My #1 rule is to avoid jargon and to speak in as conversational a way as possible, targeting (and retargeting as the conversation progresses) the level of detail/abstraction to the targeted audience, whether it's one person or a bunch. Start broad, then narrow it down, change direction as the flow of the conversation dictates.
E.g., Is your application "this" secure (hand gesture) or "T--H--I--S" secure (bigger hand gesture)? This is what application security is all about. Application security can perhaps be thought of in terms of buying, building, and breaking software.........BLAH BLAH..........[buy=OWASP legal project's contract annex, build=OWASP ESAPI, break=OWASP ASVS]......[awareness=OWASP Top 10].......[injecting security into development cycles=OWASP SAMM]...... To explain further, to put all of this together.......While most people are familiar with passwords, and people like to say "firewall!", authentication, encryption and digital signatures, and logging are only the beginning, in terms of application security. Additional technical security controls are necessary to write applications that can (or should) be trusted by the customer not to spill data regardless of environment, from private networks to clouds, given modern-day threats.........BLAH BLAH..........China! Google! .........BLAH BL! AH.......... FWIW, Best, Mike B. -----Original Message----- From: sc-l-boun...@securecoding.org [mailto:sc-l-boun...@securecoding.org] On Behalf Of Matt Parsons Sent: Friday, January 22, 2010 5:40 AM To: 'Secure Code Mailing List' Subject: Re: [SC-L] win win for owasp and television spots Ladies and Gentlemen, I am starting to get approached by a few television stations to talk about application security. I would like to promote Owasp in these talks. What would be the best way to do it professionally and competently? See below news story. Thanks, Matt http://www.the33tv.com/news/kdaf-password-security-jim,0,3650695.story Matt Parsons, MSM, CISSP 315-559-3588 Blackberry 817-294-3789 Home office mailto:mparsons1...@gmail.com http://www.parsonsisconsulting.com http://www.o2-ounceopen.com/o2-power-users/ http://www.linkedin.com/in/parsonsconsulting http://parsonsisconsulting.blogspot.com/ _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________ _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
