It was a great overview of a very important topic. There are a lot of things in security that are easily missed and you managed to over over all of them to the point where someone could create a checklist of things they should check on their own apps.
You do need to practice the presentation more before hand. This way you can avoid the long pauses between topics.
For code samples, break out the snippets into different slides even if you're just flipping through them quickly. It's more readable and most people will look at the slides later.
I especially enjoyed the anecdotes, made the material more real and less sterile and generic. I think you gave a good overview of the areas you have looked at in the past. Public speaking gets better with practice, I know I was really shaky at first, and you did pretty well considering half the room was wired on cake. I was presenting earlier this year at my last company (Ericsson) and our application died on me in front of about 50 people. I did a song and dance while the team recovered things and then we carried on. Things happen, that's life. And things like connectivity issues, most folks don't think about them until they get burned by them. You'll be ready next time with your dongle collection.
All my comments were accompanied by suggestions (this make them constructive). My comments were only to help Diana to improve her presentations (not just complaining). I really appreciate she takes the time to do this. Sometimes it's hard to tell the truth, but if I were the one presenting, that's the kind of input/feedback I'd like to have.
It's not only about complaining, but at the same time providing advises to help. That's what I did.
I was doubting of doing this before doing it. I even told my wife that it could be taken as you described it (abusive). But my intentions are real. Sorry if this affects you in any way.
I also offered my guidance so she can do better next time. If Diana's intention is to present this in a conference, I had to be honest. There is plenty difference between this kind of meeting and a conference. That's what motivated me to be honest and to encourage her by telling her where areas she could improve.
Maybe I should mention the things I liked too:
I liked the emphasis she did on tips and advises against different kind of attacks.
I liked the problem/solutions perspective she did too. It's easy to talk about problems only, without mentioning the solution, but she did.
Also, she is not pretending to be someone else, which touches the audience and connects with it.
In general, I think she had the experience and she have the potential to do better next time. I encourage her to take all input and feedback with partiality and honesty. My sincere goal is to help her to do better.
I rarely comment on these things, but I think Christian's comments were overly harsh to the point of being both non-constructive and abusive.
There were a lot of things I liked about her presentation:
-She had a solid outline and didn't deviate from it.
-She got laughs from her jokes (not an easy thing for technical speakers in front of a technical audience).
-She used personal anecdotes to demonstrate her points. I especially liked the story about her boss on the Australian e-commerce site.
-She used slides that were clean and easily readable.
-She projected well enough that even folks in the back (like me) could easily understand what she was saying.
There were a few suggestions I'd make for her next presentation:
-She could make more use of the audience. There was a wealth of expertise at the meeting, and tossing out questions (both her own and those of audience members) would have led to some great discussions and interactivity. For instance, I really enjoyed the side discussion of SunPass.
-She could narrow down her topic. I think that there was 6 hours of material that she tried to present in 1 hour of time. Focusing on one topic (such as session management) would have made it much easier to prepare (less pressure and required research) and allowed her to delve in deep so that she could provide more actionable advice. The discussion of using "user agents" in detecting possible man in the middle attacks being one such example.
Traffic happens and (like many of us) Diana works for a living. Since this wasn't a paid presentation, I'm not counting her late entrance against her.
My overall review: I'll be attending her next presentation. That pretty much says it all.
BTW: I'm "the other Adam".
I am going to be very honest with you. Hoping you can understand and in order to help you as main purpose. So you can do your best at next presentations.
First of all, it's very important to be punctual. I mean, there is no reason to be late, there is no valid excuse. For this kind of events, and if you are going to be presenting this in the future, try to be at least 30 minutes before the time, so you can have enough time if an eventuality happens. In the worst case scenario, you'll arrive on time.
Second, you have to be prepared, I mean, talking about equipment, you should have adapters, chargers, online content, etc.
My suggestions regards this: Do a list of all possible things you will need:
1-Charge your laptop to have 100% batery
2-Include the charger
3-Buy the needed adapters
4-Export your presentations to pptx or PDF formats and save them in your dropbox or your google drive, so you can access them easily if your equipment fails.
Also, I noticed you were not fully prepared to approach the themes you talked about. You were nervous too. I think you didn't have fully domain of the subjects you talked about. My recommendations for these points:
1-Have a member of your family or co-worker to help you before the presentation. Expose the subjects to them with strict time. You can set times for each subject and / or slide.
2-You can include notes for your reference in the slides, so you can have one screen for your notes reading, and another for the slide itself.
3-Include your information starting the presentation, or at the end, something like: "Web Apps security by Diana @DianaTwitter" or your email
4-Organize your agenda so you go through it step by step, so you expose your subjects exactly the way you planned. (I mention this because of the times you said: "we'll talk about this later..." or "remember me to mention..."
5-Read a lot about the subjects you are going to talk about, then, give the references you get the content from. For example: "I found on internet this resource (displayed in slide) that talks about this subject", it could be something on internet, a book, or anything else. But don't forget to have always your references. You could include a References slide at the end of your presentation too.
6-Be prepared to answer questions. Picture yourself being part of the audience and the kind of questions you'd ask.
7-If you don't know about something, it's better to say: "I don't know about it" than: "I think this or that". There is nothing wrong in recognizing it.
8-You have to improve your diction and pronunciation. Practice a lot before the presentation, if you don't know how to pronounce something, ask it before.
9-You always can use your own experience as argument to talk about something, however, you should use something more publicly accessible.
10-Bring real examples / code / implementations / prototypes. Nothing is better than seeing something in action. Plan to have some live code in action demonstrating the subjects you are talking about. In the case of the presentation I think you could have done much better if you showed things like the reflected Cross scripting, or the SQL injection. I suggest you to have a couple of pages, one vulnerable and other protected, then you can demonstrate your problems and your solutions in action. I think that would impact the audience more than just seeing very hard to read code in a slide (because of the size of the fonts)
11-Once you have your code, host it in github, so your audience can access it and have the same code you used to replicate/use your code.
12-Have your presentation publicly accessible somewhere on internet, so your audience can have the content too.
I think that's all for now. I hope you find this feedback helpful. If there is anything else I can help you with, don't hesitate to contact me. I am Christian Varela.