5 ways to inspire response, cause impact and break molds

8/7/2019 5 ways to inspire response, cause impact and break molds

1/11

5 ways to inspire response,cause impact, create changeO This is all done through attack modeling


2/11

Intro slidesO #2 Give the audience something to call/reference me. First

name only to set informality

O #3 Personal pix that are funny/candid to show I am a real

person and create sameness that we all have a private lifeoutside of the cons

O #4-5 Credentials: a tounge n cheek hit on all the years we haveboasted our own credentials to essentially tell the audience this is why you should listen to me Why blank? To plainly statethat no matter what there is no reason to listen. You will only

listen if it interests you and I want that option to be ok andavailable. Too often we dont ask questions in a speechbecause the speakers creds outweigh that of our own. So,when we dont agree we tend to keep our mouth shut for fearthat we are not the expert and therefore wrong. This leads to aweird air that you may feel sometime where the audience looks

almost ashamed in itself. They make the meaning that if theydont agree with the expert..THEY are the dumb ones and endup almost scolding themselves. Silly, but we all do it. So mine was blank to try and remove that.


3/11

Slide 6O Deck TOC without the shock value. This was made to set the

undercurrent.

O Shell doesnt matter to highlight the connection to OUR needs vs

their.

O What do they care about? To let the listeners knowthey MUST find

out! This was something for the audience to think about during the

shocking parts as a way to roll it back to the our vs. their needs

O Top 5. a silly hook used because people in this industry IMHO have an

affinity towards lists/rankings/hirearchy and ease of use. 5 seemedlike a common list #.

O Born from fire: Foreshadow of the takeaway. My job in the preso will

be to mentally, emotionally, physically engage people through shock

and brutal honesty. The use of profanity, lewd pictures and provocative

therapy techniques in speech should light up the audience andhopefully some of them will be reborn with a new understanding of

the job ahead and a new mindset of how to overcome the norm. the

more abnormal I can be, the further they will believe normal

extends..thuscausing progress


4/11

Slide 7-8O 1st touchpoint of shock. Early on, I said that I would swear (use foul

inappropriate language/terms), and act american and boast, and

push them. Here is visual proof that I am Willing to be honest with the

audience. I am also willing to be casual. To skip the politicallycorrect filters that often cause us to lose a point in translation

O On the other hand, this is the first chance to test the members of the

audience that may already not be willing to take a presentation that

had a forced sensationalism. We will later exaggerate these points to

try and find boundaries.O Eye candy for those that are READY to tackle the subject

O A statement to those that may be on the fence. No one cares about

YOUR findings. I want them to throw away SELF if they are angry here

that I am attacking them they will be quickly connected in the next

slides with the emotions point.O #8 Rollercoaster effects after all that build from the first shock we

have to calm them down.


5/11

Slide 7-8O 1st touchpoint of shock. Early on, I said that I would swear (use foul

inappropriate language/terms), and act american and boast, and

push them. Here is visual proof that I am Willing to be honest with the

audience. I am also willing to be casual. To skip the politicallycorrect filters that often cause us to lose a point in translation

O On the other hand, this is the first chance to test the members of the

audience that may already not be willing to take a presentation that

had a forced sensationalism. We will later exaggerate these points to

try and find boundaries.O Eye candy for those that are READY to tackle the subject

O A statement to those that may be on the fence. No one cares about

YOUR findings. I want them to throw away SELF if they are angry here

that I am attacking them they will be quickly connected in the next

slides with the emotions point.O #8 Rollercoaster effects after all that build from the first shock we

have to calm them down.


6/11

Slide 9-10O #9 Ahh yes what they are used to seeing at cons. Shell, scripting, victory

conditions, root.,hashesetc

O This builds hope for the preso to go the path of the norm and fall back to

what we have done as an industry that has put us in this defunct spot in

the first place.

O Conversation here is about the way we are self serving.We look at the

results and we show off what makes up feel important, empowered, and

almost godlike

O #10 Godlike but only to US. This slide is no only HYSTERICAL (to me)

but proves a large point. By being self serving, all we are doing is strokingour own ego. We are ignoring the needs of our customers and using shell

to compensate for our lack of true understanding of why they REALLY hired

us.

O Under the surface there is another meaning I got from it. It may be a

shocking and inappropriate figure but hell it took a signifigant amountof skill to get there. To me, the same elite skill we use to get the shells in

the first place. If a sysadmin feels slapped in the face and their pride

broken from your shell.. Imagine how the audience will feel then they are

forced to stare at a huge phallic symbol that is NOT ACCEPTABLE in their

world.?


7/11

Slide 11-14O #11 I love happy bunny. Classic Freudian humor stuffNothing is funnier

to me than the truth. Happy bunny is an example of those internal

monologs we all have but refuse to let out out of respect, kindness,

upbringing etc. But when we hear someone else say it for us. It is

relieving and gives us sameness. The execs that w feel act like robots,have the same firey emotions we do.

O #12 DO is red to emphasize that we need to DO something about this. This

should be a point where the birth of ok.. I can hear that we being self

serving and not eliciting the right response to our work..WHAT DO WE

DO?O #13 product line: Start the challenge. These are things that are obvious. It

is obvious that a product company cares about its products so the

question is posed why dont we (audience)?

O #14 The brand. Many techs may not realize that in most cases the brand is

the real special sauce of the company. People dont spend 100,000 on a

suit because its cotton it is because the designer on the label. That

name stands for a slew of indicators of quality. A car is a car but a kia is

not a bugatti.


8/11

Slide 15-16O #15 the employees: often times infosec paints the users as insignifigant

aspects that are just a risk to the business. Constantly making fun of the

fact that they are stupid,patchlessetc. they forget.. That in concert with

the brand and productthey ARE the business.

O #16 The bottom line: said in business speak. Hackers keep with this show me the money theme like we are loud mouth football players in jerry

mcguire. We need to get them out of this wannabe ghetto talk and start

realizing that they are part of an operational business unit, created and

alive to support the business and its growth over time. We should not just

sit around and show off how cool we are or how much we can getinto. WE are the troops on the groundthe guardians at the gatethe

strategists and the fighters. We must get away from this egocentric view of

profit and begin to realize the true goal of business is to fortify growth and

all may prosper. If we continue to view $ as an object to TAKE and not an

object to protectwe will work ourselves out of a job and potentially an

industry.O 11-15 were also another relax from the shock.


9/11

Slide 17-23O #17 get ready for HOW to connect to the execs. The how will likely be lost

because people will be in the coaster mode but should be able to create

a connection once the shock rock wears off

O #18 the pic was on purpose. Mostly geared at arousal in men and stoking

the feminism fight instinct in women. I love these types of emotionalresponses because from a base perspective LOVE and HATE are INTENSE

emotions. So much so that they are wildly similar in most aspects in how

your mind and body respond. This is the last sharp jolt in the rollercoaster

ride before the big drop. Oh and to further shake the hornets nest.. The

text essentially is to say shut up DONT be emotional. ** I wanna shakethe soda bottle, so that when it pops, it totally explodes*

O Trek, similarity, hackspeak the coasting used to address the emotion

and get the audience ready for the slow boring climbto the big drop off.

Also, the straight away goal is to say stop talking like YOU and START

talking like THEM. Stop trying to say the same thing over and over do

research get inside of their mind and posture. Start to think like them.Try to BE them in the business and identify if there is a way to pitch your

comments and make them into thinks that EVERYONE can understand

not just other hackers or whatever you call yourself researcher , auditor,

infosec professional, or just general liabilities


10/11

Slide 20-23O #20 bombardment of DO WORK. Its all over the slides, but u will hear/see

it more and more.I think we do work today that is for us. Then cry as a

martyr when we have to do more or redo work to make it fit customers

O #21 All chatter aside, we need to figure out some basics. The first What

is important. In order to go through the exercise to determine what isimportant in a customized way to the companies we are working for, we

need to figure out some standards of what is important overall. I wanted to

use the basic data classification model for a reference point. This states

some basic levels of data criticality but also implies that a specific level of

protection would be implemented on each level.O #22 but how do these levels get made and applied. How do we decide that

one secret is ore or less important than the others? How do we know

that we wont suffer the same catastrophic loss from public data? This

has been a common issue of ranking and weighting over time and begins

my posit on how to solve or fine tune the opinion process.

O #23 now so we dont have to use too many vectors to weight our

response, defense, and offensive target acquisition on.. We need to make

it into 1 score. 1 way to say, this will hurt a company if attacked..and how

bad. Also a way to say this is what to protect first instead of the losing

protect all strategy


11/11

Slide 24-28O #20 bombardment of DO WORK. Its all over the slides, but u will hear/see

it more and more.I think we do work today that is for us. Then cry as a

martyr when we have to do more or redo work to make it fit customers

O #21 All chatter aside, we need to figure out some basics. The first What

is important. In order to go through the exercise to determine what isimportant in a customized way to the companies we are working for, we

need to figure out some standards of what is important overall. I wanted to

use the basic data classification model for a reference point. This states

some basic levels of data criticality but also implies that a specific level of

protection would be implemented on each level.

O #22 but how do these levels get made and applied. How do we decide that

one secret is ore or less important than the others? How do we know

that we wont suffer the same catastrophic loss from public data? This

has been a common issue of ranking and weighting over time and begins

my posit on how to solve or fine tune the opinion process.

O #23 now so we dont have to use too many vectors to weight our

response, defense, and offensive target acquisition on.. We need to make

it into 1 score. 1 way to say, this will hurt a company if attacked..and how

bad. Also a way to say this is what to protect first instead of the losing

protect all strategy

Documents

5 ways to inspire response, cause impact and break molds