All flash, no substance
The movie Bohemian Rhapsody had plenty of flash and was based on interesting subject matter. Its downfall was that it tried to condense 20 years of a person’s life plus 20 years of a band’s history into roughly 2 hours. Because so much rich content was jammed into limited time, important and interesting details were left out, critical pieces of history had to be altered to make sense in the bigger picture, and the entire thing felt a bit superficial. For me, I tried to use my imagination to fill in the details. A close friend said she liked it but that it felt shallow.
Rather than try to cover every aspect of Mercury’s life and the band’s life, the writers of the movie would have been better off focusing on a few key facets of either the man or the band. It’s a common misconception that to impart valuable information about a subject, the entire story must be told all at once. A large chunk of conference talks take this approach. It’s lovingly called “boiling the ocean.” The urge to impart all of one’s knowledge is understandable; as a speaker, you’re given 20, 30, maybe even 50 minutes to talk about a topic that could easily be a book: Effective Practices for Migrating to the Cloud. Navigating the Cybersecurity Talent Shortage. Implementing Zero Trust in Your Container Environment. These are huge topics, all of them. And it’s not speakers’ faults for feeling like they have to boil the ocean. Very few conferences would accept a talk on “How to Open Your Browser Securely.” A too-narrow focus doesn’t have enough marketing appeal for conference organizers, but there is a happy medium between a grain of sand and the entire ocean.
Hone in on what’s important
All conventional wisdom about how to give a good security talk says to provide 3-5 bulleted learnings for each session. Where lots of people go wrong is thinking that only the conclusion of the talk needs to highlight 3-5 “key points.” They’ll spend 20/30/50 minutes talking about a super-broad subject then try to wrap up with a few, discrete takeaways that were watered down in the context of the talk. The speaker shares too much information in too few minutes. There is plenty of science that shows people can only recall a finite amount of information during any one learning session. Now multiply one conference talk by 2-4 full days! But there is so much information about firewalls/encryption/data governance/being a good CISO!!! It’s true. But maybe save that for a long-form article.
Shoving everything you know about [insert topic] into one talk won’t result in people realizing how smart you are. Instead, your audience will leave feeling like they heard a lot of information, too many words, but can’t necessarily recall the most important aspects of what was presented. They can’t take any one thing back to their office, implement it, and affect a better security program. You’ll have the Bohemian Rhapsody effect: lots of flash and intrigue but no, “I really understand X. I learned something valuable.”
Bohemian Rhapsody was a fun movie, to be sure, but there was more fluff than substance. Personally, I didn’t learn anything about the band or Freddie Mercury that I hadn’t read/couldn’t read. If someone is going to choose your conference talk over another, don’t you owe it to them to deliver impactful content? Next time you’re writing the content for an upcoming presentation, lean in to a finite number of takeaways and write the entire talk around them. For example, one hugely successful talk at my past company’s conference was “Darwinism vs. Forensics.” The idea of the talk was that attackers always leave digital “breadcrumbs,” and they’re generally easy to find with the right tools and techniques. The speaker quickly presented 5-6 cases in which the adversary thought they were being clever and covering their tracks. The speaker then spent the rest of the talk detailing 3 different tool/technique combos he used in each case to uncover court-admissible forensic evidence. With 20+ years of experience and myriad tricks up his sleeve, the speaker could have offered a lot more. Solving these cases definitely required more skill and knowledge. Yet, he chose to focus on 3 tangible actions the audience could follow, and the feedback was unanimously, “The most valuable talk at the event,” “I am going to try this at my company,” “really useful information.” Several people requested an updated version of the talk for the following year.
The takeaway is this: dive deep into a topic and don’t attempt to cover everything in one session. Doing so rarely works anyway. And remember: one presentation isn’t your only chance to impart knowledge. Reel ‘em in with focused details of a subject and they’ll leave wanting more—and feeling satisfied that time at your talk was well spent.