Cool as McCumber

I am here at the ever-fascinating RSA Conference in San Francisco this week. Every year, cryptographers, security professionals, vendors, integrators and the inevitable crush of non-paying trick-or-treaters with "Expo Only" credentials descend on the Moscone Center for this rousing annual event. I wandered by the security bookstore, and was gratified to see my own textbook in the stack of offerings. I didn't like the fact it was simply lined up library-style, so I quietly shifted some competing texts to the back, and made a little display with the cover of the book clearly visible. I'm vain like that. Plus, I could use the $1.25 per book I get in royalties. I can refill my Starbuck's card. Please buy one.

During this year's event, the conference organizers produced a new type of technical briefing. In an attempt to break from the normal Death-by-PowerPoint approach to the numerous technical sessions, they test-drove a new format that allowed for a group of experts to present on a topic with only a limited number of slides. Additionally, each slide was timed for only 90 seconds, and each presenter only had 12 minutes total for their spin on the topic. It was amusing to watch, and certainly more fun than the traditional sessions, but it only served to point out the bigger problem: PowerPoint is the most abused, misunderstood and misapplied medium in the history of our human species.

For some strange reason, most professionals seem to believe there is absolutely no inappropriate use for PowerPoint. The corollary of this principle is that everyone who uses PowerPoint feels they are an expert in its application in their particular area of expertise. PowerPoint has become the de facto standard for conveying any and all information, from the Pentagon to the grade school.

How many of these experts do you recognize?

- The Genius: I once sat through a presentation by a truly brilliant man who was a PhD in cyber security from a leading university. He is nothing short of a genius on this topic. I sat in amazement as he delivered a complex and detailed presentation on the history and practice of cyber security from the 1970s to the present. He showed up with nearly 90 slides and each one contained illuminating insights into the technical underpinnings of our business.

The problem? His task was to brief state legislators on the major cyber security issues of the day, and he had 50 minutes to speak. He was hauled off the podium with a shepherd's hook (still talking) at the 70 minute mark while he was on the twelfth slide. No one in the audience was even aware he was leaving. They were all doing something else.

- The White Paper: The audience had assembled to hear a presentation by a senior government official on the latest national-level initiatives. It was luncheon keynote, and we all were enjoying dessert and coffee while she spoke. Her slides each contained three or more large paragraphs of information obviously pulled directly from a written report. There were no pictures other than the official seal of her agency on the title slide.

The problem? To fit to format, the all-text slides were produced in ten-point font and were unreadable for anyone past the dais. Fortunately for us, she simply read them to us. I napped.

- The Cut-and-Paste Job: Another government official gave a presentation at a conference to show the audience the importance and responsibilities of his new position. He wasn't about to fall into the White Paper category of briefer, so he peppered his slides with movies stills, screen shots of old television shows, and celebrity pictures to make it "fun."

The problem? The wacky pictures pulled from the Internet did nothing to illustrate his points. He had no agenda slide. Nobody knew where he was going. He became a train of thought without a caboose. I still can't remember what he was trying to convey. He came across as trite and unprofessional.

- Animation Nation: At least there is the occasional PowerPoint guru who really knows how to use the medium to its fullest. I was in the audience at a technical session on the latest advances in intrusion detection systems. The woman giving the talk was an obvious expert and probably took a month to build a visually stunning set of slides - each one with moving arrows, fade outs, animated humans, and ghostly scripting that would appear at the exact right moment in the presentation. Computers and little icons would appear and disappear as if by magic.

The problem? The attendees couldn't follow the complex animation, and people started leaving the room before she was able to even define the problem she had solved.

PowerPoint is a valuable tool for professionals. However, always remember to start the planning by asking yourself, "how can I benefit this audience, and which point(s) are key for them to remember?" If you understand that in even in an hour, you may only get to establish one or two key facts with your audience, you may find that less is more.

John McCumber is a security and risk professional, and is the author of "Assessing and Managing Security Risk in IT Systems: A Structured Methodology," from Auerbach Publications. If you have a comment or question for him, please e-mail John at: