1 00:00:00,000 --> 00:00:09,600 Welcome to the Azure Security Podcast where we discuss topics relating to security, privacy, 2 00:00:09,600 --> 00:00:13,440 reliability and compliance on the Microsoft Cloud Platform. 3 00:00:13,440 --> 00:00:18,300 Hey everybody, welcome to episode 92. 4 00:00:18,300 --> 00:00:23,120 This week it's just myself, Michael and Sarah, and we have a guest this week, Martin Abbott, 5 00:00:23,120 --> 00:00:26,940 who's here to talk to us about Global Azure. 6 00:00:26,940 --> 00:00:30,520 But before we get stuck into Global Azure and talking to Martin, let's take a little 7 00:00:30,520 --> 00:00:31,520 lap around the news. 8 00:00:31,520 --> 00:00:34,240 Sarah, why don't you kick things off? 9 00:00:34,240 --> 00:00:38,560 Okay, so I have some this news. 10 00:00:38,560 --> 00:00:40,440 So a couple of things. 11 00:00:40,440 --> 00:00:47,440 For a start, if you didn't see already, we announced Microsoft Ignite for 2024. 12 00:00:47,440 --> 00:00:52,400 It's going to be in November and it's going to be in Chicago. 13 00:00:52,400 --> 00:00:57,280 So pop that in your calendars if you haven't already. 14 00:00:57,280 --> 00:01:03,200 We've announced it much earlier this year, so hopefully more people can plan to come 15 00:01:03,200 --> 00:01:04,200 along. 16 00:01:04,200 --> 00:01:06,080 So that's exciting. 17 00:01:06,080 --> 00:01:08,360 I am hoping I will get to go. 18 00:01:08,360 --> 00:01:09,760 I don't know about you, Michael. 19 00:01:09,760 --> 00:01:15,080 I haven't been to Chicago since 2011, so it's been a while since I've been there. 20 00:01:15,080 --> 00:01:21,240 So yeah, assuming I get to go, I'm pretty excited for that. 21 00:01:21,240 --> 00:01:22,240 So that's the first one. 22 00:01:22,240 --> 00:01:26,880 Then a couple of things that I have been working on that have been released the last couple 23 00:01:26,880 --> 00:01:28,240 of weeks. 24 00:01:28,240 --> 00:01:34,600 We started airing, well, at the time of recording this a few days ago, a series called Co-Pilot 25 00:01:34,600 --> 00:01:37,360 LeetSpeak. 26 00:01:37,360 --> 00:01:41,840 I'm very happy we got to call it something kind of fun. 27 00:01:41,840 --> 00:01:45,680 It's a webinar series that's airing every couple of weeks. 28 00:01:45,680 --> 00:01:48,760 It's airing on Tuesdays at 9 a.m. Pacific time. 29 00:01:48,760 --> 00:01:53,880 But if that is not a good time for you, which it may well not be, if you live on my side 30 00:01:53,880 --> 00:01:56,000 of the world, it's not a great time. 31 00:01:56,000 --> 00:02:01,200 If you register for the webinar, you can also watch it on demand after the air date. 32 00:02:01,200 --> 00:02:04,480 Basically it's a 13-part series. 33 00:02:04,480 --> 00:02:09,640 We're interviewing some Microsoft folks and also some external industry experts about 34 00:02:09,640 --> 00:02:10,640 AI security. 35 00:02:10,640 --> 00:02:15,720 Obviously, there's some Co-Pilot in there, as it would suggest by the name, but it is 36 00:02:15,720 --> 00:02:20,160 more generally a series just interviewing experts and people who really know what they're 37 00:02:20,160 --> 00:02:23,240 talking about about AI security. 38 00:02:23,240 --> 00:02:26,080 And obviously we all know that's a hot topic at the moment. 39 00:02:26,080 --> 00:02:29,040 So if you're interested, go sign up. 40 00:02:29,040 --> 00:02:33,880 And the episode started airing, as I said, at the time of recording a couple of days 41 00:02:33,880 --> 00:02:37,720 ago, but it's going to be running all the way through to August. 42 00:02:37,720 --> 00:02:42,800 So I'm biased, of course, but there's an amazing host doing the interviews. 43 00:02:42,800 --> 00:02:45,280 So go check that out. 44 00:02:45,280 --> 00:02:51,580 The other thing, the last thing I have for today is we released a Security 101 course. 45 00:02:51,580 --> 00:02:52,580 It's completely open-sourced. 46 00:02:52,580 --> 00:02:56,640 We'll have the links to all of these in the show notes, by the way. 47 00:02:56,640 --> 00:02:59,520 And it's a security basics course. 48 00:02:59,520 --> 00:03:00,720 And I do mean basics. 49 00:03:00,720 --> 00:03:03,040 It's literally explaining seven lessons. 50 00:03:03,040 --> 00:03:06,500 They should take maybe about half an hour to an hour. 51 00:03:06,500 --> 00:03:13,360 And it's explaining the very basic fundamentals of security. 52 00:03:13,360 --> 00:03:15,720 It has also been written by my good self. 53 00:03:15,720 --> 00:03:19,680 You can watch some videos of me as well in that course. 54 00:03:19,680 --> 00:03:27,240 But it's maybe for probably a lot of the folks listening, it might be a little bit too foundational. 55 00:03:27,240 --> 00:03:34,600 But if you have any people who are wanting to get a base in security basics, that's not 56 00:03:34,600 --> 00:03:40,640 product focus at all, that's all just about understanding those principles like the CIA 57 00:03:40,640 --> 00:03:44,400 triad, what a security control is, et cetera, et cetera. 58 00:03:44,400 --> 00:03:47,400 Then it's worth going and checking out as a starting point. 59 00:03:47,400 --> 00:03:48,400 And it is entirely open-sourced. 60 00:03:48,400 --> 00:03:49,400 It's on GitHub. 61 00:03:49,400 --> 00:03:50,760 So you can clone it. 62 00:03:50,760 --> 00:03:52,680 You can do whatever you want with it. 63 00:03:52,680 --> 00:03:56,880 It is there for you to use as you wish. 64 00:03:56,880 --> 00:03:58,440 So go check that out as well. 65 00:03:58,440 --> 00:04:02,680 That's at aka.ms slash sec 101 dash beginners. 66 00:04:02,680 --> 00:04:06,120 So yeah, and it was released about 10 days ago. 67 00:04:06,120 --> 00:04:08,880 Again, at the time we're recording the podcast. 68 00:04:08,880 --> 00:04:13,040 And the response has been really amazing for this one in particular. 69 00:04:13,040 --> 00:04:17,480 It's had crazy amounts of views because of course we can track the views on the GitHub 70 00:04:17,480 --> 00:04:23,400 repo and apparently lots of people need to know their basics still, which is probably 71 00:04:23,400 --> 00:04:24,400 not surprising. 72 00:04:24,400 --> 00:04:26,760 Anyway, that's all the news from me. 73 00:04:26,760 --> 00:04:28,860 So Michael, over to you. 74 00:04:28,860 --> 00:04:31,800 On the topic of the security training, yeah, I'm a huge fan of that sort of stuff. 75 00:04:31,800 --> 00:04:35,280 I think we can't assume that everyone knows everything about security, right? 76 00:04:35,280 --> 00:04:40,640 We have to make sure that there's a new wave of people learning security. 77 00:04:40,640 --> 00:04:45,920 I mean, it's just such a fundamental thing today with this massively interconnected environment 78 00:04:45,920 --> 00:04:50,780 that we have called the internet that if you're building something or designing something 79 00:04:50,780 --> 00:04:54,440 or whatever or managing something on the internet, you really want to make sure it's secure. 80 00:04:54,440 --> 00:05:00,040 So I think sort of helping the next generation, so to speak, is really huge. 81 00:05:00,040 --> 00:05:02,480 So as to my news, a few items. 82 00:05:02,480 --> 00:05:09,520 The first one is my colleague Peter Van Hover has written an article on always encrypted 83 00:05:09,520 --> 00:05:12,200 SGX and VBS enclaves. 84 00:05:12,200 --> 00:05:19,960 So SGX being the Intel Software Guard extensions and VBS being virtualization based security. 85 00:05:19,960 --> 00:05:24,280 So that's two different enclave technologies that we have when using always encrypted. 86 00:05:24,280 --> 00:05:27,920 And Peter wrote a blog post sort of comparing and contrasting the two very well worth a 87 00:05:27,920 --> 00:05:28,920 read. 88 00:05:28,920 --> 00:05:33,880 So my personal preference is VBS mainly because it's just easier to set up and there are more 89 00:05:33,880 --> 00:05:36,440 options in terms of the computer underneath. 90 00:05:36,440 --> 00:05:38,640 But hey, sometimes you might have to use SGX. 91 00:05:38,640 --> 00:05:40,880 So go ahead and read the article. 92 00:05:40,880 --> 00:05:42,560 Next one is we now. 93 00:05:42,560 --> 00:05:47,920 So okay, the very most fundamental level in Windows, there is a thing called SimCrypt. 94 00:05:47,920 --> 00:05:53,500 SimCrypt means symmetric encryption, even though it does asymmetric as well in hashing. 95 00:05:53,500 --> 00:05:55,680 The most lowest level is this thing called SimCrypt. 96 00:05:55,680 --> 00:06:01,920 We've now got a Rust crate that wraps those APIs, which is actually really nice. 97 00:06:01,920 --> 00:06:09,200 So now you can actually build into your Rust applications, FIPS 140-2 validated modules 98 00:06:09,200 --> 00:06:12,600 into your Rust code, which is really cool. 99 00:06:12,600 --> 00:06:19,040 And it's just another example of Microsoft's commitment to the Rust infrastructure. 100 00:06:19,040 --> 00:06:23,560 Next is a video that I recorded with my colleague Anna Hoffman. 101 00:06:23,560 --> 00:06:28,120 Last time I was in Seattle and it's just, I don't know, it's just me vocalizing some 102 00:06:28,120 --> 00:06:34,200 security best practices around, I mean, not just SQL databases, but certainly SQL databases 103 00:06:34,200 --> 00:06:38,500 in general, but it's just some security best practices that people need to think about. 104 00:06:38,500 --> 00:06:41,960 So that video is available right now as well. 105 00:06:41,960 --> 00:06:49,280 And last on the news front, Defender for Cloud has now added a whole bunch of new compliance 106 00:06:49,280 --> 00:06:58,800 checks that apply to both, sorry, that apply to AWS, Azure and GCP. 107 00:06:58,800 --> 00:07:01,140 More compliance checks is always a good thing. 108 00:07:01,140 --> 00:07:04,080 So they're actually in preview now, if I remember correctly. 109 00:07:04,080 --> 00:07:05,560 But yeah, go and check that out again. 110 00:07:05,560 --> 00:07:09,280 So to all the things that Sarah and I just talked about, we'll have links in the show 111 00:07:09,280 --> 00:07:10,280 notes. 112 00:07:10,280 --> 00:07:13,280 Now let's turn our attention to our guest. 113 00:07:13,280 --> 00:07:17,280 As I mentioned, we have Martin here this week, who's here to talk to us about global Azure. 114 00:07:17,280 --> 00:07:19,680 So Martin, welcome to the podcast. 115 00:07:19,680 --> 00:07:23,960 We'd like to just take a moment to sort of introduce yourself to our listeners. 116 00:07:23,960 --> 00:07:26,000 Thanks Michael, and thanks Sarah for the invite. 117 00:07:26,000 --> 00:07:27,520 Yeah, so hello, Martin Abbott. 118 00:07:27,520 --> 00:07:31,400 I'm one of the admin team for global Azure. 119 00:07:31,400 --> 00:07:33,520 I'm actually a Brit in Australia. 120 00:07:33,520 --> 00:07:38,880 I live in Perth, Western Australia, which I like to think is the sunniest state of Australia, 121 00:07:38,880 --> 00:07:40,920 of course, because that's where I live. 122 00:07:40,920 --> 00:07:47,520 Yes, my background is very much around systems integration and integrating various distributed 123 00:07:47,520 --> 00:07:52,280 systems and enterprise systems in a secure and meaningful way. 124 00:07:52,280 --> 00:07:54,280 But more latterly around Azure as well. 125 00:07:54,280 --> 00:07:58,200 I did work for Microsoft two and a half years as well, until about a year ago. 126 00:07:58,200 --> 00:08:03,120 And now I work for a very large WA government department where I'm running a huge program 127 00:08:03,120 --> 00:08:05,560 of work, which is terribly, terribly exciting. 128 00:08:05,560 --> 00:08:09,400 But again, it's all again, down to things like financial systems and so on and so forth. 129 00:08:09,400 --> 00:08:12,640 So security is a pretty key aspect of all that stuff. 130 00:08:12,640 --> 00:08:19,080 So Martin, just there for anyone listening, WA government, that's the Western Australian 131 00:08:19,080 --> 00:08:20,080 government, right? 132 00:08:20,080 --> 00:08:21,080 The state government. 133 00:08:21,080 --> 00:08:22,080 Correct. 134 00:08:22,080 --> 00:08:23,080 Yes, yes, absolutely. 135 00:08:23,080 --> 00:08:24,080 Western Australian government. 136 00:08:24,080 --> 00:08:25,080 Yeah, not Washington. 137 00:08:25,080 --> 00:08:26,080 Not Washington state. 138 00:08:26,080 --> 00:08:27,080 Not Washington state. 139 00:08:27,080 --> 00:08:30,880 It's surprising how many times that gets mixed up. 140 00:08:30,880 --> 00:08:33,160 I'm sure, I'm sure. 141 00:08:33,160 --> 00:08:35,200 That's what I think of too, you know? 142 00:08:35,200 --> 00:08:40,920 I think of, I think, well now I think of both because I've lived in both Washington and 143 00:08:40,920 --> 00:08:41,920 Australia. 144 00:08:41,920 --> 00:08:47,480 I probably will context switch appropriately, but it does depend sometimes. 145 00:08:47,480 --> 00:08:51,400 All right, so let's get to the most obvious of questions. 146 00:08:51,400 --> 00:08:54,480 And that is, so what is global Azure? 147 00:08:54,480 --> 00:08:56,600 And honestly, why should anybody care? 148 00:08:56,600 --> 00:09:00,680 Right, so a little bit of history, I suppose, is probably where to start. 149 00:09:00,680 --> 00:09:05,120 So global Azure was started, I think it was 12 years, this is our 12th year. 150 00:09:05,120 --> 00:09:11,280 And by a couple of guys called Magnus Martensson, who's regional director and Microsoft most 151 00:09:11,280 --> 00:09:14,560 valuable professional, and Alan Smith in Sweden. 152 00:09:14,560 --> 00:09:18,880 Soon after that, a couple of other people joined and the snowball started getting bigger 153 00:09:18,880 --> 00:09:19,880 and bigger and bigger. 154 00:09:19,880 --> 00:09:26,560 And essentially what it is, it's an effort by the community for the community. 155 00:09:26,560 --> 00:09:30,920 So we encourage local user groups to run events. 156 00:09:30,920 --> 00:09:32,560 We run it on a very specific day. 157 00:09:32,560 --> 00:09:35,360 And we kind of try and follow the sun. 158 00:09:35,360 --> 00:09:41,120 So I think our greatest achievement there was starting in Auckland and finishing in 159 00:09:41,120 --> 00:09:44,620 Hawaii, that's a few years ago. 160 00:09:44,620 --> 00:09:50,640 This year, we're up to about 50 odd locations, something like 50 or 60 locations globally, 161 00:09:50,640 --> 00:09:53,280 and that's accelerating as we get closer to the dates. 162 00:09:53,280 --> 00:09:58,200 The dates this year, by the way, just a very important case in point really is April 18 163 00:09:58,200 --> 00:09:59,920 to April 20. 164 00:09:59,920 --> 00:10:03,560 We're running for three days this year, last year and the year before. 165 00:10:03,560 --> 00:10:07,280 And actually all the way through COVID, we ran through for three days. 166 00:10:07,280 --> 00:10:08,280 Prior to that, it was just the Saturday. 167 00:10:08,280 --> 00:10:12,440 Yeah, so that's kind of roughly it in a nutshell. 168 00:10:12,440 --> 00:10:16,080 We kind of coordinate events, I suppose, and we make sure that people are sponsorship and 169 00:10:16,080 --> 00:10:17,080 so on and so forth. 170 00:10:17,080 --> 00:10:19,080 So we're encouraging sponsors to come on board right now. 171 00:10:19,080 --> 00:10:21,920 And of course, Microsoft is one of our biggest sponsors. 172 00:10:21,920 --> 00:10:26,180 Most of the folks listening to this podcast are either security people or very interested 173 00:10:26,180 --> 00:10:27,180 in security. 174 00:10:27,180 --> 00:10:34,640 So in terms of, of course, you said, you know, people can submit any kind of Azure topic. 175 00:10:34,640 --> 00:10:39,840 But of course, just to be super clear, that does include security, right? 176 00:10:39,840 --> 00:10:41,560 That's an important topic. 177 00:10:41,560 --> 00:10:42,560 100%. 178 00:10:42,560 --> 00:10:47,000 And look, the security doesn't end with, you know, Defender and various other technologies, 179 00:10:47,000 --> 00:10:52,080 of course, it includes anything to do with, you know, software to software security, you 180 00:10:52,080 --> 00:10:53,080 know, as well. 181 00:10:53,080 --> 00:10:59,160 Whether that's through an API layer, whether that's through some kind of containerization. 182 00:10:59,160 --> 00:11:05,120 So it's across the board and making sure, you know, if you go back to that time when 183 00:11:05,120 --> 00:11:08,760 Bill Gates sat down and said security is the number one thing that we need to worry about, 184 00:11:08,760 --> 00:11:10,000 it's all to do with that. 185 00:11:10,000 --> 00:11:13,280 Security is across the board in everything. 186 00:11:13,280 --> 00:11:14,280 So. 187 00:11:14,280 --> 00:11:16,040 Michael, you will know more about this. 188 00:11:16,040 --> 00:11:20,840 I like to laugh at Michael because he's been at Microsoft for a very long time and remembers 189 00:11:20,840 --> 00:11:25,120 the days of Bill Gates and Bill Gates and all of that. 190 00:11:25,120 --> 00:11:30,400 So Michael, you remember when Bill Gates talked about trusted computing and all of that stuff, 191 00:11:30,400 --> 00:11:31,400 right? 192 00:11:31,400 --> 00:11:32,400 Actually, it was trustworthy computing. 193 00:11:32,400 --> 00:11:35,640 So but yes, I do remember it very well. 194 00:11:35,640 --> 00:11:39,960 And also, you know, back in those days, he referenced Running Secure Courage, which was 195 00:11:39,960 --> 00:11:42,840 a book that David LeBlanc and I had written at the time. 196 00:11:42,840 --> 00:11:45,680 So yeah, very, very familiar with those days. 197 00:11:45,680 --> 00:11:48,260 Can you still buy that book, Michael? 198 00:11:48,260 --> 00:11:53,620 Because I know that you've well, as you and I know, I sometimes meet people who listen 199 00:11:53,620 --> 00:11:55,200 to the podcast. 200 00:11:55,200 --> 00:12:01,640 And recently I met a gentleman who said he really needed to meet Michael because he needed 201 00:12:01,640 --> 00:12:05,280 him to sign the copy of his book. 202 00:12:05,280 --> 00:12:07,480 Yeah, no, you can still buy it. 203 00:12:07,480 --> 00:12:10,000 In fact, you know, actually, to be honest with you, I'm still getting royalties off the 204 00:12:10,000 --> 00:12:11,000 book. 205 00:12:11,000 --> 00:12:13,040 I mean, it's not like tons and tons of money at this point. 206 00:12:13,040 --> 00:12:15,280 But but yeah, no, you can still buy it. 207 00:12:15,280 --> 00:12:16,280 Yeah. 208 00:12:16,280 --> 00:12:18,280 I mean, imagine getting called out by Bill Gates. 209 00:12:18,280 --> 00:12:19,280 That's pretty cool. 210 00:12:19,280 --> 00:12:20,280 Yeah, there's a whole long story there. 211 00:12:20,280 --> 00:12:21,280 One day I'll tell the story. 212 00:12:21,280 --> 00:12:26,240 There is actually a very long story there that I'm all right, we don't have time to 213 00:12:26,240 --> 00:12:27,240 do it right now. 214 00:12:27,240 --> 00:12:30,520 But one day, yeah, I think we need we need to document that at some point. 215 00:12:30,520 --> 00:12:31,520 Absolutely. 216 00:12:31,520 --> 00:12:32,520 That's an episode. 217 00:12:32,520 --> 00:12:34,520 That's a separate episode, maybe Michael. 218 00:12:34,520 --> 00:12:35,520 I think so. 219 00:12:35,520 --> 00:12:36,520 Yeah. 220 00:12:36,520 --> 00:12:37,520 All right, let's get back to the topic. 221 00:12:37,520 --> 00:12:41,160 And yeah, yeah, we digress. 222 00:12:41,160 --> 00:12:47,360 But Martin, so I mean, I mean, anybody who has met me or follow some of my activities 223 00:12:47,360 --> 00:12:52,840 knows I spend a lot of time in conferences and submitting to conferences and doing call 224 00:12:52,840 --> 00:12:53,840 for papers. 225 00:12:53,840 --> 00:12:57,360 But and this is something we haven't talked about in the podcast. 226 00:12:57,360 --> 00:12:59,480 But what would you say? 227 00:12:59,480 --> 00:13:04,000 Because I often come across people who say, Sarah, your job looks very glamorous. 228 00:13:04,000 --> 00:13:07,820 You get to go and talk at lots of conferences and do things. 229 00:13:07,820 --> 00:13:13,480 But how do I get into like the conference speaker circuit? 230 00:13:13,480 --> 00:13:17,440 And of course, global Azure is an opportunity for people to do that. 231 00:13:17,440 --> 00:13:23,760 So if there were people listening who maybe have not submitted to a conference to a call 232 00:13:23,760 --> 00:13:28,440 for papers before, do you have any tips for them or thoughts? 233 00:13:28,440 --> 00:13:32,920 Would you say global Azure is a, you know, a good place for people to kind of cut their 234 00:13:32,920 --> 00:13:36,280 teeth if they've not done it before? 235 00:13:36,280 --> 00:13:42,800 I think the nice thing about global Azure is that we really encourage things to be locally 236 00:13:42,800 --> 00:13:48,520 run and and, you know, whilst we can't provide financial support for any of that, one of 237 00:13:48,520 --> 00:13:53,840 the things we do encourage is that is that those local organizations, and in my case, 238 00:13:53,840 --> 00:13:58,320 that's the Perth Azure user group here in Western Australia, that they actually publish 239 00:13:58,320 --> 00:14:00,920 CFPs, so call for papers. 240 00:14:00,920 --> 00:14:06,240 So essentially what there's many ways of doing that, but by far the most common way is to 241 00:14:06,240 --> 00:14:11,720 go through a piece of software or a website called Sessionize, where you can log in and 242 00:14:11,720 --> 00:14:13,520 essentially there's two aspects to Sessionize. 243 00:14:13,520 --> 00:14:19,640 One is the view that people who are organizing events see, which is that ability to do a 244 00:14:19,640 --> 00:14:20,640 call for papers. 245 00:14:20,640 --> 00:14:26,480 And the other side of that is what us as individuals who are submitting presentations see, which 246 00:14:26,480 --> 00:14:30,000 is where we essentially create a list of the things that we want to talk about. 247 00:14:30,000 --> 00:14:34,080 So typical presentations, you know, so title and the content. 248 00:14:34,080 --> 00:14:38,920 And then when it comes to running through a CFP or going to a CFP, it's very easy to 249 00:14:38,920 --> 00:14:41,720 then submit your talk because you've already written it essentially. 250 00:14:41,720 --> 00:14:44,320 So you can just push that talk to the people. 251 00:14:44,320 --> 00:14:48,120 The good thing about the Sessionize side of things is global Azure actually has some really 252 00:14:48,120 --> 00:14:50,440 tight integration into Sessionize. 253 00:14:50,440 --> 00:14:57,040 So if you do run your CFP through Sessionize as a local event, you can actually publish 254 00:14:57,040 --> 00:15:04,440 the speakers information and the talk that they're talking about directly through to 255 00:15:04,440 --> 00:15:05,440 global Azure's website. 256 00:15:05,440 --> 00:15:10,560 So I mean, I know Sessionize well, that's one of my favorite CFP platforms because it 257 00:15:10,560 --> 00:15:14,600 remembers all my talks so I can just resubmit them if I want to. 258 00:15:14,600 --> 00:15:21,000 But in terms of, and I have some thoughts here too, in terms of sometimes people ask 259 00:15:21,000 --> 00:15:23,480 me like, what are good topics? 260 00:15:23,480 --> 00:15:29,000 And now I know I realize that it's a very difficult question to answer because of course 261 00:15:29,000 --> 00:15:33,920 a good topic in inverted commas could be, there are many good topics out there. 262 00:15:33,920 --> 00:15:41,520 But in terms of, do you have any sort of thoughts or advice for people on how to craft a good 263 00:15:41,520 --> 00:15:47,240 CFP submission or things to avoid, do's and don'ts? 264 00:15:47,240 --> 00:15:50,640 I've got some things to add here after you say something, by the way. 265 00:15:50,640 --> 00:15:57,640 Yeah, I mean, I think the key thing here is that it's important to just go for it, right? 266 00:15:57,640 --> 00:16:02,000 So you'll find, and one thing that I've always found very useful when I've done CFP submissions 267 00:16:02,000 --> 00:16:06,680 in the past is actually reaching out to organizers afterwards if I haven't been accepted and 268 00:16:06,680 --> 00:16:11,360 finding out roughly what went wrong, what were they looking for? 269 00:16:11,360 --> 00:16:15,640 And most organizers are pretty good and will tell you and give you some feedback. 270 00:16:15,640 --> 00:16:18,640 That's one good tip that I've always found is really useful. 271 00:16:18,640 --> 00:16:25,120 In terms of topics, I think the topic can be largely anything, but remember that a lot 272 00:16:25,120 --> 00:16:30,480 of the larger organizational conferences, so things like the NDC conferences is a good 273 00:16:30,480 --> 00:16:31,600 example of this. 274 00:16:31,600 --> 00:16:33,920 They get thousands of submissions. 275 00:16:33,920 --> 00:16:37,720 So having a catchy title can be the difference between whether your thing gets accepted or 276 00:16:37,720 --> 00:16:38,720 not. 277 00:16:38,720 --> 00:16:39,720 So that's one thing. 278 00:16:39,720 --> 00:16:47,100 Probably in your CFP content, I've always found that I prefer to not go into too much 279 00:16:47,100 --> 00:16:51,680 technical detail, and that's just a personal thing. 280 00:16:51,680 --> 00:16:53,520 But you do have to try and tell a story. 281 00:16:53,520 --> 00:16:58,240 So snappy title and a good story in your CFP submission is certainly one of the things 282 00:16:58,240 --> 00:17:01,680 that gets me excited when I read them. 283 00:17:01,680 --> 00:17:05,840 But I think the key thing really as a person is submitting is just keep submitting, just 284 00:17:05,840 --> 00:17:09,080 keep submitting because you will get accepted to somewhere. 285 00:17:09,080 --> 00:17:13,520 And then, as I say, just seek feedback as to when you haven't been accepted. 286 00:17:13,520 --> 00:17:20,440 Yeah, and I want to add to that someone who both submits to conferences and actually does 287 00:17:20,440 --> 00:17:23,160 reviews, paper reviews as well. 288 00:17:23,160 --> 00:17:27,200 What I can say, and I'm going to talk obviously very specifically about security side of the 289 00:17:27,200 --> 00:17:33,680 house, is it doesn't matter if you think a topic's been done before, as long as maybe 290 00:17:33,680 --> 00:17:36,020 you have a new angle on it. 291 00:17:36,020 --> 00:17:43,040 But also don't jump on the bandwagon of something that's currently trendy just for the sake 292 00:17:43,040 --> 00:17:44,040 of it. 293 00:17:44,040 --> 00:17:46,080 This is probably the best advice I can give people. 294 00:17:46,080 --> 00:17:51,560 So I can tell you that I, and Michael, you might have some thoughts here too. 295 00:17:51,560 --> 00:17:58,040 I can tell you that I did a CFP review for an event where I had to review around a thousand 296 00:17:58,040 --> 00:17:59,800 papers. 297 00:17:59,800 --> 00:18:04,640 That was a silly amount of papers, but that's a different discussion, a different story. 298 00:18:04,640 --> 00:18:12,240 But I tell you, probably at least 10% of them, and this was a very broad security conference, 299 00:18:12,240 --> 00:18:16,800 but at least I'd say 10% of them were about AI security. 300 00:18:16,800 --> 00:18:22,160 Now of course AI security is new, it's trendy, everyone wants to talk about it. 301 00:18:22,160 --> 00:18:29,400 But the fact is, and this was six months ago, the fact is that a lot of, most people are 302 00:18:29,400 --> 00:18:32,120 not experts in AI security at the moment. 303 00:18:32,120 --> 00:18:37,760 And of these 10% of talks, I'd say almost all of them were just AI security is interesting. 304 00:18:37,760 --> 00:18:38,760 What can we do with it? 305 00:18:38,760 --> 00:18:44,840 I think there was no interesting angle, the people, also when it's somebody, one of the 306 00:18:44,840 --> 00:18:51,400 reasons you put a bio in a presentation, when a submission is, is so you can sort of see, 307 00:18:51,400 --> 00:18:55,480 you know, your level of expertise or your background and why you might be qualified 308 00:18:55,480 --> 00:18:57,320 to talk in something. 309 00:18:57,320 --> 00:19:00,000 And most people didn't have any background at all. 310 00:19:00,000 --> 00:19:04,720 They were just submitting for the sake of it because that's the trendy thing. 311 00:19:04,720 --> 00:19:11,400 And that really isn't going to necessarily, it does obviously depend on conference organizers, 312 00:19:11,400 --> 00:19:14,400 but a lot of the time that's not going to help you be successful. 313 00:19:14,400 --> 00:19:20,200 So I really strongly advise people to talk about something you actually know about or 314 00:19:20,200 --> 00:19:25,760 talk about, you know, don't just submit something about AI security, for example, because that's 315 00:19:25,760 --> 00:19:27,640 trendy right now. 316 00:19:27,640 --> 00:19:33,140 Because if you don't look like you actually know it, if it's not a topic that you're super 317 00:19:33,140 --> 00:19:37,600 familiar with or you have any level of knowledge of, what will happen is you'll just write 318 00:19:37,600 --> 00:19:43,600 a very generic submission and it will probably be the same as 15 others and that will reduce 319 00:19:43,600 --> 00:19:45,440 your likelihood of being successful. 320 00:19:45,440 --> 00:19:51,280 I don't know, Michael, you've been around the block and you must have done some CFPs 321 00:19:51,280 --> 00:19:52,280 in your time. 322 00:19:52,280 --> 00:19:54,800 Yeah, you know, I have a different, slightly different angle on this. 323 00:19:54,800 --> 00:19:58,800 And that is, first of all, I totally agree. 324 00:19:58,800 --> 00:20:02,560 You know, if you are passionate about what you do and you know your stuff really well 325 00:20:02,560 --> 00:20:07,640 and you have interesting ideas, then just keep, you know, just keep signing up for CFPs, 326 00:20:07,640 --> 00:20:09,000 just keep submitting, just keep submitting. 327 00:20:09,000 --> 00:20:10,000 I totally agree. 328 00:20:10,000 --> 00:20:14,680 The other thing is, to Sarah's point, you've got to be an expert in your field. 329 00:20:14,680 --> 00:20:18,760 It doesn't matter what topic you're doing, you've got to make sure you know the topic. 330 00:20:18,760 --> 00:20:20,480 And let me give an example. 331 00:20:20,480 --> 00:20:24,840 Back in the very, very earliest days of Microsoft when I first started, most of what I did was 332 00:20:24,840 --> 00:20:29,720 on Windows, Windows development using the Windows SDK and the C compiler back in the 333 00:20:29,720 --> 00:20:30,720 day. 334 00:20:30,720 --> 00:20:34,760 You know, you asked me a question, if I was presenting on those on those topics, you know, 335 00:20:34,760 --> 00:20:37,680 you throw a question at me, you know, I've got you covered more than likely. 336 00:20:37,680 --> 00:20:42,560 Well, I would often get asked to do like presentations on Microsoft Office and so on and so forth 337 00:20:42,560 --> 00:20:43,560 back in the day. 338 00:20:43,560 --> 00:20:45,480 And I knew nothing about Office. 339 00:20:45,480 --> 00:20:49,760 In fact, it got to a point where I would actually say, look, I'm not presenting on that because 340 00:20:49,760 --> 00:20:51,920 I don't know that I don't know it well enough. 341 00:20:51,920 --> 00:20:57,160 And so you got to make sure that, you know, to your point, it's not just a generic presentation, 342 00:20:57,160 --> 00:21:01,400 it has to be a presentation that you know, technically, you know, very, very well, because 343 00:21:01,400 --> 00:21:03,960 you want people to throw questions at you. 344 00:21:03,960 --> 00:21:08,160 And look, we don't we don't always know the answers to absolutely everything. 345 00:21:08,160 --> 00:21:12,360 But if you come across as someone who really doesn't know anything at all about the topic, 346 00:21:12,360 --> 00:21:14,120 you know, it's just not going to go well. 347 00:21:14,120 --> 00:21:17,600 And that will show in the in the scores that you get, you know, the feedback that you get, 348 00:21:17,600 --> 00:21:22,200 you may not ever get invited back to a presentation to, you know, if you just don't know what 349 00:21:22,200 --> 00:21:23,820 the heck you're talking about. 350 00:21:23,820 --> 00:21:25,760 So that's number one. 351 00:21:25,760 --> 00:21:31,360 Number two, one of the nice things about doing these things is getting your name out there. 352 00:21:31,360 --> 00:21:39,080 The big part of sort of security, just tech in general, but definitely security is being 353 00:21:39,080 --> 00:21:44,440 known as the person who is, you know, well known, you know, covering a specific topic. 354 00:21:44,440 --> 00:21:48,000 You know, let's say security and AI. 355 00:21:48,000 --> 00:21:50,720 Well, that's a very big topic. 356 00:21:50,720 --> 00:21:53,120 So what do you have new to bring to the table? 357 00:21:53,120 --> 00:21:56,920 And if it's something really new that no one's ever thought about before or an interesting 358 00:21:56,920 --> 00:22:01,480 way of looking at it, then, you know, that could that could end up going down as your 359 00:22:01,480 --> 00:22:04,680 magnum opus, you know, and you're the person who kicked that off. 360 00:22:04,680 --> 00:22:09,200 The way I look at it is not a great analog, but here we go. 361 00:22:09,200 --> 00:22:12,560 Smashing the stack for fun and profit by a left one, right? 362 00:22:12,560 --> 00:22:15,240 That was probably the seminal paper on the topic. 363 00:22:15,240 --> 00:22:19,920 And a left one was like the go to person when it came to all, you know, stack based memory 364 00:22:19,920 --> 00:22:20,920 corruption vulnerabilities. 365 00:22:20,920 --> 00:22:26,560 There's been not numerous papers like that and presentations like that. 366 00:22:26,560 --> 00:22:31,480 And, you know, are you going to be the next person to do the next smashing the stack for 367 00:22:31,480 --> 00:22:39,200 fun and profit, you know, but in AI or perhaps in crypto or perhaps in scalability and security? 368 00:22:39,200 --> 00:22:40,200 So I don't know. 369 00:22:40,200 --> 00:22:46,520 I mean, you know, forge your own path on the topic of reviewing, you know, papers in the 370 00:22:46,520 --> 00:22:48,160 call for papers. 371 00:22:48,160 --> 00:22:53,440 I don't like people who provide basically war and peace. 372 00:22:53,440 --> 00:22:55,120 Like it's a five page submission. 373 00:22:55,120 --> 00:23:01,160 I mean, luckily today I can throw that into chat GPT and get a summary, but 99 times out 374 00:23:01,160 --> 00:23:02,720 of 10, I'm going to gloss over it. 375 00:23:02,720 --> 00:23:06,000 Like, I'm not trying to be rude, but to your point, Sarah, if you've got like a hundred 376 00:23:06,000 --> 00:23:12,280 or more CFPs submissions to review, you know, there's only so much time in the day. 377 00:23:12,280 --> 00:23:17,120 And if you give me like a succinct two paragraphs to the point and to your point, Martin, about 378 00:23:17,120 --> 00:23:19,840 telling a story, I'm a huge fan of that. 379 00:23:19,840 --> 00:23:21,800 Tell your story. 380 00:23:21,800 --> 00:23:26,360 And you know, if you can grip me quickly, catch my attention quickly, then the odds 381 00:23:26,360 --> 00:23:30,800 are better that I'm going to say okay to you or to your submission. 382 00:23:30,800 --> 00:23:31,800 So it's just some of my thoughts. 383 00:23:31,800 --> 00:23:35,720 I realize a bit rambling, but some of my brain works anyway. 384 00:23:35,720 --> 00:23:37,720 But yeah, any other thoughts on any of that stuff? 385 00:23:37,720 --> 00:23:42,560 Yeah, I mean, I'm a huge fan of the two paragraph presentation summary, right? 386 00:23:42,560 --> 00:23:48,280 You know, it's the setting the scene and then slightly more dig into the detail of things. 387 00:23:48,280 --> 00:23:55,720 I will just say one thing about some other aspects of this though, and that is that expert 388 00:23:55,720 --> 00:23:59,240 is one part, but actually just trying to give it a go is also good. 389 00:23:59,240 --> 00:24:01,240 What do you mean by giving it a go? 390 00:24:01,240 --> 00:24:04,600 At Global Azure, we try and encourage anybody to submit. 391 00:24:04,600 --> 00:24:05,600 Of course we do. 392 00:24:05,600 --> 00:24:10,000 At the same time, we, you know, at Perth Azure User Group, we sometimes run lightning talks 393 00:24:10,000 --> 00:24:17,160 for people who are very early in their presentation career, I guess, and people who are fairly 394 00:24:17,160 --> 00:24:18,560 early in career as well. 395 00:24:18,560 --> 00:24:27,560 So sometimes there's aspects that are people who are knowledgeable in their area, but may 396 00:24:27,560 --> 00:24:33,880 not be experts, but are just trying to forge their own path in terms of beginning to present 397 00:24:33,880 --> 00:24:34,880 at conferences. 398 00:24:34,880 --> 00:24:36,840 Actually, I like that idea. 399 00:24:36,840 --> 00:24:39,700 The lightning talks idea is fantastic. 400 00:24:39,700 --> 00:24:44,920 Some of the best lightning talks I saw, let's say between five and 10 minutes long max, 401 00:24:44,920 --> 00:24:47,200 hey, we tried to do this security thing. 402 00:24:47,200 --> 00:24:48,440 Doesn't have to be security, obviously. 403 00:24:48,440 --> 00:24:50,160 I'm just giving an example. 404 00:24:50,160 --> 00:24:51,760 We tried to do the security thing. 405 00:24:51,760 --> 00:24:56,360 It didn't work, but here's everything we learned along the way that actually got it to work 406 00:24:56,360 --> 00:24:58,400 and got it to work at scale. 407 00:24:58,400 --> 00:25:00,700 That sort of stuff is gold, right? 408 00:25:00,700 --> 00:25:01,700 People's actual experience. 409 00:25:01,700 --> 00:25:03,000 It's not what's in the manuals. 410 00:25:03,000 --> 00:25:06,720 It's not what's in learn.microsoft.com. 411 00:25:06,720 --> 00:25:09,840 It's not in the online documentation. 412 00:25:09,840 --> 00:25:15,520 It's actually stuff that you really did in the real world and things didn't necessarily 413 00:25:15,520 --> 00:25:20,680 go as well as you thought they would go, but the lightning talk covers just the real world 414 00:25:20,680 --> 00:25:21,680 experiences. 415 00:25:21,680 --> 00:25:27,040 Yeah, that from the trenches kind of conversation, I think is gold because it's what we all go 416 00:25:27,040 --> 00:25:28,040 through. 417 00:25:28,040 --> 00:25:33,360 Another one is that I'm a big fan of, and I've actually done a couple of them at Microsoft. 418 00:25:33,360 --> 00:25:40,200 One of the ones that was really, really popular is this notion of a lap around. 419 00:25:40,200 --> 00:25:46,200 In other words, a lap around a topic, which means just the high level points really quickly, 420 00:25:46,200 --> 00:25:48,720 things that you really should know. 421 00:25:48,720 --> 00:25:52,320 One of them that I gave end of last year was a lap around Rust. 422 00:25:52,320 --> 00:25:55,640 Basically, this is what Rust brings to the table. 423 00:25:55,640 --> 00:25:57,200 This is what it means to set it up. 424 00:25:57,200 --> 00:25:59,720 Here's the errors you're going to find when you're setting it up. 425 00:25:59,720 --> 00:26:01,560 What does Hello World look like in Rust? 426 00:26:01,560 --> 00:26:08,440 Now let's build on top of that and talk about some of the funky stuff that's in the language. 427 00:26:08,440 --> 00:26:11,280 That was the first half, and then the second half was about the borrow checker, if you 428 00:26:11,280 --> 00:26:13,360 know anything about the borrow checker in Rust. 429 00:26:13,360 --> 00:26:16,720 The whole point is just a lap around. 430 00:26:16,720 --> 00:26:21,640 Let's say you've worked with a feature for some time and you know it pretty well. 431 00:26:21,640 --> 00:26:24,040 You could do a lap around always encrypted. 432 00:26:24,040 --> 00:26:28,360 You could do a lap around common AI security attacks. 433 00:26:28,360 --> 00:26:33,760 A lap around permission management as a SQL database. 434 00:26:33,760 --> 00:26:35,720 I'm just making it up. 435 00:26:35,720 --> 00:26:37,880 I like the idea of a lap around as well. 436 00:26:37,880 --> 00:26:45,520 They can be very, very specific, relatively short, and just really covering key aspects 437 00:26:45,520 --> 00:26:49,320 that you should really know about whatever feature you're talking about. 438 00:26:49,320 --> 00:26:53,600 I'm just saying one of my former colleagues, he's still at Microsoft, so he's a friend 439 00:26:53,600 --> 00:26:58,320 but former colleague, did a really great presentation on that very subject around OAuth in the 440 00:26:58,320 --> 00:26:59,320 APIs. 441 00:26:59,320 --> 00:27:03,680 It was really, really punchy to the point. 442 00:27:03,680 --> 00:27:08,480 Just tells you what you need to know and comes with a repo, so even better. 443 00:27:08,480 --> 00:27:10,240 Actually, that's another great point. 444 00:27:10,240 --> 00:27:12,800 OAuth 2 is a complex protocol. 445 00:27:12,800 --> 00:27:18,120 Some would argue overly complex, but that's just my personal opinion, but here we go. 446 00:27:18,120 --> 00:27:23,860 I think a lap around OAuth 2 is magnificent because it's just like a simple introduction 447 00:27:23,860 --> 00:27:26,820 to the key points, like what's a flow. 448 00:27:26,820 --> 00:27:31,600 Guide one is OAuth 2 is not authentication, it's authorization. 449 00:27:31,600 --> 00:27:33,680 Then you continue from that point forward. 450 00:27:33,680 --> 00:27:34,680 I love that idea. 451 00:27:34,680 --> 00:27:38,400 In fact, I would pay to see that presentation, I think. 452 00:27:38,400 --> 00:27:41,320 I'll tell you what as well. 453 00:27:41,320 --> 00:27:45,040 The one I want to throw in here as well because we've talked a lot about people being an expert 454 00:27:45,040 --> 00:27:46,040 in something. 455 00:27:46,040 --> 00:27:51,200 I'm sure there are people listening who think, oh damn, I'm not an expert. 456 00:27:51,200 --> 00:27:56,040 That's totally fine. 457 00:27:56,040 --> 00:28:02,360 I just wanted to mention a presentation I did when I was very early in my presenting 458 00:28:02,360 --> 00:28:08,320 career was I actually did a presentation about, and this was pre-Microsoft days, about trying 459 00:28:08,320 --> 00:28:14,640 to install some of the Netflix chaos tools and trying to work with them. 460 00:28:14,640 --> 00:28:18,920 It was called My Rage Quit Journey, Trying to Configure Chaos Tools. 461 00:28:18,920 --> 00:28:23,840 I actually did a talk about, because for those of you who aren't familiar, Netflix have some 462 00:28:23,840 --> 00:28:32,520 tools called Chaos Blah, there's various different ones, and they're for chaos engineering. 463 00:28:32,520 --> 00:28:37,560 I was playing around with them and I actually did a talk in Boston. 464 00:28:37,560 --> 00:28:44,480 Basically I just talked about as a noob to those tools, trying to configure them, trying 465 00:28:44,480 --> 00:28:46,200 to get them to work. 466 00:28:46,200 --> 00:28:50,480 Although Netflix make these tools and they open source them, they are notorious for not 467 00:28:50,480 --> 00:28:52,640 having a lot of documentation with them. 468 00:28:52,640 --> 00:28:56,760 I actually documented my journey of trying to use them. 469 00:28:56,760 --> 00:29:02,280 For those of you out there who might be thinking, oh, I'm not an expert, how can I possibly 470 00:29:02,280 --> 00:29:04,280 do this? 471 00:29:04,280 --> 00:29:10,640 That's another way to do it, is talk about how you learn something. 472 00:29:10,640 --> 00:29:17,360 That's also very interesting because understanding how people learn, it's definitely something 473 00:29:17,360 --> 00:29:21,120 that will be relatable to people earlier in career. 474 00:29:21,120 --> 00:29:28,880 It's a new take and of course for the veterans out there, it's sometimes quite amusing to 475 00:29:28,880 --> 00:29:33,360 see a presentation of how people learn as well because it helps us build better products 476 00:29:33,360 --> 00:29:34,520 and stuff. 477 00:29:34,520 --> 00:29:36,760 That's just a suggestion I wanted to throw in there. 478 00:29:36,760 --> 00:29:43,760 That's an important one because a lot of technologists are tactile learners, so being able to put 479 00:29:43,760 --> 00:29:48,480 hands on keyboard, understand what people have gone through and being told what that 480 00:29:48,480 --> 00:29:51,880 journey is and being able to follow along at home as it were, I think is a really, really 481 00:29:51,880 --> 00:29:54,120 great way of learning for a lot of people like us. 482 00:29:54,120 --> 00:29:57,440 The other thing I want to point out about the word expert, because I realize you guys 483 00:29:57,440 --> 00:30:03,240 are all hanging off my reference to expert, but everyone's an expert at something. 484 00:30:03,240 --> 00:30:04,520 I actually genuinely believe that. 485 00:30:04,520 --> 00:30:05,520 It doesn't matter who you are. 486 00:30:05,520 --> 00:30:07,120 It doesn't matter what walk of life you come from. 487 00:30:07,120 --> 00:30:09,440 You're an expert at something. 488 00:30:09,440 --> 00:30:14,160 Sometimes that practical experience, it makes you an expert at something. 489 00:30:14,160 --> 00:30:19,120 So don't be put off by... I understand where you guys are coming from. 490 00:30:19,120 --> 00:30:24,640 By experts, I don't mean being in field for 25 years and written the book and written 491 00:30:24,640 --> 00:30:26,000 the thesis and so on. 492 00:30:26,000 --> 00:30:27,000 I don't mean that. 493 00:30:27,000 --> 00:30:31,880 I just mean you're really good at something you've done and you've done well and you've 494 00:30:31,880 --> 00:30:33,240 learned along the way. 495 00:30:33,240 --> 00:30:35,800 I do think that's really important. 496 00:30:35,800 --> 00:30:40,040 If you've installed something... So to your point, Sarah, about the chaos tools, actually 497 00:30:40,040 --> 00:30:44,160 we talked about in the last episode, we talked about chaos studio and we touched on some 498 00:30:44,160 --> 00:30:48,360 of the chaos monkey stuff out of Netflix. 499 00:30:48,360 --> 00:30:52,800 But even though you may not know absolutely everything there is to know about the chaos 500 00:30:52,800 --> 00:30:57,320 tools, you're an expert in installing them because you went through the hard take of 501 00:30:57,320 --> 00:31:01,240 doing it and you documented the things that you found. 502 00:31:01,240 --> 00:31:04,000 That's probably stuff that no one in the audience even knows about. 503 00:31:04,000 --> 00:31:06,480 That immediately makes you an expert in that topic. 504 00:31:06,480 --> 00:31:11,120 It doesn't mean you know everything, but it means, hey, we tried this and it didn't work. 505 00:31:11,120 --> 00:31:15,360 But if you flip this switch and you put your hands on your head and you do a 360, then 506 00:31:15,360 --> 00:31:16,480 it's going to work. 507 00:31:16,480 --> 00:31:17,720 That makes you an expert. 508 00:31:17,720 --> 00:31:20,240 When I was saying an expert, I mean, don't just go up there and talk about a topic you 509 00:31:20,240 --> 00:31:24,440 know nothing about because that's just not good for anybody. 510 00:31:24,440 --> 00:31:25,960 Yeah, and agree, right? 511 00:31:25,960 --> 00:31:31,800 I think if you have the confidence to talk, you should also have the confidence to answer 512 00:31:31,800 --> 00:31:32,800 questions. 513 00:31:32,800 --> 00:31:36,040 And if you can answer the questions, whether that's high level or low level, depending 514 00:31:36,040 --> 00:31:40,720 on the presentation you're doing, I think it's important that you put yourself up in 515 00:31:40,720 --> 00:31:42,340 front of people. 516 00:31:42,340 --> 00:31:43,440 You have to show up. 517 00:31:43,440 --> 00:31:48,320 It's not really just about standing in front of people and talking for 20 minutes, half 518 00:31:48,320 --> 00:31:50,880 an hour or however long the presentation is and then walking off stage. 519 00:31:50,880 --> 00:31:53,680 I actually want to bring up something else real quick. 520 00:31:53,680 --> 00:31:56,520 And I realize we're totally, by the way, for everyone who's listening, we are completely 521 00:31:56,520 --> 00:31:57,960 ad-libbing this, by the way. 522 00:31:57,960 --> 00:32:00,800 There is no agenda whatsoever. 523 00:32:00,800 --> 00:32:03,160 Isn't that our normal podcast? 524 00:32:03,160 --> 00:32:06,520 No, because we write down some topics that we're going to cover, right? 525 00:32:06,520 --> 00:32:08,080 And then we sort of ad-lib each topic. 526 00:32:08,080 --> 00:32:10,640 But right now we are totally winging it. 527 00:32:10,640 --> 00:32:16,720 So a colleague of mine, she's not presented much in the past. 528 00:32:16,720 --> 00:32:20,240 And she's got a presentation coming up in the next few days. 529 00:32:20,240 --> 00:32:23,520 And she's incredibly nervous about it. 530 00:32:23,520 --> 00:32:27,960 But one thing I've, I've been sort of working with her on her presentation, as have a couple 531 00:32:27,960 --> 00:32:29,920 of other colleagues. 532 00:32:29,920 --> 00:32:33,480 And she's terrified actually of presenting in front of people. 533 00:32:33,480 --> 00:32:36,680 I said, look, don't, don't, don't worry about it one little bit. 534 00:32:36,680 --> 00:32:40,440 I mean, you know your topic very, very well. 535 00:32:40,440 --> 00:32:44,200 And one thing I've told her, this is from my perspective, because it works well for 536 00:32:44,200 --> 00:32:52,640 me, is you can soften that impact of almost thinking you don't know the topic well by 537 00:32:52,640 --> 00:32:58,200 sharing some stories about how that feature or that thing-a-me-bob came to be. 538 00:32:58,200 --> 00:33:02,320 Or the process, I don't want to give the game away for her particular talk in case anyone 539 00:33:02,320 --> 00:33:04,040 goes to see it. 540 00:33:04,040 --> 00:33:07,560 But you know, I said, I said, so hey, you know, we, we do a whole bunch of threat models 541 00:33:07,560 --> 00:33:10,680 that we build internally for our features. 542 00:33:10,680 --> 00:33:14,960 And you know, one of the questions that comes up in every single threat model, every threat 543 00:33:14,960 --> 00:33:18,840 model is a topic that is the topic that she's covering. 544 00:33:18,840 --> 00:33:22,200 So you know, start out with that story. 545 00:33:22,200 --> 00:33:27,880 You know, it's a lot of presentations, including very technical ones, the most successful ones 546 00:33:27,880 --> 00:33:31,280 revolve around some kind of story. 547 00:33:31,280 --> 00:33:33,560 And so she's taken that to heart. 548 00:33:33,560 --> 00:33:38,760 And all of a sudden she feels more comfortable because she knows that story because she was 549 00:33:38,760 --> 00:33:40,840 part of that story. 550 00:33:40,840 --> 00:33:44,720 And so if anyone asks her a question on that, you know, she knows the answer, right? 551 00:33:44,720 --> 00:33:47,400 Because she's been actively involved in that. 552 00:33:47,400 --> 00:33:52,400 And also what you're doing is you're sort of cementing your expertise with the audience 553 00:33:52,400 --> 00:33:57,680 by saying, hey, we do this on a daily basis and I do this on a daily basis. 554 00:33:57,680 --> 00:33:59,000 And here are the things that we've learned. 555 00:33:59,000 --> 00:34:03,960 And that's why this feature that I'm going to talk to you about is so important. 556 00:34:03,960 --> 00:34:09,640 And that way you've sort of broken the ice, you've softened that relationship with the 557 00:34:09,640 --> 00:34:15,280 audience and the rest of it should hopefully just flow from the start of that story. 558 00:34:15,280 --> 00:34:23,440 So I'm a big, big, big fan of personal anecdotes and personal stories when you're giving presentations 559 00:34:23,440 --> 00:34:25,160 no matter how technical they are. 560 00:34:25,160 --> 00:34:26,160 Agreed. 561 00:34:26,160 --> 00:34:30,520 And I think what that does, if you're a nervous presenter, it helps ground you as well because 562 00:34:30,520 --> 00:34:35,720 it makes you talk about yourself, which most of us like doing, I guess, to some degree. 563 00:34:35,720 --> 00:34:38,560 And it just kind of helps orientate your mind, I think. 564 00:34:38,560 --> 00:34:42,680 Yeah, it gets some of those nervous, that nervous energy out of the way. 565 00:34:42,680 --> 00:34:47,040 I used to work with a guy, he was the general manager of Microsoft New Zealand. 566 00:34:47,040 --> 00:34:51,720 His name was Chris Keller back in the day when we first started Microsoft. 567 00:34:51,720 --> 00:34:57,720 And he used to shadow box, seriously, he used to shadow box behind the stage to get rid 568 00:34:57,720 --> 00:34:58,720 of that nervous energy. 569 00:34:58,720 --> 00:35:02,720 He was actually terrified of presenting, but that's how he would do it. 570 00:35:02,720 --> 00:35:05,920 You go to the back and there's Chris just shadow boxing, just getting that nervous energy 571 00:35:05,920 --> 00:35:07,100 out. 572 00:35:07,100 --> 00:35:10,880 And he would often start by telling a story about how whatever he's about to talk about 573 00:35:10,880 --> 00:35:14,800 affected him or affected customers or how a particular customer wanted this. 574 00:35:14,800 --> 00:35:18,360 And those kinds of stories are just absolutely gold. 575 00:35:18,360 --> 00:35:21,960 So yeah, anyway, I realize we're completely ad living. 576 00:35:21,960 --> 00:35:24,480 Hopefully we can bring it back on topic a little bit. 577 00:35:24,480 --> 00:35:26,400 Sarah, is there anything else you want to add? 578 00:35:26,400 --> 00:35:30,000 No, I think I mean, I think we've covered what we wanted to. 579 00:35:30,000 --> 00:35:33,040 I know this has been a little bit of a different episode. 580 00:35:33,040 --> 00:35:39,000 But I do think, like you were saying before, Michael, that it is actually really, it's 581 00:35:39,000 --> 00:35:44,320 really, I think even if you're not a natural at speaking, and it's not something you want 582 00:35:44,320 --> 00:35:49,800 to do all the time, certainly if you're trying to build your, I know it's a cheesy phrase, 583 00:35:49,800 --> 00:35:56,880 but build your brand or, you know, just get your name known a little bit and in the community, 584 00:35:56,880 --> 00:36:04,480 then going and doing talks at user groups or events like global Azure or any or B sides 585 00:36:04,480 --> 00:36:09,200 or whatever, you know, you know, it's not realistic to expect you'll go straight to 586 00:36:09,200 --> 00:36:15,400 black hat or something is a really good way just to meet new people, but also have more 587 00:36:15,400 --> 00:36:17,480 people familiar with you. 588 00:36:17,480 --> 00:36:20,800 And of course, that can only benefit your career. 589 00:36:20,800 --> 00:36:25,320 So I think although we're, this is a little bit different to our usual episodes that we 590 00:36:25,320 --> 00:36:27,560 haven't talked about technical stuff so much. 591 00:36:27,560 --> 00:36:35,540 I do think it's an important soft skill side of things that everyone should at least think 592 00:36:35,540 --> 00:36:40,360 about doing, even if it's only once or twice and you're not talking at a conference like 593 00:36:40,360 --> 00:36:44,160 every other week like I do, because I'm extreme. 594 00:36:44,160 --> 00:36:45,160 Yeah. 595 00:36:45,160 --> 00:36:50,600 And I think to Martin's point about global as you're being, you know, sort of local, 596 00:36:50,600 --> 00:36:54,200 a big focus on local, I think that's incredibly important as well. 597 00:36:54,200 --> 00:36:57,720 Again, it's not a black hat, but that's fine. 598 00:36:57,720 --> 00:36:58,720 You got to start somewhere. 599 00:36:58,720 --> 00:37:02,960 And if that's even if you're not starting someone, even if you're an expert, you know, 600 00:37:02,960 --> 00:37:08,240 getting to meet local people, I think, who are interested in Azure, obviously in our 601 00:37:08,240 --> 00:37:12,600 perspective security and Azure, getting to know local people is a great way of building 602 00:37:12,600 --> 00:37:15,720 up that sort of that web of relationships. 603 00:37:15,720 --> 00:37:19,320 And I'm a big fan of the whole human element. 604 00:37:19,320 --> 00:37:25,000 A lot of people in my group know a lot, know that I'm a diver and I'm not going to lie, 605 00:37:25,000 --> 00:37:29,280 I share videos of diving shenanigans with people in our group. 606 00:37:29,280 --> 00:37:32,520 And the reason why I do it is just, you know, it's that human element, right? 607 00:37:32,520 --> 00:37:36,800 And I know a lot of things a lot of other people get up to when they're not working, 608 00:37:36,800 --> 00:37:38,720 because at the end of the day, we're all human beings. 609 00:37:38,720 --> 00:37:42,420 And that human relationship aspect is so critically important. 610 00:37:42,420 --> 00:37:48,160 And I think things like global as you're important, again, because of that local, that ability 611 00:37:48,160 --> 00:37:53,280 to sort of build a local web of contacts and relationships and people you can talk to, 612 00:37:53,280 --> 00:37:56,520 and perhaps even people who can give you future ideas for presentations. 613 00:37:56,520 --> 00:37:57,520 Oh, 100%. 614 00:37:57,520 --> 00:38:03,000 And look, and we were always a global event that was local, right? 615 00:38:03,000 --> 00:38:04,000 That was always really the point. 616 00:38:04,000 --> 00:38:07,320 And obviously, the pandemic put a hold on a lot of those things. 617 00:38:07,320 --> 00:38:13,680 I think the biggest one we did was just before the pandemic when we had 336, I think it was 618 00:38:13,680 --> 00:38:17,240 236 events globally and about 15,000 attendees. 619 00:38:17,240 --> 00:38:18,920 And we're up to nearly 60 now. 620 00:38:18,920 --> 00:38:23,880 And for anybody who's listening, if you go to globalazure.net, you'll be able to see 621 00:38:23,880 --> 00:38:29,280 instructions on how you onboard your event to the global Azure. 622 00:38:29,280 --> 00:38:33,560 I'll call it a platform, but it's really a bunch of people behind the scenes pulling 623 00:38:33,560 --> 00:38:35,560 wires and plugging them in other places. 624 00:38:35,560 --> 00:38:37,840 But that's what the global team does. 625 00:38:37,840 --> 00:38:44,800 So yeah, I think there's no doubt in my mind that the local aspect of that, getting people 626 00:38:44,800 --> 00:38:50,040 in a room, getting people talking to each other, that generates its own conversations. 627 00:38:50,040 --> 00:38:56,240 And that ability to network and be relatable like that in those environments is gold. 628 00:38:56,240 --> 00:38:57,240 You can't buy that. 629 00:38:57,240 --> 00:38:58,240 All right. 630 00:38:58,240 --> 00:39:03,680 So Martin, I'm not sure if you're aware or not, but one thing we ask our guests, if you 631 00:39:03,680 --> 00:39:07,240 had one final thought to leave our listeners with, what would it be? 632 00:39:07,240 --> 00:39:08,240 Yeah. 633 00:39:08,240 --> 00:39:12,600 So I think I want to just tie into something Sarah mentioned around AI security and webinars 634 00:39:12,600 --> 00:39:17,200 that are coming up, because that's been something on my mind. 635 00:39:17,200 --> 00:39:18,520 I've got three kids. 636 00:39:18,520 --> 00:39:20,840 I remember giving them tablets many years ago. 637 00:39:20,840 --> 00:39:24,160 And as I handed them the tablets, I said to them, you know what? 638 00:39:24,160 --> 00:39:28,120 This is the worst computing device you will ever own. 639 00:39:28,120 --> 00:39:29,880 And that's something that's super, super powerful. 640 00:39:29,880 --> 00:39:35,560 And I think back to when I was growing up and doing Emerald School engineering at Manchester 641 00:39:35,560 --> 00:39:40,600 University and all the stuff that I had to go through in order to just get time on a 642 00:39:40,600 --> 00:39:44,200 very large supercomputer to run some computational models. 643 00:39:44,200 --> 00:39:47,200 And here I am handling a very, very powerful device. 644 00:39:47,200 --> 00:39:51,560 I think we're at that kind of intersection point now between humanity and technology, 645 00:39:51,560 --> 00:39:53,080 which is going to be very, very interesting. 646 00:39:53,080 --> 00:39:58,520 I was reflecting on this this morning thinking that kids are in kindergarten right now. 647 00:39:58,520 --> 00:40:02,040 When they get to year 12, year 12 in Australia is the final year of education. 648 00:40:02,040 --> 00:40:06,080 Before you go to tertiary education, things will have moved so quickly. 649 00:40:06,080 --> 00:40:13,720 Going back to my Emerald School engineering days or my engineering background, I remember 650 00:40:13,720 --> 00:40:19,760 saying to my children when SpaceX landed the Falcon 9 at the landing pad saying, you have 651 00:40:19,760 --> 00:40:22,280 no idea how important this is. 652 00:40:22,280 --> 00:40:27,200 I think we're getting to this point now where we're making leaps forward in technology. 653 00:40:27,200 --> 00:40:32,280 And as we reach out to the stars and all the planets and the stars, things like the ability 654 00:40:32,280 --> 00:40:38,620 for people to not be on all the time, for us to move from the AI aspects of process 655 00:40:38,620 --> 00:40:45,440 automation to actual real inference and intelligence to be able to run very, very complex systems 656 00:40:45,440 --> 00:40:51,160 when there is no human interaction available is going to be huge. 657 00:40:51,160 --> 00:40:54,960 Honestly, all those things are going to happen in our lifetimes. 658 00:40:54,960 --> 00:41:02,240 So I think it's a really, really interesting time to be in technology, to be in AI, to 659 00:41:02,240 --> 00:41:07,200 be in security, because that's going to be a huge aspect of that, to be in ethics around 660 00:41:07,200 --> 00:41:08,840 AI ethics. 661 00:41:08,840 --> 00:41:14,040 Again it's going to be a very, very interesting 10 to 25 years, I think, in the future. 662 00:41:14,040 --> 00:41:17,680 Well, Martin, it's been a super interesting conversation to have with you. 663 00:41:17,680 --> 00:41:23,560 I know a little bit different to our normal topics, but for those of you who are wanting 664 00:41:23,560 --> 00:41:30,800 to maybe expand your horizons and challenge yourself in 2024, if you don't do talks and 665 00:41:30,800 --> 00:41:34,240 CFPs, hopefully this has been helpful. 666 00:41:34,240 --> 00:41:37,480 And with that, we'll wrap up today's show. 667 00:41:37,480 --> 00:42:01,280 As Michael says, stay safe and we'll see you on the next one.