So I just arrived back home after a great time in Austin, TX for South by Southwest Interactive where I spoke about ESAPI. I have given several versions of this talk in various forms over the last couple years but this is the first time I have ventured outside of the security community to get this information in front of a different audience. When I submitted the talk for consideration, I really didn't have high expectations of the talk getting picked - and when I got notification that some other talks had cancelled and they had selected the talk for SXSW I was not only extremely excited but, incredibly surprised! I was excited for a lot of reasons, as a musician I have wanted to attend SXSW for many years; as a public speaker I was excited to have speaking at such a large and respected event under my belt and as a security evangelist I was excited to put this material in front of a new and entirely different audience.
As I got my confirmed time slot I was a little put off. I was to give the last presentation of the interactive conference at one of the auxiliary campuses. As expected, there was a number of people that were interested in the talk, but either couldn't make the time slot or didn't want to travel to the venue for the talk. Additionally, the room was the largest at the venue - combined with the smaller draw I was concerned that I would start losing the people that had made the trek.
I was pleasantly surprised at the immediate interaction with the small audience and it turned out to be a very great intimate presentation and conversation with a very interested party. The questions and feedback from the audience was fantastic and even though their was about a 50/50 split of technical and non-technical people present everyone seemed to follow and participated in the conversation.
There were a few lessons learned from this experience - the most important was that at a conference the size of SXSW it is important to do plenty of your own promotion for your talk. I was ill-prepared for doing a great deal of my own promotion and quickly found myself wishing I had prepared a handbill that I could give out to all the people that I was talking to about the presentation while wandering around the trade show and parties. Most everybody that I spoke with seemed interested in the talk and asked questions about it - most of them even expressed interest in attending the talk, but when there are 20-30 talks scheduled at the same time throughout some 5-7 venues throughout downtown Austin, unless there is something that I can hand them to remind them to add the talk to their personal schedule it passes from memory quickly due to the sheer amount of conversations had. I also found myself wishing that I had made arrangements to have the talk video-recorded. I was initially under the impression that all interactive talks were being video recorded but found out that was not the case.
The SXSW volunteer staff was awesome, while in the green room we had access to technical staff and logistics staff to make sure that we had everything in order for our presentation with plenty of time to spare so there was no last minute scrambling. Any questions that they could not answer themselves were quickly answered when they could make a quick phone call.
All of the presentations will eventually be on the interactive podcasts page on sxsw.com - as soon as a link becomes available I will update this post with that link. In the meantime, the slides for the presentation are available online - and a paper with some details to accompany the slides will be available tomorrow.
Presentation Podcast: [Coming Soon]
Presentation Slides: http://portal.sliderocket.com/BLXKW/ESAPI
Presentation Paper: http://yet-another-dev.blogspot.com/p/datda.html
In conclusion, this was an extremely rewarding and humbling experience and has shown me that there are people outside of the security and OWASP communities that are thirsty for this information. I eagerly anticipate my next opportunity to present secure development and ESAPI to more and more communities.