First Time Speaking at OWASP Tampa

A few weeks ago I submitted a talk for OWASP Tampa Days 2014 and I was selected. The topic I picked to demonstrate was how MVC for .NET can solve some of the problems listed in the OWASP Top 10. Let me be the first to say that I was truly unprepared for what I was about to get into. This was truly an exercise in conciseness. Get the slides here

When choosing my topic I was guided by my friend Rich who suggested I take my knowledge of programming and apply it to security. I am very comfortable programming in .NET and MVC. However, I never applied a formal discipline or regime to my development. I always thought about this and that, but never really put it into words.

After a couple of days reading over the Top 10 and banging out some quick code examples I was ready to start on the presentation. The easy part was making a slide for each of the top 10. The hard part was keeping it brief. I am not brief. At all.

So, I whisked my way through a couple hundred lines of code and about 50 hours of work on the presentation. All in all it went quickly over the following weeks. I felt the beginning of November draw close and I also felt confident that I was ready to go. I rehearsed the presentation a few times, making mental notes, jotting down some sidebar ideas, and genuinely feeling like I had it under control. I started removing some context slides and anecdotal information because it started to get a bit windy.

The night before the meeting I looked back over the presentation and did one final rehearsal on the back porch in 50 degree weather. It felt right. I had my timings down; the demonstrations made sense. I was even able to finish up with about 5 minutes to spare for questions.

Now, here’s the reality of what happened. I make my way over to Tampa and start to enjoy the first talks of the day. I notice there is no Wifi, but that’s all right because I have my hotspot. I start adjusting my screens and font sizes to be shown on the projector. Lunch comes and goes and I’m up at 1 o’clock. I get a little uneasy because I have to use a microphone; not because I don’t like my voice, but because I use my hands all the goddamn time.

I plug in and all seems well, that is, until I had to start talking. I feel that my voice is pitchy and genuinely start to feel nervous. I start remembering all those confidence talks my dad gave me about people are just people. I notice I’m getting a little bit of cotton mouth, but luckily I had some water up there.

Part of my day-to-day is to give classes at work a few times a year, but this time was different. I didn’t have that comfort of being being known and vetted by my work credentials. Everyone was a stranger, save for a couple of folks.

Another fear that came crashing down, was the fact that I only had 45 minutes. I didn’t have the luxury of a 8-hour or even a 4-hour class time. Forty-Five. Minutes. I wasted about 10 minutes introducing myself and describing was MVC was. Thirty-Five. Minutes. And I still had about 14 slides to go. I still can’t use my hands to their full potential.

But, sometime around the 20 minute mark I felt a little bit at ease. I had already thumped the microphone, fumbled a couple of lines in my presentation, and forgot where I put “that one code example.” Squeaked. Had an audible dry mouth moment. All in all, it was a terrifying experience.

Terrifying, challenging, and great. While I have some things to work on (timing, confidence, conciseness, direction, etc.) I know this won’t be the last thing that I decide to deliver a talk on. I already have some other topics I want to present to other groups—B-Sides, for example.

So, if you’re one of the unlucky few who had to sit through me trying to cram what was more likely a code example class rather than a quick talk I’m truly sorry. However, this doesn’t mean you’re completely off the hook. I am taking this petrifying experience and learning from it.