Community

General discussion

Locked

I'm in between a rock and a hard place - can I have some help, please?

By gadgetgirl ·
By way of explanation, a bit of background?..

I was opted onto a group formed within the IT department and given the remit of improving departmental communications. For our sins, we came up with having a bi-monthly team luncheon to catch up with what each of the teams is currently undertaking, which projects are due/completed etc.

This started ok, with the department head giving a talk on the strategy of the ICT department, an update on the National picture, and its associated projects. The Information Management team then did a 10 minute presentation on their part of things, I did 10 minutes on the National Smart Card system, then we had a knowledge quiz after lunch.

Then the bombshell was dropped as to the next few ?ICT Luncheon Sessions?. Each team takes a turn for the next couple of meetings, and presents something FOR TWO AND A HALF FLIPPIN? HOURS on their topic. The parting shot is that whilst all other sessions will be run by teams of at least 6 people, I?m in the unfortunate position of being in a team of one. Me. That?s it, that?s all, just me. And security is one helluva topic to try and make interesting to an IT Department full of techies who already know about security???

So, guys, I need help. I have no problem giving presentations, doing induction sessions etc., and I?m not at all bothered about standing and talking in front of people, with or without making a fool of myself (I have tripped over so many specs of dust on a stage you wouldn?t believe it)

What do I do to fill 2.5 hours? It wouldn?t be as bad if I could give the general Information Security talk, but as these guys hear it twice a year from me anyway, there is absolutely no point, and I think they?d hang me out to dry if I did it again.

How, after I?ve filled those 2.5 hours, do I do a knowledge check on them, without doing a quiz?

I have around six weeks to the Luncheon date; the reason I?m starting now is that I know, because I do incident investigation, that I could be pulled off this particular project at any time, to take control of the response team.

So ? any ideas, silly security stories, powerpoint shows more than gratefully received. I really am at my wits end as to how to fill this void in time.

I know you?ll help if you can, so in advance of all the support I just know I?ll get from here, have a small but meaningful present from me, by clicking on this link?..

http://tinyurl.com/rtv8p


Many, many thanks in advance

GG

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

E-Mail Etiquette

by jbarnes In reply to Change Step, Shock em

I don't have time to read through all 44 replies, so if you've already gotten this one, you can ignore.

Since these are techies, they're probably really awful at writing coherent communications. Why not a seminar on Best Practices for Composing E-Mail Messages? You can start off by going over when and WHEN NOT to use e-mail. Remind them that using the phone or walking to someone's cube is still a valid form of communication. Follow that with a discussion on writing good, clean, targeted, coherent messages.

Contact me if you want some specifics.

Collapse -

amcol is right

by M_a_r_k In reply to I'm in between a rock and ...

Don't try to fill 2 1/2 hours. Instead, give them 2 1/2 hours worth of information. A really good presentation can do that in LESS than 2 1/2 hours. You have a few weeks before D-Day. Do a lot of research on the Internet. People like to hear real-world stories. IT security and hacking/cracking/sleuthing are pretty cool subjects if you can give them stories about how some hackers operate and how they can get caught.

Another thought, even though your audience is supposed to be IT-savvy, you should still start the presentation off with a few basics just so everyone is on the same page. Every book needs an opening chapter to introduce the topic and tell the reader what to expect. A presentation is no different.

Collapse -

sounds good

by Kiltie In reply to amcol is right

I agree with amcol and mark too, make "Quality" rather than "Quantity" the priority.

Check with management before hand, they are human too, and probably don't relish the idea of sitting down for two and a half hours for this.

Management will LOVE the idea that you saved the company 60 to 90 mins of company time to get their workforce back into productivity sooner.

It's also a good idea to research the internet on a few scare stories about security, that will give you a base on which to put your presentation gadgetgirl.

glgl and I hope all goes well, let us know what happens please?

Collapse -

Some Ideas

by jdmercha In reply to I'm in between a rock and ...

First off I'd try to reverse the order of things. Since they think they are up on security mattters, give them a test first. Then go over the answers as your presentation.

Do you have statistics on security events? Use those statistics to frame questions. Questions like; What is the most common attack we see on our metwork?, How many machines on the network are not fully patched?

I bet the FBI would love to come in and give your talk for you.

How about including legal responsibility? If you find child porn on a PC are you legally obligated to report it to the authorities? If customer data has been exposed, what are the legal ramifications?

Collapse -

Some quick and random thoughts

by maxwell edison In reply to I'm in between a rock and ...

Bring in an outside speaker for part of the presentation.

Do a round-table, and ask for comments and concerns from the audience.

Check the SANS institute Web site for some ideas.

SANS even offers Webcasts that you could show.

Ask the "powers that be", what's the point?

Show a video of Old Yeller. They'll never ask you to present again.

Collapse -

Horseshack screams ohhhhhhh!! Ohhhhhh!

by jkaras In reply to I'm in between a rock and ...

Wow, sorry about your luck. If I were you I would try these.

If you can have a working training room have a hands on workshop demo. Have them set permissions to a dummy server for true understanding. Or have a nice power point demo with great screen shots, then have a Jeopardy contest on the material covered. Get creative with the questions complete with a silly noise maker to chime in. Of course it will be teams. You could have either bragging rights or some cheap trinkets if management will sponsor. The good thing about the game is that people will have fun and pay closer attention to what was covered. It will also display who payed attention and who didnt.

Basically I support interactive methods to not only pass the time but make something boring fun. Who knows, it may be a hit with management that will garner a budget for prizes?

Collapse -

The brain can absorb only as much as the seat can endure.

by sleepin'dawg In reply to I'm in between a rock and ...

2 1/2 hours is quite a long time for a presentation on any topic, short of presenting a scheme for world domination. I am assuming here that this 2 1/2 hour fiasco is to happen after lunch because there is absolutely no point in trying to present anything while people are going to be concentrating on eating and will only resent any intrusions on those processes.

First thing I would do in your place, is send out a small one page questionaire, asking questions about what people would like or need to know more about security. Make the questions multiple choice (3-4 choices, 3 being optimal) and circulate it by Email. Demand, not request but still, be polite, a response within 48 hours. Try limiting the questions to six with ten being the maximum. At the end ask for any additional comments but tell them to keep it under 25 words or less.

Ask too many questions and you risk people making demands you may be illequipped to handle, ask too few and people won't take it seriously enough to reply.

Don't bother waiting for any replys; you won't really need them. However, print out the ones you do receive; I'll tell you why in a moment.

Now do a quick inventory of all the products you use inyour security function and get on to the suppliers and publishers and ask them to send you all the information available on the various products, what they do , how they do it and why they do it. If you are using products you don't like and think there are better options available get information on those options and make a case on why it would be more efficient to switch. You might get any immediate benefit from this but you may plant a few seeds that just might germinate further down the road. If nothing else you will have proven that your on top of things as far as security is concerned. While you are talking to the suppliers it might help if they have case studies on hand, which have been sanitized for distribution to their clients.

Once you have assembled all the information you need, put together a presentation c/w lighting effects, voice over and background music. Make sure it doesn't run less than 50 minutes but no more than 55 minutes. At this point suggest a 15 minute break for refreshments, rest room etc. I say call for a 15 minute break but in reality, it will run out to 20 minutes. Lets face it, there is only so much you can say at these things because your audience is to broad based. Your topic is only going to be interesting to a select few, the rest will only be going through the motions and pretending interest. The object here is not so much to fill the time with quality information as it is to get through the time without anyone falling asleep on you. You are talking to a bunch of techs who, if they don't already know your information, think that they do. the more important thing for you is not to bore them but to entertain them like just so many ADDs children. Getting them on their feet and letting them move around will keep them awake and appreciative.

It is important to start your presentation as close to the hour mark as possible. When you call for a break at the 55 minute mark, people will figure they won't have to return until the quarter after mark. Right there you've killed off 20 minutes from the 2 1/2 hours and people will actually be more grateful to you than critical of you for cutting the time short. Now it's time to turn your audience into the presenters of your presentation. If you want to know how to do that pm me. BTW making presentations for clients is one of the various things my company does and we do it for varied audiences, in assorted languages and on many diverse topics.

Dawg ]:)

Collapse -

Some thoughts

by AV . In reply to I'm in between a rock and ...

2 1/2 hours is a long time for a presentation, so I would depend on video, webcasts, music and humor.

You could develop a main theme like a "rogues gallery" of security offenders from Kevin Mitnick to Judy the accounting clerk that shows why security is necessary and sometimes defeated.

Or, maybe you could show security gone awry in the future with a theme like the Tom Cruise movie "Minority Report."

Use lots of video and sound bytes that will emphasize your point and keep people interested. Everyone from Bush to Jon Stewart to SNL.

It really doesn't seem fair that you have to do this by yourself. What a test. Creating a presentation takes alot of time. Good luck.

Collapse -

Some ideas

by tony In reply to I'm in between a rock and ...

Somewhere on the web is a test to see how well you can recognise "phishing" sites - this is really good, as there is a Citibank one that is genuine and really does look like the fake ones.

You could probably use a few of these to get things going - maybe you have some of your own.

A good book that will give you some really great examples and background is "Security Engineering" by Ross Anderson ISBN 0-471-38922-6. Ross also has a web site at www.ross-anderson.com. A serach on him will also quickly show you that he is a strong privacy advocate.

Another related topic is the recent root kit issue.

Many of these are the inter-relationship between security, traceability and privacy.

If you want to see where things might be going, try looking at initiatives being launched and supported by the European Commission.

I am guessing that from the size of your department that you are in a fairly large company, in which case, there is also a good chance that the company works internationally.

Having been the "rapporteur" for some EC sponsored workshops recently in this area, I can tell you that it is a fertile ground and one that can cause some interesting debate.

You can also think up some "straw poll" questions that you can use from time to time to liven up and change the pace e.g. before starting on privacy, ask for a hands up on who thinks it is an issue. After presentations and debate, ask the question again. If your company does business in Europe it may soon have to be an issue as it is in the European Constitution, which will evetually be ratified.

If you want more on this, then email me privately.

Collapse -

Ideas site

by TheAdmin In reply to I'm in between a rock and ...

Hello Gadgetgirl,

On http://www.packet-level.com/ you might find some pdf, ppt and articels on subject to take for your presentations....
Take a look at the downloads section !
For instance http://www.packet-level.com/archives/archives10.htm

Good luck and watch out for the dust :-)

Related Discussions

Related Forums