How to Give a Great Talk at a Security Conference

Pick one technical story you lived through and build everything else around it. Skip the background slides and jump straight to the failure or the exploit that mattered.

Structure the talk around what actually happened

Audience members at security conferences remember concrete sequences, not overviews. Open with the moment the attack succeeded or the tool broke, then walk backward through the decisions that led there. This keeps the room engaged even when the room is full of people who already know the basics.

• Use the first three minutes to show the payload or the log line that revealed the issue.
• Limit the entire talk to three main sections: setup, break, and fix or detection.
• End the last section with the exact command or config change that closed the hole.

Rehearse with a timer and cut anything that does not move the story forward. Most conference slots run 25 to 40 minutes; anything longer risks losing the back row.

Live demos help when they stay short. Record a clean version the night before and keep it on a second laptop in case the venue Wi-Fi drops or the VM refuses to boot. Have the recording ready to play from a USB stick as well.

1. Test the demo on the same hardware you will carry to the conference.
2. Prepare three fallback slides that explain the missed step if the live version fails.
3. Label every file with the exact time it was recorded so you do not hunt for the right one on stage.

Answer questions by repeating the question first so the whole room hears it. If someone asks about an edge case you did not test, say so and offer to follow up after the talk. People respect a direct answer more than a guess that turns out wrong later.

Collect contact details only from people who ask for the slide deck or the tool. Send the materials the same evening while the conversation is still fresh.