Using Infomercials to Make Better Presentations

[Music] C my name is Brian Richardson I'm one of the board members of the organization and somehow also a speaker so you know if you show up long enough that's the thing that sort of happens around here uh I'm going to give a talk about something about giving talks this is coaching that I give at work um but first a couple of disclaimers uh this session is designed to help you develop a story for a technical presentation not necessarily the tips on your slides there are too many WordPress blogs about that go use search um it's only one approach to doing uh presentation or content development so it's not going to work everywhere maybe it doesn't work

for you that's fine um other resources are available ask your local internet for options also I'm going to say y'all a lot cuz I am Southern it doesn't sound like it um I moved up here about fiveish years ago to be closer to the office everyone yeah at that cuz that was 2019 oh oh back then that was so much fun um 2020 I was a speaker at fdam and I was going through the airport and watching it sell out a San hand sanitizer as I was bouncing around Europe um but while I was there I was actually giving a training to uh my local colleagues in Poland about how to give talks at conferences so I trained a

bunch of people on how to give talks at conferences about a month before we stopped going anywhere but in the progress I also got a bunch of people in po to start saying y'all y'all is a a wonderful word y'all is is great and ain't isn't um so I'm going to spread the gospel about a gender neutral intro hey y'all um it's second person plural rare in the English language um it is scalable so y'all are the people in the room and all y'all are the people at be besides so all y'all is y'all is a service and it's Southern that joke changes depending on where I'm giving it at a Sci-Fi conference all y'all is an

area effect spell so you can scale that as well so hey y'all I'm Brian I think we went over that already uh I used to write assembly code for money I don't recommend it as a career but if you want to learn about security congratulations you're everybody's new favorite Target um I went to give you some background I went to a high school for Science and Math whose mascot was the Unicorn so me ending up on this stage is nobody's surprise um I was responsible for press delete to inter setup for about 15 years moving from code to sales support to technical marketing traveled a lot for that and went to so many Intel conferences that they just ended up

hiring me about 15 something years ago uh I was an open source advocate for a while and was working on firmware specs and doing a lot of tech marketing around UEFI I didn't write the whole spec it's not my fault um I'm also on the board of bsides and I do a lot of video production for this little tiny convention called Dragon Con in Atlanta it only had 7 something thousand people last year no big deal it's kind of large in working in all these different jobs what I've learned is about storytelling something I didn't really get as an engineering major in college um I was at Clemson for six years unlike most people who go to Clemson for six years in

engineering I got two degrees oh boy that was hard um but I figured out over time that when I was coaching people in Labs about writing reports they would write down data but they wouldn't give me information those are two different things and the ones that were better at that were actually telling a story in their presentations and the more that I have to digest other people's stuff read things for executives write quotes for people with cooler job titles than I do have and get people to pay attention to Firmware which is really hard it's kind of boring you have to clearly Define your problem and this is what a lot of people don't do in their technical

presentations they don't Define what the problem is they just start throwing data and code on on a slide and then there's that mass Exodus 2 minutes into the presentation you're like oh no what did I do wrong you didn't describe a solution necessarily but good technical presentations do even white papers and it links to the solution in your talk in 20 to 45 minutes you will not actually give the full solution to the problem if you put up that much code people will squint and then your audience is staring up the slides not listening to you and finally it's the appropriate length which we'll see if I can hit the 20 minute Mark in this thing

now those four properties where have we seen them before you are tuning them out constantly in a very effective form of communication that you have been subjected to against your will but you don't want to admit it but it works on you and it is a television infomercial raise your hand if you understand the concept of an infomercial I have to check because a lot of people now have the option of paying to not get commercials and now you're paying less for the thing that used to pay to not get commercials CU they want to charge you more if you don't get commercials so now you're seeing commercials again yay free TV so an infomercial looks like a

subjective piece of entertainment at first glance I'm learning something about a rotisserie chicken maker oo this must be newsworthy because it has a news style format no they're trying to sell you something but it is a large industry it is worth $200 billion us annually that is a lot of dollars even if it was a different currency still a lot of dollars so these look ridiculous all right who who owns Flex Seal go ahead somebody's got yeah okay it worked right spray rubber in a can $200 billion what are they doing right one of the things I do is I I make stupid videos for the internet for this thing called Dragon conon TV which is a i founded two TV

stations one of them was fake but it's the bigger one now I founded uh television at Clemson back in the 90s again I wrote assembly code for money um and we the thing that we do at Dragon conon TV in between the actual panels is we make content to entertain folks kind of like Gap programming and we would just parody what if a TV commercial existed in your sci-fi Universe what if Deadpool G gave a master class on breaking the fourth wall what if um you could spray something on your movies and it made them better right so that was improving um and also came with retcon which is a spackle used to cover over plot holes um

that's the kind of nonsense I make but then in when you when you make fun of something you deconstruct it and find out why it works and now I find out why the infomercial works because every good presentation while I was doing that stupid comedy nonsense I was doing a ton of conference presentation so I was in the audience like you going oh why does this work and it turns out a lot of people have latched onto this idea of the same format as the infomercial which is fail fix learn and act and every infomercial has these four stages fail is the black and white part where I forgot how to human I can't put on a robe why can't I

can't put on a robe while I'm sitting down okay so I get a snuggie right fix is the thing but wait there's a solution for your very obvious problem fail is often ridiculous and you think it's ridiculous because they think you're an idiot they don't I'll get to why fail Works in a second but fix is the thing if you're if you have a problem as an engineer always follow with the solution otherwise you're just doing comments on the internet learn is where you find out how it works this is the longest part of the infomercial and in their format it's 20 seconds and a 30 second commercial but it's the meat it's putting the tape on

the thing it's putting the robe on the person it is slapping the chop as they say um nobody says that and then act is what do you do next call now to order is in in marketing materials it's called a call to action there's no better call to action then actually having to call something go to a website go to a phone number download a thing this is super clear and every good technical presentation white paper sales deck that I've encountered has this and and this includes black hat and Defcon presentations you clearly Define a problem you propose a solution you tell people how the solution works but you don't read them the whole user manual

because you ain't got that kind of time and finally what do they do when they leave if you developed a patch for something you better tell people where it is and how they can apply it hey this micro code sucks anyway my time is gone bye what do I do with that information well you go into the Linux thing where the micro code lives and you put it on your stupid server so the thing stops happening and in this format and this is the thing when I talk about storytelling um who had to endure English 101 and the idea of the hero's journey right if you don't know what the hero's journey is you know what the hero's

journey is it's about an orphan being discovered by some old creepy dude in robes who tells him he has magical powers whisk him off to a magical land through some kind of transport and then they go on to defeat the big baddy with a weird nose and of course I'm talking about Harry Potter but I could have talk been talking about Star Wars or I could have been talking about all that stuff you had to read in The Iliad in The Odyssey it has seven stages I got 20 minutes nobody got time for that but the hero's journey is about the hero you're not the hero in this story even though you're one on the stage you

are setting up your audience to be the hero if you tell the audience hey there's a security problem the audience should be the one to fix it you're not going to patch all the systems nobody Ain think on that time so you have to present it as if you are pitching the audience on what they have to take away and yes even if you're not selling something you are selling something you are selling an idea so even an open source you have a sales pitch sometimes the sales pitch is Outlook sucks it's a compelling pitch even the magic eightball knows that Outlook isn't really good so you're still getting someone to do a thing that makes the

situation better industry life whatever uh keeps you from becoming a chicken farmer in the woods because people actually fixed your stuff I have chickens I almost have Woods I'm I'm two-thirds of the way there all right so if this was the hero's journey I'm so sorry you're not Luke Skywalker now as me being a person who at age five saw Star Wars in the theater I wrote assembly code for money um this hurt me a little bit when I discovered it because I wanted to be Luke Skywalker when I was five blond kid parents still alive so that disqualified me um also no Batman because they're alive and no trust fun but I wanted to be Luke

Skywalker so bad and then when I moved to Georgia and built my first house I had to put it in an air conditioner because I lived in Georgia and otherwise you would die people in Portland are just discovering the wonders of heating and air conditioning and not just heating global warming is real um but Georgia has like 85 Degrees uh during the day to 90 80 degrees to 70 at night with 127% humidity in the summer and I discovered that my air conditioner takes moisture out of the air as part of the heat pump process and I was getting five to eight gallons of moisture out of my um air conditioner every day and the

reason I knew this is because they ran the pipes backwards in my house and it all went down to my Basement foundation so one Jackhammer later and some profanity I fixed that situation and was measuring the output and dumping that 5 to eight gallons of water into my garden every day free water so I became Luke Skywalker but the whiny moisture farmer not the actual hero I should have been more specific in this story your Obi-Wan your Dumbledore let's gloss over how those characters end in their respective uh stories but that's what your role is as that speaker you are guiding the hero in their Journey you're going to get them about halfway there oh Living on a

Prayer okay an example for my life in firmware oh firmware being everyone's favorite attack service since the cih virus which I found in the wild I found the Chernobyl virus in the wild in a release that I sent out to a customer it was the first virus to actually try to attack bios by leveling it whole different talk but people are still doing pxe Boot and it hurts my soul pxe boot is just yelling across a network Hi here's a boot image anybody could take it because it's UDP yay no that's terrible um doesn't work outside the firewall and it kind of is terrible anyway because any idiot with a raspberry piie and a little bit of free

time can sniff your boot image take it home and play with it and then find the exploits on your network yay no it's not yay so we're trying to get people to actually do https boot in firmware which good news um a lot of data centers do this you're the people who are using your information to try to sell you handbags on the internet totally using https now on their internal networks anyway now trying to present this problem to a bunch of people my audience is not the firmware developers they know it's there they read the spec mostly except for those security problems but I got to convince a network administrator to care about firmware oh no that's really hard um

they don't even know what their Hardware is they're running in the cloud now so how do to get them to care about this so I don't tell them about firmware I tell them that their boot method has no authentication built into the spec and then they make that face yeah that one um they cry a little bit and then they find out there's a network solution built into the firmware they're already running and has been there since about 2017 and all they have to do is turn it on and here's how you do it and also it's an open source and you can try it out on your own there's readme.md I'm not going to read it to you

today that is an infomercial for not doing UDP booting and not making me cry a little bit every single time I read the cve now you're going to see this in a lot of your security presentations when you get here and if you're going to do a black hat Defcon future bsides please apply for bsides 2025 to speak you're going to see this structure a lot I found me a bug it was bad here's why it was bad here's my fix now here's how we're going to do this I will give you an overview of the bug fix you will not read their code out loud in the conference room I I love y'all but anybody who's doing the 12o

Times New Roman Courier new thing on a slide oh no no no uh we ain't got the eyesight for that um and what you're doing at that point if I put 47 lines of gobble up you're looking at that not at the speaker you're taking attention away from yourself and you might lose the audience a little bit what you want to do is show them why it works give them a little bit of like hey there's a config file get this and then highlight that point and make it bigger so they understand like when you get this code here's a couple things you should do and then here's where you I'm going to hand you the lightsaber I'm going to hand you

the wand and then you go off and do the magic thing all right now I want to get to framing has this ever happened to you that's the opening of every infomercial basically it's the you know if if it's a movie trailer in a world that's the in a world of infomercials has this ever happened to you that's the framing of fail and this is where you can take a canned presentation and give it multiple places to multiple audiences so the framing depends on who you're talking to if you're talking to the C ISO versus one of your engineers the presentation will stay the same the problem framing will change because their motivations are different so if I'm the CEO I care about

money getting sued losing reputation that's my angle into security compliance my ceso wants a compliance story so I tell a data sovereignty story and then the engineers get a confidential Computing story or an encryption story or a post Quantum story so how you set this problem up the rest of presentation is going to be exactly the same it's the same readme MD except the ceso might go okay my pet nerd has to read that my principal engineer my architect has to read this I'm not the final audience the CEO is going to take them on the journey they're going to give them the white paper or the slide deck when they get home the engineer is

just going to go straight to GitHub but the way that you convince them that it's interesting and with in their scope is to set up that problem in a way they understand it so how do they do that in infomercials remember I talked about the Snuggie earlier the Snuggie is a handicap accessibility product it is not a laziness product the Snuggie started out as a product called the slanket the slanket was made for people in wheelchairs who literally can't stand up to put on a robe because wheelchair but that's a lower volume of people you can't get Mass Manufacturing in scale so now you change the failure to I'm middle class and slightly uncomfortable you sell way more of the

things and you get the cost down so you can Mass Market the product so The Slap Chop that thing that you put over the onion and hit it you're like I have two hands in a knife now who doesn't have two hands uh people with one hand Luke Skywalker we're going to bring it back around to the hero's journey again um so there was a time where Luke Skywalk was like yeah snuggy would be great it's going to take me a while to figure out how this hand works it's got a bunch of of cves in it but fix fix learn and act are all the same thing it's you're you're defining the problem just to a

different set of people so I have a call to action which is you take this idea for free absolutely free uh and then figure out what it applies to if you're doing a poster session this is great for poster sessions we we borrowed there's actually a PhD that we we at Intel borrowed one of their formats for poster sessions and it locks out into basically this four quadrant and it gets it down to instead of doing the name of your research paper at the top of the headline on your poster you do the outcome what did you achieve that's the thing that's in 60 point font on the thing that you picked up at FedEx Office and then you and your

Amish PowerPoint like just standing there in the hallway and now you can draw people in because like oh I want the outcome I want uh 100% faster bug recovery I want AI to leak less data okay that's the thing that draws them in and then you explain the problem white papers work like this too if you have to write those things all right what I didn't cover is how do you get your talk into a conference that's a whole another subject we have a workshop on it uh Joe's are still space in that Workshop Joe's given that Workshop there's space in the workshop it's at 1:30 in room 329 uh I recommend Joe's actually presented way more conferences

than I have and way more that are in this genre so if you want to actually get into a security style conference I recommend going to that because the whole um call for papers process and everything is a little confusing at first and there's ways to kind of optimize that but wait there's more okay no that really isn't I'm done but we're just going to close by enjoying Obi-Wan Kenobi enjoying his Snuggie thank you very much

[Music] all right someone's going to Yeet oh that was almost an insurance claim by the way the speaker gifts this year are kind of rad I love these he's so cute