Innovation Sandbox at RSA – a Lesson in Security AND Oratory Skills
While attending the 2013 RSA Conference last week, I took a chance and attended the presentations in the Innovation Sandbox Showdown. If you haven’t been to these or aren’t familiar with them, this is where security startups show their wares to a panel of venture capitalists and infosec experts for the title of “Most Innovative”. The catch is that each vendor representative has 3 minutes to do a presentation about their company. After they finish, they have 2 minutes to answer questions from the panel. These time limits are STRICTLY enforced, meaning that the mic is turned off when the time ends. No exceptions.
As I watched the showdown, a couple of points started forming in my head. The first was from the standpoint of a security professional with an interest in new security technologies. The second was from the was from the standpoint of an orator. So let’s start with the first one.
First – The Security professional
Each of the vendors seemed to attack the big issues of today, like cloud, malware, browser security, BYOD, etc. But you know what? I’m just a little tired of it all. Every year, we have more vendors. And every year, they fall away. And as I write this section of this post, I just want to stop and scream. So many products, and I keep getting reminded of Jeremiah Grossman’s post about increasing the attack surface with more security products. Yes, I know this doesn’t exactly equate. Every time a product comes out does not mean you are going to put it in your network. But there is this overload that has been coming and coming, and we have reached it.
So many of these issues – like BYOD – can be fixed using stuff you have in your security toolbox now. That doesn’t mean there isn’t a need for point products sometimes. But like Jeremiah said, bad guys shift tactics. And the more products there are guarding your network, the more they look for holes in those products. So it is smart to look at what you have and be smart about what you buy for security. Yes, we need innovation. But innovation is not limited to product vendors. You can innovate within your own enterprise. You can act differently, be more proactive, watch more closely, and use the tools you have. Let’s stop the cycle of buy, install, follow the shift, buy, install, follow the shift. Start hardening, start reviewing your risk, start learning your business, start determining your gaps, start creating a program.
Are there problems that can only be solved with a new product? Probably. But first we start doing things right instead of perpetuating the fraud that we have to constantly rely on others to innovate for us.
Second – The Orator
I have performed quite a few talks over my career. I have talked to fairly large audiences (200-300), and I have spoken with small, intimate audiences. Both have different challenges. With those talks, I have had plenty of time to prepare for the presentation. I practiced my talk, polished my slides, and then ran through it again. I have also done Toastmaster-like events where you have a random topic, little time to prepare, and only a few minutes to talk. The Innovation Sandbox has elements of both. Like Toastmasters, you don’t have a lot of time to talk. But like typical talks, you have time to prepare for the talk (i.e.practice), and you have time to polish the message.
Prepare, Prepare, Prepare – then Prepare Some More
Bobby Unser (Al Unser’s brother) said, “Success is where preparation and opportunity meet.” What struck me was how little the speakers seemed to prepare, and how badly their presentation was done. Even with this huge opportunity to speak in front a crowd that could possibly spell success for their company, they did not prepare. I just don’t get that.
Run the presentation with folks outside your company. Don’t talk in the echo chamber, or all you will get back is people saying it is great, it is wonderful, we’re gonna kill the ball with this presentation. Seriously people, you must let others hear the talk. Get feedback. Figure out where your doing stuff wrong, where you can adjust. Figure out out to get your message down in 3 minutes. And some advice: if you let others hear your stuff and they have no criticism, there are two possibilities: your presentation is phenomenal, or you picked the wrong people to listen to your presentation. In the immortal words of Sheldon Cooper, “Of those two scenarios, which one do you think is more likely?”
Attack the Problem
Many wanted to talk more about their management team, like a great management team was all your company needs to attract venture capital or get people’s attention. I get that it is probably a factor, but as someone pointed out on Twitter (paraphrasing because I can’t find the tweet): “If your management team is famous, they need no introduction – if they’re not, they still don’t.” In other words, focus on the perceived problem and how you solve it. I had a really hard time figuring out a lot about their companies with the presentations. Most of my questions were answered when folks on the panel started asking their questions. That is fail-city in my book.
All right, I’m done ranting. I feel clean again. For now…