Today is the Cloud Security Alliance (CSA) Norway Summer Conference in Oslo. I have been fortunate enough to be asked to explain how to become an infosec rock star, and below are my slides and notes, all for you to enjoy.
Remember that if anyone of these can achieve Rock Star Status, you can too! Take these tips, and go ahead!
This is the full deck, available at Slideshare:
One year ago, I went to Colombia to deliver a keynote on security culture and human behavior at a conference. As usual, I updated my twitter stream with what happend during my stay, and this photo was posted. A napkin, given to me by one of the ladies present.
A tweet that had a colleague ask me: “Kai, how do one become an infosec rockstar?”
My name is Kai Roer, and I am here to tell you what makes a rockstar – in the infosec industry!
Slide 2: It´s only Rock and Roll, Baby!
Therefore, let us take a look at what makes a rockstar!
First, it is about having fun! It´s all Rock and Roll, Baby! And fun can be defined in many different ways – just consider the amazing number of different rock music available – from Elvis, Stones and Beatles, to Deep Purple, Twisted Sisters, to Nirvana, Pearl Jam, and many more.
Just like there are many bands with a wide variety of flavours, there are a large number of stars in the infosec community. And just as with rock and roll, there are some common factors to consider if you want to be an infosec rock star too:
You need to be up for Sex and Drugs and Rock and Roll
You should be newsworthy,
Be Daring, even
Do these things, and you will build a following and fans,
and you may even get yourself some groupies!
Let´s take some time to look at each of these requirements!
Slide 3: Sex and Drugs and Rock and Las Vegas
Music: ZZ-Top: Las Vegas
Sex and Drugs and Rock and Roll was a thing of the 60s and 70s, says some. I say it still is.
ZZ Top is closer to the Rock and Roll than to sex and drugs, just listen to the rythm in their blues-like music.
Just like sex and drugs are important to rock and roll; so are conferences, events and their parties to the infosec community. If you want to learn something new, meet new people, and possibly even score some free booze, you get out of your office (or dungeon), and go shake some hands at an event.
Slide 4: Las Vegas Jack
As with rock music, some events are more important than others. Again, it depends on your taste, interest and friends, yet many people will agree that the Security BSides events have become a real player – not only in Las Vegas, everywhere!
The BSides are a bit like I picture the Woodstock festivals, driven by the community, for the community.
As one of the founders of BSides, and possibly the missing ZZ-Top band-member, Jack Daniel represent the Sex and Drugs and Rock and Roll. His care for the community is hard to hide between his grumpy tweets, and his infamous RV-rides with the RV filled with infosec peeps are just, well, exactly like a band driving from concert to concert in their band-bus!
Jack is also old enough to realize that the constant buzzing about New this, New that is nothing to panic about – in his words:
Don´t panic, we´ve solved this before. Jack Daniel
Slide 5: Be new and newsworthy
Music: Rammstein: Sonne
In addition to have the Sex and Drugs and Rock and Roll attitude, you need to be newsworthy – that does not necessarily mean that you need to come up with something totally new – it means you must be able to present it in a new way. A way that gets people interested.
If you choose to become a cover band, that is fine too, as long as you remember to credit the originator.
Rammstein, however, is not a cover band, this group is doing their own thing. They are strong, can be a bit rough on the edges for everyones taste, and they combine humor, quality and care.
Their focus is narrow, yet within their area, they simply ROCK!
Slide 6: Mr. Passwords
Just like the Norwegian Mr. Password, or Per Thorsheim as he is known over here.
Per has a deep interest and passion for passwords, so much so that he has established not only one, but two conferences on the topic – one in Norway, and one in Las Vegas. Just like the band, Per is very focused, can be considered a bit rough (he if from Bergen, after all!), yet those who know him know him to be caring, deeply generous and extremely knowledgeable.
Although the topic of passwords are not exactly new, the way Per present and focus on the topic, brings new and valuable knowledge to the area, which is why he exemplifies being new(sworthy).
Slide 7: Be Different
Music: Jamiroquai: Cosmic Girl
Being new is all well and fine. Another way to get attention is to be different. After all, you need to get heard through all the noise, right?
Of course Im right!
Just consider all the musicians around the world who wants to become a Rock Star. They’ll do anything, with anyone, just to get a shot at becoming a star. Most of the time, though, doing anything to anyone just isn´t the right thing to do.
You need real talent, real skills, real interest and deep understanding of what you want to achieve. Jamiroquai knows that better than most.
Slide 8: The Father of Girl Cynic
As does Javvad Malik of 451 Research, or J4vv4d of HostUnknownTV, and his other alter egos.
He started out as an infosec cynic, you know that state many infosec peeps end up in after too many lonely years in the bunker, and upon being challenged, his English wit and humor became his savior. Just as he became the savior to the sanity of so many others in the infosec community.
Being different lifted Javvad to starship faster than most, and by embracing the fame, he continue to share his valuable insights, ideas and humor worldwide.
And his Cosmic Girl? His award-winning daughter Girl Cynic, of course!
When it comes to Rock Star-ing – being different is good!
Slide 9: Be Daring!
Music: Serj Tankian: Uneducated Democracy
Some musicians just do their own thing. System of a Down spawned a singer-song-writer out of the extraordinary with Serj Tankian. Playing with words, music, emotions and energy, Serj is able to rock your emotions, beliefs and mind.
Serj accepts nothing for being a fixed truth- he dare to challenge the status quo, and he dares to ask the difficult questions, and to point fingers right where they need to be poked.
Being daring is vital when you have an important message to bring across.
Slide 10: Being Josh Corman
Just like Josh.
Joshua Corman is on a life-long mission to change the world. He dares to ask the right questions, to the right people, at the right time. Because he makes it the right time, the right people and the right questions.
Like Serj Tankian, Josh has a brilliant mind, a mind he use to better understand what our industry is all about, so he can help fixing it. Josh is all about understanding, analyzing and fixing.
Like when he dares to tell you that no-one is ever going to save you –
I am The Cavalry. Josh Corman
Meaning you are, and that you need to step up your game of defense.
So be brave, be daring!
Slide 11: Create that SHOCK!
Music: Miley Cyrus: Wrecking Ball
Occasionally, someone is getting more attention than others. Most of the time that happens because they have planned for it, or at least understand how media and crowds work together to feed a message in every channel, so often that it becomes the Main News that week.
Miley Cyrus knows that being SHOCKING will get you attention, and the attention of media.
Having attention, means more sales, more fans, and ultimately, more fame. Which in turn makes it easier to spread your message to more people, which builds more fame, which again makes your message stronger, and so on and on and on and on.
Slide 12: Mikko on a Ball
And fame is something this guy have. Mikko Hypponen of F-Secure have done it all (well, possibly except riding a metal ball nude, but what do I know). Like Miley, Mikko is smart, driven and has a somewhat Disney-like background, being the nice-guy and all.
Mikko also knows how to use media and the crowds to drive his message across. He may be the closest thing the Infosec community have to a Crowd-Drawing Rock Star, at least when he shows up at your event, the crowds come to.
And the key to using media? Be shocking! Or comment on the shocking news. Dance with your crowds, and make new friends while keeping your old ones close.
Miley and Mikko both know how to rock that boat!
Slide 13: Build followers…
Music: Metallica: Fight Fire with Fire
There are many bands and musicians that deserves a place in a presentation about infosec rockstar. IMO, non more so than Metallica. An international band (well, at least with members from Europe and US), Metallica creates a sort of music that when it came out, it was new and different, and that over the years have built an enormous following with fans around the globe.
Their attitude towards music, their fans and their search for perfection, is just what it takes to be great.
Slide 14: Rik the Rocker
Like Metallica, at least by the looks of it, Rik Ferguson is a true rocker. He has built a large following too. Being easily recognizable, while having a clear message, and consulting anyone from Mom&Pap to the Europol, Rik use a number of channels to build fans and followers.
He is a frequent conference speaker, he creates video lessons (well, Trend-Micro Advertising), and he digs into the deep end of technology.
Like Metallica, he not only looks the case, he delivers the goods too. And that is what it takes to build a large base of followers and fans. Like a real Rock Star!
Slide 15: …and make FANs!
Music: ACDC: Let me put my love into you
For many, ACDC is the epitome of Rock and Roll (or heavy metal, if you must). Their long careers in the industry has taken them around the world, they have seen and done things most of us can´t even dream of, and they still haven´t learned how to dress properly.
Despite all their oddities, and their age, ACDC is one of those bands that have “always been there”, and that has made them a huge number of fans.
Slide 16: Bruce the Rock Star
Like ACDC, Bruce Schneier have also “always been there”, and like ACDC, Bruce is a bit of an oddball. He can be difficult to talk with, he is doing his own stuff, and he seems to be most comfortable when he can observe, analyze and speak up his brilliant mind when he decides to.
Also like ACDC, Bruce´s following is so huge that it turned into the meme this presentation is based on:
"The closest the security industry has to a Rock Star» according to The Register.
Not only is he an Infosec Rock Star, he is also so loved that he is being mocked, and we all know that you only joke about those you love. Unless he really is Chuck Norris in disguise?
Possibly one of the most influential people in modern day infosec, Bruce has a vast knowledge that he shares through books, consulting, speeches and his blog. And like ACDC, he keeps selling the same story again and again, and we all love it!
Slide 17: Handshakin´Stevens
This is exactly how important Bruce is.
Slide 18: The Up and Coming – on a Mission from God
Now that we have gone through how to become an infosec rock star, let me just say this. No matter the who you consider a rock star, the single most important Rock Star in this room, is you!
This community needs more openness, care and sharing. We are on a mission from God, to create a safer world. To do that, we need to enable more people to share their stories, their ideas, their craziness and their knowledge.
If you take nothing but one thing from my presentation, take this:
The Up and Coming are the future of this industry. Let us work together to help them succeed!
Slide 19: The groupies are mine!
Oh, you wonder where the Groupies part of this presentation went?
I get to keep them! Get your own groupies!
Slide 20: Where is the party?
Thank you everyone for giving me your attention! A special thanks to @marigrini for asking the question:
“How do you get to be in this industry, and receive handkerchiefs like that!!??”
Now, where is that party!
Since you are still reading, Im guessing you´d like to see this, or other presentations, at your next event? Get in touch, and let´s see just what show I can put on for you!