Search
  • danielpwilson

SF Bay Area User Group

Updated: Jun 11, 2019

I happened to be chatting with Pablo Patrick at Splunk about the user group. I always say I am going to go and something comes up. So I KNEW the only way I was gonna go was if I was obligated.


So, I put myself out there and 2 weeks later I was in front of a web stream and crowd. It was a solid experience, supported by my boss. I went up there and talked about solving FIM issues on the Linux and Windows platform with Auditbeat.


This post is less about the tech and more about the experience. I can do an Auditbeat post later if folks are interested.


I wanted to share a few things I learned that night I think will help the next person:

Errors pop out at the last second Problem - I read my slides 5 times and had a coworker check them. But sure enough once I was standing in front of 50 people. UGH. Errors both technical and grammatical popped right out

It's okay - Ultimately, update your deck and share it later. Initially I froze but I had to remind myself "too late". Apologize for the mistake and keep moving. The crux of what you're sharing isn't one tiny config error.

Folks want to know more Problem - I am by no means the world's leading expert in Linux auditing technology. Immediately folks were asking me questions about both PCI and FIM I hadn't considered. My company's SOC lead was also there. We found ourselves taking some notes and doing more research.


It's okay - You can't know everything; that is why you go to these events. You start conversations and share experience. I gained the experience of 3 other companies who were fighting the same fight - as did they. We all got better for it!


Your mind will lock up on you Problem - I work on a Compliance team at least weekly. I am so comfortable using acronyms and terminology that the underlying meaning of those words was lost. Someone asked me to define the DSS. I mean... no one spells out DSS in a PCI meeting. We just use the word. (It's Data Security Standard, BTW) It's okay - Laugh it off. Google is your friend. We all have acronyms we use. Review your PowerPoint ahead of time for them and ensure they are spelled out.

People LOVE jokes Problem - I think my presentation was like... 20 minutes maybe? A little long.

It's okay - Place breaks in there! Meme bad jokes. I broke mine up between the "problem" side of the PowerPoint and the "technical" side of the PowerPoint. I made a Battle Star Galactica joke. It got laughs and the presentation went smoother because of it.


I started to lecture Problem - no one wants to be talked at. Or worse yet they don't want to be pontificated upon. As I was going, I started "holding" my slides up as gospel to myself and the crowd mentally.

It's okay - The slides have a presence, but break it! Ask questions of the audience. Make eye contact; laugh and smile. A conversation should be 50%/50% give and take. Speaking and listening.


Closing up here, I am not a public speaker but I am already better for the experience. I can't wait to give it another try. One final summary for anyone doing it or considering it... just know it's FINE. You're gonna live and the next time you do it you will be that much better.


4 views0 comments

Recent Posts

See All

How do I learn Splunk administration?

Had an old coworker hit me up a week ago. He took a job as a SOC analyst where part of his job is going to be supporting Splunk. He's a smart guy but Splunk is more complex than it looks. Given I've a