Site Logo

Last week, I spent 3 years attending Showcase Ontario 2005, an IT learning & education conference targeted at the public sector (read: government) and it’s partners. The format is very similar to Comdex, with a show floor open, showing various IT technologies in use within the Ontario government and also partners that supply these technologies. There were also learning opportunities which I attended.

Overall, it was a very good conference, got lots of freebies ) , and attended some very interesting sessions. The highlights were these 3 sessions:
Speak, present and impress!
A session on advanced presentation skills. The presenter was very knowledgeable about the art of presenting. He touched on the differences between presentation, speech and academia skills. Many people start their presentation with the words “I”, which actually belongs to a speech where the speaker has power over the audience. The presentation should be about the audience, and hence the first word should really be “you”.
The main point that hit me was that many people were “post”-senting instead of “pre”-senting. A good example is myself, I usually use Powerpoint slides to highlight points, and just read them off and explain a bit about it, and in short just read out the slides to the audience.
This apparently came out of the ancient religious tradition, where the clergy could not read, and the priest had to read out for them. Presentation should be about clarity and value, not fancy Powerpoint slides that we read out to people. Very interesting session, and I highly recommend it to anybody who presents regularly to audiences.
Exploiting and defending networks & web applications
These are actually 2 sessions, one specifically on web applications and the other on networks. It’s targeted towards people internal to an organization who have to understand how crackers think and will attack their networks. Very similar in content, with minor differences in between. In hindsight, I could’ve probably just attended one of it and get full understanding of the session.
This hands on lab walked us through the process that an attacker might take to attack a network system. A simulated environment was on hand, and it was surprising how easy it was to execute things like an SQL injection attack, based on small errors that web applications give out to users (ie. exceptions that are not caught). The speaker is a security consultant that has been doing this for a long time, and he explained how vulnerable most systems he goes into are, including some quite large banks and companies.
Main point from these 2 sessions: make life difficult for a cracker to break into your system, for it’s not possible to completely eliminate security threats.
Technorati Tags : ,
Powered By Qumana

Average Rating: 4.6 out of 5 based on 280 user reviews.

No comments yet. Be the first.

Leave a reply