5 ways to inspire response, cause impact and break molds
Post on 08-Apr-2018
217 Views
Preview:
TRANSCRIPT
-
8/7/2019 5 ways to inspire response, cause impact and break molds
1/11
5 ways to inspire response,cause impact, create changeO This is all done through attack modeling
-
8/7/2019 5 ways to inspire response, cause impact and break molds
2/11
Intro slidesO #2 Give the audience something to call/reference me. First
name only to set informality
O #3 Personal pix that are funny/candid to show I am a real
person and create sameness that we all have a private lifeoutside of the cons
O #4-5 Credentials: a tounge n cheek hit on all the years we haveboasted our own credentials to essentially tell the audience this is why you should listen to me Why blank? To plainly statethat no matter what there is no reason to listen. You will only
listen if it interests you and I want that option to be ok andavailable. Too often we dont ask questions in a speechbecause the speakers creds outweigh that of our own. So,when we dont agree we tend to keep our mouth shut for fearthat we are not the expert and therefore wrong. This leads to aweird air that you may feel sometime where the audience looks
almost ashamed in itself. They make the meaning that if theydont agree with the expert..THEY are the dumb ones and endup almost scolding themselves. Silly, but we all do it. So mine was blank to try and remove that.
-
8/7/2019 5 ways to inspire response, cause impact and break molds
3/11
Slide 6O Deck TOC without the shock value. This was made to set the
undercurrent.
O Shell doesnt matter to highlight the connection to OUR needs vs
their.
O What do they care about? To let the listeners knowthey MUST find
out! This was something for the audience to think about during the
shocking parts as a way to roll it back to the our vs. their needs
O Top 5. a silly hook used because people in this industry IMHO have an
affinity towards lists/rankings/hirearchy and ease of use. 5 seemedlike a common list #.
O Born from fire: Foreshadow of the takeaway. My job in the preso will
be to mentally, emotionally, physically engage people through shock
and brutal honesty. The use of profanity, lewd pictures and provocative
therapy techniques in speech should light up the audience andhopefully some of them will be reborn with a new understanding of
the job ahead and a new mindset of how to overcome the norm. the
more abnormal I can be, the further they will believe normal
extends..thuscausing progress
-
8/7/2019 5 ways to inspire response, cause impact and break molds
4/11
Slide 7-8O 1st touchpoint of shock. Early on, I said that I would swear (use foul
inappropriate language/terms), and act american and boast, and
push them. Here is visual proof that I am Willing to be honest with the
audience. I am also willing to be casual. To skip the politicallycorrect filters that often cause us to lose a point in translation
O On the other hand, this is the first chance to test the members of the
audience that may already not be willing to take a presentation that
had a forced sensationalism. We will later exaggerate these points to
try and find boundaries.O Eye candy for those that are READY to tackle the subject
O A statement to those that may be on the fence. No one cares about
YOUR findings. I want them to throw away SELF if they are angry here
that I am attacking them they will be quickly connected in the next
slides with the emotions point.O #8 Rollercoaster effects after all that build from the first shock we
have to calm them down.
-
8/7/2019 5 ways to inspire response, cause impact and break molds
5/11
Slide 7-8O 1st touchpoint of shock. Early on, I said that I would swear (use foul
inappropriate language/terms), and act american and boast, and
push them. Here is visual proof that I am Willing to be honest with the
audience. I am also willing to be casual. To skip the politicallycorrect filters that often cause us to lose a point in translation
O On the other hand, this is the first chance to test the members of the
audience that may already not be willing to take a presentation that
had a forced sensationalism. We will later exaggerate these points to
try and find boundaries.O Eye candy for those that are READY to tackle the subject
O A statement to those that may be on the fence. No one cares about
YOUR findings. I want them to throw away SELF if they are angry here
that I am attacking them they will be quickly connected in the next
slides with the emotions point.O #8 Rollercoaster effects after all that build from the first shock we
have to calm them down.
-
8/7/2019 5 ways to inspire response, cause impact and break molds
6/11
Slide 9-10O #9 Ahh yes what they are used to seeing at cons. Shell, scripting, victory
conditions, root.,hashesetc
O This builds hope for the preso to go the path of the norm and fall back to
what we have done as an industry that has put us in this defunct spot in
the first place.
O Conversation here is about the way we are self serving.We look at the
results and we show off what makes up feel important, empowered, and
almost godlike
O #10 Godlike but only to US. This slide is no only HYSTERICAL (to me)
but proves a large point. By being self serving, all we are doing is strokingour own ego. We are ignoring the needs of our customers and using shell
to compensate for our lack of true understanding of why they REALLY hired
us.
O Under the surface there is another meaning I got from it. It may be a
shocking and inappropriate figure but hell it took a signifigant amountof skill to get there. To me, the same elite skill we use to get the shells in
the first place. If a sysadmin feels slapped in the face and their pride
broken from your shell.. Imagine how the audience will feel then they are
forced to stare at a huge phallic symbol that is NOT ACCEPTABLE in their
world.?
-
8/7/2019 5 ways to inspire response, cause impact and break molds
7/11
Slide 11-14O #11 I love happy bunny. Classic Freudian humor stuffNothing is funnier
to me than the truth. Happy bunny is an example of those internal
monologs we all have but refuse to let out out of respect, kindness,
upbringing etc. But when we hear someone else say it for us. It is
relieving and gives us sameness. The execs that w feel act like robots,have the same firey emotions we do.
O #12 DO is red to emphasize that we need to DO something about this. This
should be a point where the birth of ok.. I can hear that we being self
serving and not eliciting the right response to our work..WHAT DO WE
DO?O #13 product line: Start the challenge. These are things that are obvious. It
is obvious that a product company cares about its products so the
question is posed why dont we (audience)?
O #14 The brand. Many techs may not realize that in most cases the brand is
the real special sauce of the company. People dont spend 100,000 on a
suit because its cotton it is because the designer on the label. That
name stands for a slew of indicators of quality. A car is a car but a kia is
not a bugatti.
-
8/7/2019 5 ways to inspire response, cause impact and break molds
8/11
Slide 15-16O #15 the employees: often times infosec paints the users as insignifigant
aspects that are just a risk to the business. Constantly making fun of the
fact that they are stupid,patchlessetc. they forget.. That in concert with
the brand and productthey ARE the business.
O #16 The bottom line: said in business speak. Hackers keep with this show me the money theme like we are loud mouth football players in jerry
mcguire. We need to get them out of this wannabe ghetto talk and start
realizing that they are part of an operational business unit, created and
alive to support the business and its growth over time. We should not just
sit around and show off how cool we are or how much we can getinto. WE are the troops on the groundthe guardians at the gatethe
strategists and the fighters. We must get away from this egocentric view of
profit and begin to realize the true goal of business is to fortify growth and
all may prosper. If we continue to view $ as an object to TAKE and not an
object to protectwe will work ourselves out of a job and potentially an
industry.O 11-15 were also another relax from the shock.
-
8/7/2019 5 ways to inspire response, cause impact and break molds
9/11
Slide 17-23O #17 get ready for HOW to connect to the execs. The how will likely be lost
because people will be in the coaster mode but should be able to create
a connection once the shock rock wears off
O #18 the pic was on purpose. Mostly geared at arousal in men and stoking
the feminism fight instinct in women. I love these types of emotionalresponses because from a base perspective LOVE and HATE are INTENSE
emotions. So much so that they are wildly similar in most aspects in how
your mind and body respond. This is the last sharp jolt in the rollercoaster
ride before the big drop. Oh and to further shake the hornets nest.. The
text essentially is to say shut up DONT be emotional. ** I wanna shakethe soda bottle, so that when it pops, it totally explodes*
O Trek, similarity, hackspeak the coasting used to address the emotion
and get the audience ready for the slow boring climbto the big drop off.
Also, the straight away goal is to say stop talking like YOU and START
talking like THEM. Stop trying to say the same thing over and over do
research get inside of their mind and posture. Start to think like them.Try to BE them in the business and identify if there is a way to pitch your
comments and make them into thinks that EVERYONE can understand
not just other hackers or whatever you call yourself researcher , auditor,
infosec professional, or just general liabilities
-
8/7/2019 5 ways to inspire response, cause impact and break molds
10/11
Slide 20-23O #20 bombardment of DO WORK. Its all over the slides, but u will hear/see
it more and more.I think we do work today that is for us. Then cry as a
martyr when we have to do more or redo work to make it fit customers
O #21 All chatter aside, we need to figure out some basics. The first What
is important. In order to go through the exercise to determine what isimportant in a customized way to the companies we are working for, we
need to figure out some standards of what is important overall. I wanted to
use the basic data classification model for a reference point. This states
some basic levels of data criticality but also implies that a specific level of
protection would be implemented on each level.O #22 but how do these levels get made and applied. How do we decide that
one secret is ore or less important than the others? How do we know
that we wont suffer the same catastrophic loss from public data? This
has been a common issue of ranking and weighting over time and begins
my posit on how to solve or fine tune the opinion process.
O #23 now so we dont have to use too many vectors to weight our
response, defense, and offensive target acquisition on.. We need to make
it into 1 score. 1 way to say, this will hurt a company if attacked..and how
bad. Also a way to say this is what to protect first instead of the losing
protect all strategy
-
8/7/2019 5 ways to inspire response, cause impact and break molds
11/11
Slide 24-28O #20 bombardment of DO WORK. Its all over the slides, but u will hear/see
it more and more.I think we do work today that is for us. Then cry as a
martyr when we have to do more or redo work to make it fit customers
O #21 All chatter aside, we need to figure out some basics. The first What
is important. In order to go through the exercise to determine what isimportant in a customized way to the companies we are working for, we
need to figure out some standards of what is important overall. I wanted to
use the basic data classification model for a reference point. This states
some basic levels of data criticality but also implies that a specific level of
protection would be implemented on each level.
O #22 but how do these levels get made and applied. How do we decide that
one secret is ore or less important than the others? How do we know
that we wont suffer the same catastrophic loss from public data? This
has been a common issue of ranking and weighting over time and begins
my posit on how to solve or fine tune the opinion process.
O #23 now so we dont have to use too many vectors to weight our
response, defense, and offensive target acquisition on.. We need to make
it into 1 score. 1 way to say, this will hurt a company if attacked..and how
bad. Also a way to say this is what to protect first instead of the losing
protect all strategy
top related