sins, we came up with having a bi-monthly team luncheon to catch up with what each of the teams is currently undertaking, which projects are due/completed etc.

This started ok, with the department head giving a talk on the strategy of the ICT department, an update on the National picture, and its associated projects. The Information Management team then did a 10 minute presentation on their part of things, I did 10 minutes on the National Smart Card system, then we had a knowledge quiz after lunch.

Then the bombshell was dropped as to the next few ?ICT Luncheon Sessions?. Each team takes a turn for the next couple of meetings, and presents something FOR TWO AND A HALF FLIPPIN? HOURS on their topic. The parting shot is that whilst all other sessions will be run by teams of at least 6 people, I?m in the unfortunate position of being in a team of one. Me. That?s it, that?s all, just me. And security is one helluva topic to try and make interesting to an IT Department full of techies who already know about security???

So, guys, I need help. I have no problem giving presentations, doing induction sessions etc., and I?m not at all bothered about standing and talking in front of people, with or without making a fool of myself (I have tripped over so many specs of dust on a stage you wouldn?t believe it)

What do I do to fill 2.5 hours? It wouldn?t be as bad if I could give the general Information Security talk, but as these guys hear it twice a year from me anyway, there is absolutely no point, and I think they?d hang me out to dry if I did it again.

How, after I?ve filled those 2.5 hours, do I do a knowledge check on them, without doing a quiz?

I have around six weeks to the Luncheon date; the reason I?m starting now is that I know, because I do incident investigation, that I could be pulled off this particular project at any time, to take control of the response team.

So ? any ideas, silly security stories, powerpoint shows more than gratefully received. I really am at my wits end as to how to fill this void in time.

I know you?ll help if you can, so in advance of all the support I just know I?ll get from here, have a small but meaningful present from me, by clicking on this link?..

Many, many thanks in advance


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Hope this will help

by rob mekel In reply to I'm in between a rock and ...

What about a 2 hour presentation by a hacker on your systems (or special test environment). Some workshop equivalent can do wonders. Special if there are some hot shots from top level management this wil bring the security awareness to a high level.

Just peer mail me if you wanna know more.



Collapse -

thanks, but

by gadgetgirl In reply to Hope this will help

these are ground floor techies for the most part, and are well aware of the problems/issues/downfalls of the system we use. I really don't want to go there - yes, I could show them very easily the downfalls of some things in here, but a) they don't have the cash to do anything about it and b) we're about to go into a merger situation anyway, so nothing would be done about it.

Do me a favour, though, Rob - keep thinking!



Collapse -

will do

by rob mekel In reply to thanks, but

And y're welcome.

What about let them heck each others (testnetwork) system. Make a game out of it, but give one of them the best anti spy/spam/hack-software your using or would like to use. Maybe that will catch them, as they are techies they do like the challenge of hacking oneanother.


Collapse -

Understand the poor end user.

by antonyu In reply to thanks, but

Try and get the "propeller heads" to put themeselves in the shoes of poor user. Try and classify the types of users from the big power users down to middle aged mum. (No offence intended) Then get them to try and understand what each type of user may do to cause a security breach.
If they can't empathise with their customers, then they will never come up with a 100% security. Like Chevy Chase said in Caddy Shack to play golf to need to "be the ball"
At least this is open ended discussion type topic. You decide when it is finished.

Collapse -


by david.a.williams In reply to thanks, but

2.5 hour presentation is silly unless your training and offering a certification! No matter who the presentor is holding the audience attention for 2.5 hours is nearly impossible.

Time for a reality check. Tell your boss you only need 1 hour; 40 minute presentation and 20 minute Q&A. If he wants to keep them there longer get a tv and turn on the soap operas.

Collapse -

A thought...

by DugaDugDug In reply to I'm in between a rock and ...

As your audience is, or should be, up on most things regarding security and your workplace, why not ask a few of those people what topic(s) they would like to be presented or hear more about. Any upcoming related policies you could present? How about existing related policies, do they know the ins and outs of each of them?

Collapse -

good thought, Dug

by gadgetgirl In reply to A thought...

I'll have an ask around for some topics.

As for policies - I've spent my first year in here manufacturing 13 of them, so they're all up to date with those (yes, I had to re-do every damn IT related policy in here! and add a few of my own!)

I'll see what I get back when I ask for topics....if anything....

<quivering wreck in corner>


Collapse -

Climb down from the tree

by amcol In reply to I'm in between a rock and ...

You're constraining yourself because you perceive you've been given a inviolable order from above.

The idea is not to fill 2.5 hours, the idea is to impart value and information. If you can do that in one hour and give a bunch of reasonably high priced professionals 90 minutes back they weren't expecting, in my eyes you'd be a hero.

The trick is to come up with a proposed outline for a compelling presentation, one whose value and informational content will be obvious. You have six this in the next week, which shouldn't be too hard, then show your outline to management. Get all the heads nodding at your wisdom and sagacity, and then tell them you'll be able to make the presentation in less than half the alloted time (always leave room for Q&A, which always takes longer than you think). They'll have a hard time saying no to you.

Don't fill time just to meet an artificial goal. Show your initiative and courage by daring to go outside the bounds set for you.

Collapse -

AM is right

by CuteElf In reply to Climb down from the tree

To fill 2.5 hours would take you weeks, as you can already see you're scared of large groups of people/ presentations.

Now if you have something you really truly care about and that you're passionate about, you'll start rambling on and on and blabbing and running your mouth like this and keep going on and on and filling in until you run out of oxygen.

You could do:
Find somethign you think is a weak link within the group, related to security and something you like.....and let them learn.

Find something you want them to buy...and sell it!

What about finding funny anecdotes about security? And rub in what needed to be done during those spots?

What bout having 4 sets of teams compete for soemthing? Break them up and see if they can Hack a Unix box, Filter a VPN and crack the codes?

Do you want to inform them of something new?
Let them play with new-ish toys?
Get across the message they're good but need to improve?

What about doing a practical example of social engineering?
Teams again, and see if they can get the info?

Go over IPv6? bleh.


try this link

Collapse -

Change Step, Shock em

by dawgit In reply to I'm in between a rock and ...

Insead of the same-ole, do something different, really different. Security (& terrorism) is on everyones mind, but no-ones actually thinking about what that really means. Do a presentation on that theme, invite people outside your org. to participate. There are alot of professionals out there more than willing to help you with that with loads of good info. And, you know what? It's all very relevant in our field (think 'Katrina') Just 'What do you do?', 'How do we'?, 'Where'? Ok, you have policies, but what would people do if 'If' happens out-side your door? ---- You'll need more time than a couple hours.

Related Discussions

Related Forums