(SecurityWeek – Joshua Goldfarb) – If you’re like me, you’ve likely sat through some pretty painful conference talks, meetings, industry sessions, or other gatherings over the course of your career. In my experience, these events can generally be broken up into three categories: Those that are good. Those that are so-so. Those that are painful.
While it’s unrealistic to expect every event to be a good one, I don’t think it’s unrealistic to expect them not to be painful. This begs the question: What makes an event one that is just downright painful? In my experience, the answer to this question lies in the event organizers and/or presenters not knowing and understanding their audience.
Sometimes, people ask me how they can know what to talk about. How can they find the topics that interest their audience, regardless of the forum or setting? How can they come up with content that either resonates with attendees, or is something they can identify with? The answer to these questions is simple: Listen.
More often than not, the information needed to understand an audience and what they might be interested in hearing is there for the taking. Right in front of our eyes. The speaker merely has to be open to and prepared to receive it. So, how can security presenters learn their audiences? I present 5 approaches that I have found helpful in understanding audiences:
Research: There is no substitute for good old-fashioned research. Whether you’re speaking at a conference, presenting in a meeting, working the room at an industry session, or otherwise, researching the audience pays huge dividends. Is the audience full of security professionals? Or, are they largely people who perhaps have tangential experience with security? Or, are they those who are not at all familiar with the security world? What are their job functions? What type of industry or industries do they work in? What countries or geographical areas are they from? Why are they at this particular event (whatever type of event it may be)? What motivates the attendees? What are their goals and priorities? The list of questions that research can answer goes on and on. Whatever the questions a presenter settles on are, they help that presenter tremendously when looking to target content, tone, delivery, and message to the audience.
Ask the organizers: Most event organizers want their speakers and presenters to succeed. After all, the success of an event is directly tied to the quality of its content. True, networking is also important, but with time, good content generally brings the right audience, while poor content generally brings the wrong audience. Not surprisingly, event organizers are usually quite willing to help presenters understand those who will be in attendance at an event. In the long run, it benefits everyone. The same goes for meetings as well. Don’t be afraid to ask your point of contact within an organization who will be in attendance and what they might be interested in hearing. Chances are that the person who brings you in wants you to succeed. It makes him or her look good as well.
Discuss with peers: I’ve always loved the phrase “this isn’t my first rodeo”. If you have a presentation coming up, whatever the forum, chances are that one or more of your peers has some valuable intelligence about it for you. It’s worth asking around. You might be surprised at the level of knowledge certain people have regarding a given audience, along with their willingness to share it with you. Sometimes, the people you work with day in and day out can help you in ways you might not have realized or anticipated.
Ask the audience: It’s always better to try to know and understand your audience ahead of time, well before you show up. That allows you to tailor your content to suit their interests. But what can you do if, for whatever reason, you haven’t been able to gain any helpful insight as to the audience you will encounter? You can always ask the audience itself. What do I mean by this? Make a few bold statements or ask a few questions near the beginning of the talk to see how people react. Do they answer your questions (perhaps by a show of hands) in a way that helps you understand their backgrounds and interests? Do their facial expressions or reactions give you some clues as to how they view the world and what they might want to hear about? If you design the comments or questions properly, you will likely be able to discern quite a few things about the audience’s orientation.
Read the audience: When all else fails, or even if all else succeeds, it’s always a good idea to read the audience. Has everyone taken out their smartphone or opened their laptop? Are you receiving perplexed or confused looks? Are people falling asleep? Does the audience’s body language indicate that they are feeling a certain way that may interfere with them receiving the message you intend to transmit? Is no one participating or asking questions? Is no one taking notes? These are just a few of the signs that your content, tone, delivery, or message may not be resonating with or interesting to the audience. And that means it’s time to adjust. There are few things more painful than watching a speaker lose an audience, no matter the setting.
About the Author: Joshua Goldfarb (Twitter: @ananalytical) is an experienced information security leader with broad experience building and running Security Operations Centers (SOCs). Josh is currently Co-Founder and Chief Product Officer at IDRRA and also serves as Security Advisor to ExtraHop. Prior to joining IDRRA, Josh served as VP, CTO – Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.