In July last year, I took a big step outside of my comfort zone and delivered two talks at local New Zealand cyber security conferences. These talks were a big highlight of my 2022, and I haven’t had the chance to fully reflect on my experience preparing for and delivering the talks. While we’re still at the start of 2023, I wanted to sit down and formally document this milestone in my career and the learnings I got out of the experience.
I never really considered giving talks at security conferences to be something I would aspire to do. Like most people, I dislike public speaking and the thought of getting up on stage in front of a large audience of professionals to present a technical topic was a very daunting prospect. Secondly, I never felt as though I had anything useful or interesting to say to such an audience. I always assumed that the people in the crowd at these security conferences have more knowledge and experience than I do anyway, so why would they want to listen to anything I have to say?
The latter slowly started to change as I progressed in my cybersecurity career. I became more confident with my level of expertise and experience, and began to work on things either in my professional work or personal time that I considered to be pretty cool. The blog post I published in August 2021 titled Spoofing an Android Phone to Exploit the Razer Local Privilege Escalation Vulnerability was probably the first example of this, where I felt as though I finally had something worth sharing to an audience. I never intended this to be in the form of a conference talk though, but my manager at the time (and current good friend) was insistent that I submit the research I had done as a CFP to New Zealand’s largest cybersecurity conference, Kawaiicon. I did so, on one of the last days the CFP was open, not expecting much given the high calibre of talks that Kawaiicon is known for. To my surprise, this content was accepted as a 15 minute lightning talk and all of a sudden I had no choice but to begin prepping for a talk on the largest stage NZ cybersecurity has to offer.
While the concept of conference talks was fresh in my mind, I ended up submitting another talk to the OWASP New Zealand day conference about the tool OWASP Amass. This was a tool I had used extensively at my workplace, and a tool that I think is very powerful and useful for organisations develop their attack surface management capability. This talk also ended up being accepted as a 30 minute presentation. Initially these were spaced 4 months apart, but due to complications with COVID both conferences ended up being delayed and would ultimately fall only 5 days apart from each other. All of a sudden I had to give two different talks within a week as a first time speaker.
Despite the change in schedules (and my own bout with COVID thrown in), both talks went great and I received a lot of positive feedback from them. Having prepared and practiced the presentations so much, it was a great feeling to deliver them successfully. The Kawaiicon talk in particular will always be something I look back on with pride, and I’m sure it will be a highlight of my career for years to come.
Reflecting back on the experience of talking at conferences, I think there are a few key things I gained. The first is the obvious – more experience with public speaking. Giving for a presentation to almost 2000 attendees is not easy, but having done it I feel much more confident with my public speaking abilities. The other main takeaway I had from the experience is realising how supportive, friendly and open the cybersecurity community can be. One of my biggest fears and doubts prior to the conference talks was being ‘called out’ for a lack of technical understanding or accuracy, or just being judged or criticised in general. On the contrary, everyone I spoke to before and after the talks were extremely complimentary and supportive. Receiving such positive feedback for my talks was an amazing feeling, and it gives me more confidence and willingness to share future content with the community moving forward. Finally, being involved in two conferences as a speaker was a great way to network with other professionals and meet new people. I had a great time connecting with old friends and making new ones during the conferences, and I’m glad to have been able to participate as a speaker rather than an attendee for the first time in 2022.
I’m not sure if I’ll give another talk in the future, I’m certainly open to doing so if the right opportunity comes up. In order for that to happen, I’ll have to keep working hard, learning new things and one day soon I’ll hopefully have something new to share with the community. Guess that works as a pretty good goal for 2023.
Cheers,
Kento
KentoSec 