My prospects are out, it’s beautiful weather (already got my morning ride in thank you) and time to clean up my desk for the weekend.
I need to talk about data security presentations. Most of them are horrible – heavy on technical details or heavy on corporate marketing fluff. If the presentation is about same origin policy and DNS pinning (Christian Matthies’s excellent explanation of DNS pinning and anti-DNS pinning), you would start out by showing the DNS request/response strings like this (this is a DNS response string):
0000 00 16 41 ae 68 f2 00 30 6e 2c 9e a3 08 00 45 00 ..A.h..0 n,....E. 0010 00 82 95 e5 00 00 3f 11 58 4a 04 02 02 02 10 10 ......?. XJ...d.. 0020 10 02 00 35 c7 c2 00 6e bd 6d b2 bb 85 80 00 01 ...5...n .m...... 0030 00 02 00 01 00 01 03 77 77 77 09 73 65 63 74 68 .......w ww.secth 0040 65 6f 72 79 03 63 6f 6d 00 00 01 00 01 c0 0c 00 eory.com ........ 0050 05 00 01 00 00 0e 10 00 02 c0 10 c0 10 00 01 00 ........ ........ 0060 01 00 00 0e 10 00 04 43 4e 3d c8 c0 10 00 02 00 .......C N=...... 0070 01 00 00 0e 10 00 09 06 6E 61 6D 65 73 76 c0 10 ........ namesv.. 0080 c0 4d 00 01 00 01 00 00 0e 10 00 04 c0 a8 00 64 .M...... .......d
If the presentation is about Symantec Data Loss Prevention Suit 9.0 – it will start off with a ton of text like this:
Today, just about anybody in an organisation can share, access, and disseminate information easily. Organisations have come to depend on it – in fact, it is enormously empowering. At the same time, the workforce has become increasingly mobile and the ubiquity of high-speed Internet access, smart mobile devices, and portable storage means that ”the office” can be anywhere.
As a consequence, it has become more difficult than ever for organisations to prevent the loss of sensitive data. According to the Ponemon Institute*, more than 250 million personal records have been exposed by data breaches since 2005, with each breach costing an average of US$6.6 million to the unfortunate organisation.
Clearly yesterday’s security perimeters aimed at securing IT network cannot address today’s data security challenges and it’s time to shift the focus to securing the data itself.
Symantec Data Loss Prevention delivers a unified solution to discover, monitor, and protect confidential data – wherever it is stored, or however it is used. Only Symantec offers comprehensive coverage of confidential data across endpoint, network, and storage systems.
Let’s face it, most data security presentations stink
I consider myself a pretty good presenter – I try to keep my presentations, clear, concise, emotional, entertaining. But there is always room for improvement so I went back and watched the Steve Jobs launch presentation of the iPhone. I took notes. Jobs is an awesome presenter. Here are some secrets for an effective data security presentation (with all credit to Steve Jobs).
I feel something in the air
Yes, it is the train to Heathrow and I am about to get run over.
Preventing data loss in municipal government
- Have ONE consistent message for example “Why firewalls cannot prevent data loss”
- One message per slide, e.g: “Firewalls blocks ports but DLP requires blocking of data”
- Keep it simple, like this, e.g.: “Data security requires closing gaps between policy and enforcement”
- Demo – show them a data security breach live
- It’s always good to have an enemy, like this: “Websense, Symantec, Mcafee”
- and then there is the Steve Jobs “One more thing” (like Count Basie on the swing classic April in Paris when he says “One more time” and then “One more once”….)
- Practice over and over again until you have your line down perfectly. If you play a line on tenor saxophone that is 120 then you should have it under your fingers at 180….
