I’ve sat in on too many presentations lately. After a couple of them, you start to think “Hey, I can do way better than that!” And so I’ve been collecting my thoughts to get some presentations down and rehearsed.
Anyway, some sample topics I’ve thought up, hope you like them:
Security curmudgeon 101: It all starts with electric shock and goes downhill rapidly
Contractors Never Go for Broke: how I learned to stop fearing unclear guidance and made a ton of moolah in the process
Who Moved My InfoSec Cheese: What to do when the great big SOX cow in the sky dries up
Leadership Secrets of Attila the CISO: throwing dead bodies and the problem does create a solution!
$Racial_Slur in the Wire: why your perimeter is massive pwnage once they get past it
The “S” in “SIEM” stands for “Suck”: learning how to deal with the limitations of security tools
Lessons from Language School: how I embraced the language and culture of our sworn enemies so that we could more effectively kill them in a bout of mutually assured destruction and why it seems so quaint in the new millenium
DAM Solutions: more than just the punch-line to analyst jokes
Data Reduction for Dummies: since the classification follows the data, if we get rid of it all, we don’t need to secure it
Physical and Environmental Protection for Packet Monkeys: learning why there’s a big red button on the wall of the data center next to the switches and what really happens when you push it
And, lo and behold, I am available to speak, always have been. If you like an idea that I’ve put out there, put 3 squirrels on a park bench and I’ll give them a presentation.
OK, I saw this really cool widget on a blog somewhere. It tests the literacy level of your blog and tells you at what level you write. Sure, OK, I’ll bite. Bloggers love bling, dontcha know?
Fortunately for anybody who has eyes, the code that the site gives you to put the widget on your blog contains a SEO-spamming link. Oh joy, it’s easily removable if you’re halfway knowledgeable. But you still can use the textbox to feed urls to the machine.
Anyway, in the interest of science and all things egotastical, I submitted some sample security blogs and was highly surprised at some of the results. My rundown on how particular sites rate:
Now if I check out Amrit’s blog tomorrow and he’s got a genius sticker displayed prominently on his site, I’ll take the blame and rage from the blogosphere. It’s only fitting.
To be honest, I’m surprised I didn’t come in at the preschool level, what with my lowbrow sense of humor and all. =)
I spent the last couple of weeks working on a proposal. It was the best of times, it was the worst of times. Hell, I don’t even know if the thing will even get read this year.
Anyway, on to the rants, that’s why you’re all here anyway. =)
#1 Don’t sell methodology. As a customer receiving a proposal, what I think when I get your methodology is that you don’t know my pain points enough to know how you can help me, so you give me a generic, templated proposal. As a contractor making the proposal, when I see that our proposal doesn’t have any real content, I wonder if we know the customer enough to actually pitch and win a deal.
#2 Small proposals are better as long as they’re relevant and answer what the RFP calls for. Don’t be afraid to chop out boilerplate-esque sections of the proposal.
#3 The Government wants way too much stuff in a proposal. It makes life refreshing and tasty when you cycle yourself back out into the private sector.
#4 Rybolov’s simple proposal format, blatantly lifted from the military:
Situation and Mission: what problem does the Client have? Demonstrate that you understand what they’re asking for.
Execution: This is what we’re trying to make the solution. More here is better as long as it avoids being “fluffy”.
Service and Support: Assumptions, what we need to do the job.
Command and Control: What our management plan is, who our people are, and what our qualifications are.
#1: How does a company/organization convert from doing compliance management to doing true risk management? I think it’s the difference between being good and being great. There are a couple of non-IT models that we can look at: Emergency Room care transitioning into long-term care being a good one.
#2: Compare and contrast the metrics that are collected as part of the annual FISMA reports with the major initiatives that we have on the table. They don’t add up.
OK, I think it’s time to go fish this weekend, I’m having dreams about LoB initiatives. Mini-me says I need to do something non-IT/security/$foo for the 8 hours of the day that I’m NOT working.
OK, so I bought an Outcast Fish Cat 10 IR pontoon boat last week. The killer was that I was still too sick on Saturday to take it out, so it’s been sitting fully assembled in my living room for over a week now.
But I need a name for this beast so that I can christen it with champagne. I’m opening name suggestions up to the Internet as a whole.
Well folks, unlike Hermey here, I have not decided that I want to be a dentist. However, after 5 years (including my “vacation” to “someplace sunny”), I am changing jobs. Today was my last day with $FooCorp1 and Monday will be my first day at $FooCorp2. =)
Seriously, though… the labor market for contractors inside the DC beltway is such that most companies do not promote from within (full disclosure: I’ve gotten more than my share of internal promotions), so the only way to really get ahead is through moving to a different company.
I’m going to go work with a dozen guys that I’ve worked with before and that I trust. That’s enough for me to jump ship.
Posts RSS
Subscribe via Email
5 Comments »