Skip to content ↓ | Skip to navigation ↓

Just a few more weeks until Security BSides Las Vegas, and our series highlighting a handful of the conference’s sessions have been very well received.

The first we covered a session about a Windows web server tool called OMENS, followed by a review of Fun with WebSockets Using Socket Puppet and a session on open source penetration testing and forensics.

Last week we looked at a session on Vulnerabilities in Application Whitelisting which examines how malware can manipulate application certificates and use file system filter drivers to defeat application whitelisting defenses.

Key to the success of these presentations and how well they will be received by the attendees at BSidesLV will rest with the session presenters’ ability to effectively communicate the subject matter in a clear and concise manner.

BSidesLVAnd if fellow session leader Keli Hay (@kelihay) had her way, they would also be free of excessive verbiage devised for elucidating obfuscated intelligence – or as Hay puts it, “five-dollar words and extra fluffy crap.”

Hay’s session, titled Never Mind Your Diet, Cut the Crap From Your Vocabulary, will outline how security professionals can more clearly articulate their ideas if they resist the urge to overwhelm their audience with copious oodles of sesquipedalians.

“When people communicate they forget or do not realize that fewer words and more precise wording is more valuable than big and extra words. Too often people add unnecessary or large words in the attempt to sound more intelligent,” said Hay, a course developer, technical writer, and certified technical trainer with over 13 years experience in information technology who has worked with numerous Fortune 500 companies around the world.

Hay also co-authored the Nokia Firewall, VPN, and IPSO Configuration Guide and lent her technical editing expertise to the authors of the OSSEC Host-based Intrusion Detection Guide.

Hay knows a lot about effective communication and the pitfalls of overly-pedantic and ostentatious articulations which may not easily translate to an audience, resulting in the communicator’s intended message being completely lost.

“Unfortunately, people alienate themselves by making the respondents feel stupid,” Hay said. “If the writer or presenter comes across as arrogant, they lose credibility because the respondents perceive the use of big words as camouflage to hide a lack of actual knowledge.”

Hay says she has seen time and again the fallout from poorly architected presentation, and many times the derision is played out in a very public manner via social media platforms liek Twitter, a favorite soapbox for the information security field.

“If there is one thing that social media is good for, it is slamming people for saying or doing something wrong,” Hay said. “By simply re-examining a presentation or speech for simple and clear phrasing, social media criticisms can be reduced.”

Hay says that of the presentations she has attended, whether or not they are live or streamed, nothing frustrates her more than speakers substituting simple terminology for the more complicated.

“When presenters start sounding ‘fluffy’ I am not hearing what they are trying to say due to the extra ‘crap’ in their verbiage – I often scan the audience and check my Twitter feed to gauge reactions,” Hay explained. “I have witnessed lots of eye rolling and sighs during long-winded presentations, and I probably shouldn’t quote some of the tweets I have read.”

Hay says that when it comes to training people, leaders need to realize that not only are precise and measurable goals and objectives extremely important, they need to let the learners know exactly what they will be taught in order to define and properly scope the success of a training session.

As a technical writer and course developer, Hay has reviewed a variety of expert-provided content, and while she says some of it has been good, more often than not it typically lacks much needed focus and clarity.

Hay said her presentation is designed for anyone who speaks at conferences, conducts trainings, or writes reports – but it is also important to users of social media and for developers responsible for coding effective error messages.

“Outside of presenting, documenting and training, social media character limits should force people to be precise in what they say, not encourage them to write out thoughts across three or more messages,” Hay said. “And how is an error message telling someone that the keyboard cannot be found, but to continue they must press the F1 key in any way effective?”

Hay said she hopes the presentation will encourage people to take the time to re-evaluate what they say and write, and that they will see a noticeable improvement in audience-focused content.

“If people want to be successful in their communication with others, they need to clean up the crap in their output,” she asserted.

Agreed, and hopefully Hay will be ever so kind in her evaluation of this eight-hundred plus word writeup on her thirty-minute presentation to encourage brevity…


P.S. Have you met John Powers, supernatural CISO?


Title image courtesy of ShutterStock