Confidently Speaking

Wednesday, July 9, 2008

My Inventory on the Shelf

Physical

CISSP CDs
Online webinars/podcasts
IT Risk Framework
Security Architecture Workshop slide-deck
Password Research Whitepaper
Xota Patent Filings & business documentation
Identity Management Workshop slide-deck
Big Freakin' Haystack slide-deck
Federated Identity slide-deck(s)
Password technology Attack Tree research
CISSP Training slide-deck(s)
Evidence that Demands a Verdict training materials

Talent

Constantly sharpened by stage time
Radio voice
Emcee skills

Stories

Start a story file

Days

Time - don't let someone book without fee
Ask for 1/2 the fee up-front

Reputation

Solid reputation in Columbus InfoSec community
Recognized name at major conferences
Known for innovation and humorous presentations

Easy Access

Who or what information do I have easy access to?

People

Hugh Thompson
Ben Jun
Fred Lee
Sandra Toms-LaPedis
Erik Heidt
Brian Evans
Jack Jones
David Garcia
Mark Ledford
600+ colleagues on LinkedIn
3.2Million friends of friends on LinkedIn

Books/resources

CISSP Certification library

Information/skills

Internet searching
Securing servers, websites, PCs
Concealed Carry law and guidelines
Hacking 101
Secure communications
Cryptography
Federated Identity
Identity Management
How to land speaking slots at conferences
Evaluation
Professional Development
IT Security Certifications
Conducting risk assessments
Third-party risk assessments
IT Security policies and standards
Biodiesel processing
SDLC patterns

Taking Stock: What have I done or created?

Why should people listen to me?

Tech lead of first SAML federation in the world
Tech lead of first 3-way SAML federation in the world
5 patent-pending technologies
Taught CISSP prep course for 5 years, with 91% pass rate or better
Adopted 2 children from China
Built 2 churches in the Dominican Republic
Wrote cover article for Information Security Magazine
Created full-day Identity Management workshop
Created IT Curriculae for State of Ohio
Have implemented, supported or consulted on 11 federation projects
Overcame stuttering
Created & Implemented Quantitative Risk Assessment methodology
Created full-day Information Security Architecture workshop
Created Certification & Accreditation training program
Spearheaded development of ISSMP/ISSAP program
Landed 50+ professional speaking engagements in 3 years
Created own business at age 18
Mentored and coached 10+ colleagues
Bought a new car in 19 minutes, over lunch break, for rock-bottom price
Won District Speech Contest - after overcoming stuttering
Saved a life through CPR
Saved a life through Heimlich Maneuver
Rescued child from drowning
Created dozens of successful public training events
Attained 7 promotions in 1 year as first-time manager
Impressed my boss so much that I once earned two pay raises in the same night
Co-founded alternative energy co-op
Built biodiesel processor from scratch
Bought my car on eBay
Taught myself Mandarin Chinese
Earned DTM, President's Distinguished Area & TM of the year, all in the same year
Founded Security MBA program
For one whole week, owned Brutus.Buckeye@mail.osu.edu

Taking Stock: Major/Minor Accomplishments

Toastmasters District Table Topics Champion
Published articles
Published cover story for major magazine
Invented 5 patent-pending technologies
Neal Award nominee
Over 50 professional speaking engagements
Invited to speak in the Industry Experts room twice, on the big stage
6th grade chess champion
Professional music gig at age 17
Played trombone on ABC Sports
Married 21 years
Technical Lead of first SAML-based federation in the world
Teaching myself Mandarin Chinese
Distinguished Toastmaster
District 40 Toastmaster of the Year
President's Distinguished Area first time as Area Governor
Dug a dry well, manually
Learned plumbing
Learned electrical wiring
Remodeled basement
Installed garage door by self
Actually successfully assembled swingset
First professional programming job at age 15
1400 on SAT
Mensa qualified
Top Olympia math score as Freshman
Beta Gamma Sigma inductee (MBA)
MBA
CISSP
SSCP
CISSP-ISSAP
CISM
Security+
e-Biz+
CITP
GIAC
All the above passed on the first try
Highest CISM score in state of Ohio in 2005
I have many friends
QIWT - Qualified Irish Whisky Taster
Provost of successful Security MBA program
Ran successful CISSP training course for 5 years
Got drivers license without taking driving test
Taught myself how to change my own oil
Built biodiesel processor from scratch
Married a virgin as a virgin
4 mission trips to Caribbean
Adopted two children from China
Raised two teenagers
Taught daughter how to drive without a shed tear
Taught myself how to crochet
Went from zero to billable programming in 2 days
Ran multi-node BBS
International speaking experience
Enormous johnson
Replaced my own roof
Top vertical leap in my high school

Dis-accomplishments
Downsized from job twice in a row
Totally suck as a Treasurer
Even more suck as a hunter
Have never solved Rubic's Cube
Still wet the bed. That's a joke.
Backed into a gas pump once
Had to kill a rabbit with a club
Failed as Y2K Project manager
Once deleted all user accounts from main server
Once hit sister on temple with golf club - accidentally!
Once kicked brother through wall - purposefully!
Dug "Houser's Folly" in the back yard
Failed 3 college courses
Had boss from hell

Taking stock: Serious Hobbies

Biodiesel
Pistol Shooting
Writing
Junior Achievement
Singing Solos/ Choir
Trombone
Piano
Tourism
Euphonium
Crochet
Big Brother
Awanas
Vacation Bible School leader
Camping
Fishing
Movies
Softball
Beer Bottle collecting
Bicycling
Motorcycling
Gardening
Speaking
Teaching
Meals on Wheels
Habitat for Humanity
Basketball Referee
Photography
Internet
Powerwalking
Reading
Handbells
Mandarin Chinese
Simplified Chinese
Adoption
TESOL

Tuesday, July 8, 2008

Taking Stock of Business assets & liabilities

Experience	Duties	Years
Security architect	Leading committees	3
Security architect	Creating & selling strategies	3
Security architect	Risk assessments	9
Security architect	Business strategies	7
Security architect	Teaching & training	12
Security architect	Application Security assessment	2
Security architect	Project Management	5
Security architect	Cryptanalysis	1
Security architect	Ishikawa root cause analysis	1
Security architect	Cryptographic controls analysis	5
Security architect	Cryptographic projects	4
Security architect	Federated identity lead	2
Security architect	Architecture redesign	2
Security architect	Solution architecture	3
Security architect	Virus/Anti-virus analysis	6
Security architect	Controls assessment	6
Security architect	Third-party assessments	2
Security architect	Industry representative	3
Security architect	Designer	1
Security architect	Digital certificate management	2
Security architect	WAM/FIM support	1
Security architect	Unix operations	2
Security architect	Quantitative Risk Analysis	2
Security architect	Qualitative Risk Analysis	5
Security architect	Threat modeling	2
Security architect	Password cracking	1
Security architect	Identity Migration	2
Security architect	Certification practice dev.	4
Security architect	Certification & Accreditation	5
Security architect	Secure communications consulting	5
Security architect	Authentication design	4
Security architect	Focus Group assessment	1
Security architect	Professional Development tools	3
Security architect	Privacy compliance assessment	2
Security architect	Privacy compliance consulting	4
Security architect	Developing policies & standards	6
Security architect	Leading collaboration teams	7
Security architect	Technical writing	13
Security architect	Company spokesman	2
Security architect	Business plan development	1
Security architect	Patent development	2
Security architect	Legal consultations	3
Security architect	Investigation	1
Security architect	Incident Response	4
Security architect	2^nd & 3^rd tier support	8
Security architect	Market Development	1
Programmer/Analyst	BASIC programming	6
Programmer/Analyst	C++ programming	1
Programmer/Analyst	REXX programming	2
Programmer/Analyst	BankPro programming	5
Programmer/Analyst	Perl scripting	2
Programmer/Analyst	DOS/CMD/Batch scripting	15
Programmer/Analyst	UNIX shell scripts	2
Programmer/Analyst	SDLC process management	12
Programmer/Analyst	SDLC integration	4
Programmer/Analyst	Structured testing methodology	3
Programmer/Analyst	Design	2
Programmer/Analyst	System Documentation	3
Programmer/Analyst	Production Support	3
Programmer/Analyst	Maintenance Development	3
Programmer/Analyst	GUI Design Assessment	2
Programmer/Analyst	Structured programming design	3
Network Admin	Network redesign	1
Network Admin	DNS management	5
Network Admin	ISP management	2
Network Admin	Router/switch management	4
Network Admin	Network component install	6
Network Admin	Network troubleshooting	5
Network Admin	Cabling & Wiring	2
Network Admin	Phone 110-block punchdown	2
Network Admin	Phone switch programming	2
Server Admin	Server installation	7
Server Admin	Windows server install/config	4
Server Admin	Novell server install/config	4
Server Admin	Linux install/config	2
Server Admin	Backup & DRP	13
Server Admin	Log management	8
Server Admin	Security event management	8
Server Admin	Active Directory administration	3
Server Admin	MSSQL Database administration	3
Server Admin	Exchange administration	3
Server Admin	RFPs & Procurement	10
Server Admin	Change Management	5
Server Admin	Patch Management	4
Pampered Chef Sales		1
Id Mgmt Engineer		1
Restaurant Manager		3
Security guard		1
Paper delivery		1
IT Consultant		6
Quality Analyst		2
Y2K Project manager		2
Quality Director		2
Warehouse Manager		1
Accounting Intern		1
Board of Directors		14
Program Co-Chair		4
Trainer/Instructor		5
Business consultant		1
Statistical Analyst		1
Marketing consultant		1
Pizza delivery		2
Restaurant Supervisor		1
Forklift Operator		1
Plumbing		1
Electrical Wiring		1
Roofing		1
Swimming Pool Service & Repair		2
Electrical Motor installation		1
Conference chair		3
Director of Education		5
Database analyst		2
QA Tester		2
Crisis management coordinator		3
Disaster recovery analyst		1
Printer troubleshooting		6
PC troubleshooting & repair		10+
License audit		1
Inventor		2
Second hand carpet sales		1
Childcare		6
Industry representative		3
Helpdesk coordinator		4
Firewall administrator		2
Network upgrade project mgr		2
Inventory project manager		1
Curriculae Development		1
Cashier		2
Paper delivery		1
Cook		5
Programmer		1
Contest Judge		2
Baker		1
Bagger		2
Stock clerk		1
Lawn Mowing/Landscaping		3

What have I bought for those same desires?

What educational tools have I learned from, CDs, books, programs, what's on my shelf?

CISSP Study Guide by (ISC)^2
Why? reputation, desire to expand teaching knowledge, reference, discount
Timing? When creating a training class
Perception of what it would do for me? Provide good resource for me to create content
What did it do for me? Disappointment in poor quality, choppy formatting & editing

Information Security Management Handbook by Tipton & Krause
Why? Recommendation of boss & colleagues, reputation of book, Hal & Micki
Timing? Preparing for CISSP exam
Perception of value? Provide solid overview of InfoSec fundamentals
What did it do for me? Did as expected, great overview except snooze chapter on TLS; However, format was difficult because it wasn't a study guide, but a reference book.

Thinkertoys
Why? Engaging title, puzzles, intruiging book - curious
Timing? No special timing
Perception of value? Thought it would help me think better
What did it do for me? Collected dust

Pampered Chef Program
Why? Quality products, Good value, discounting, income
Timing? Had free time, at a party, tools were in front of me
Perception of value? Ability to start my own business, good tools
What did it do for me? Successful, gave me income, but trading hours for dollars

Dale Carnegie
Why? Recommendation by colleagues & boss, funded by company, good format
Timing? met development need in timeframe required by company
Perception of value? Become better at speaking
What did it do for me? Dramatic improvement in speaking; didn't last

RSA Conference(s)
Why? reputation, request of boss, great lineup of speakers & topics, huge event, nice venue, paid by company
Timing? No special timing except that I was available
Perception of value? Launch of new career being helped by solid training
What did it do for me? Networking, knowledge, references, experience

TLI
Why? Recommendation, past experience, encouraged by peers
Timing? Good timing when taking new position
Perception of value? Teach me everything I need to know as new officer
What did it do for me? Disappointing in some regards -- didn't meet expectations, but solid training and I learned a HUGE number of tips & pointers; difficult to capture and put into practice except through repetition

RHCT
Why? Gain specific knowledge about Red Hat, starting new job, convenience, paid by company
Timing? taking new corporate job, needed skills for job
Perception of value? Strong brand, hands-on, qualified & certified instructor, certification
What did it do for me? Good overview and jumpstart

MBA Program
Why? Convenient, (nearly) free, good school reputation, benefit my career, pursuit of PhD
Timing? Easy timing and easy to attend
Perception of value? Good knowledge, value of sheepskin/credential, applicability to work
What did it do for me? Strong tie to work, technical and business acumen, communication skills, thinking on my feet and critical thinking, helped land a job.

Understand the value proposition

Why did I purchase Darren's program?

Reputation of Darren & his materials
Recommendation of friends
The challenge that Darren gave in his speaking
I've taken my paid speaking career far, but want to kick it into high orbit
Recent windfall speaking fee gave me capital to invest in my development
Format seemed a good fit with what I could reasonably accomplish
Good timing
Heard message repeatedly, no longer sitting on the fence.

Timing: I wouldn't have purchased this last year. I heard Darren give a very similar talk a year ago, and didn't invest due to sticker shock. I wouldn't have bought until now.

Did it answer a question?
yes - I want the answers to a myriad of questions

Did it show me a possibility?
yes, the possibility that I can get paid for other than relaying technical knowledge, and start getting paid for seminars and keynotes I'm doing for T&E

Did this meet a need or want?
Yes, the desire to achieve independence, higher competency, compensation & success, and the need to have a guide on how to get there.

Did the immediacy of the title influence my decision?
Possibly. The title is important, very similar to the Learn C++ in 28 days. That immediacy and sense of urgency feeds the desire for quick action, quick results, fast ROI. Action oriented.

Other reasons
What I read on Darren's website was a strong motivator, because he let me understand for the first time how keynotes are booked and what defines a successful speech.

Was there something I saw in the materials that helped me decide, something of value?
How was my buying decision similar to the user experience of buying a book?

Why Darren's program and not someone else's program?

I've heard Darren speak before, and he is genuine, and I see myself in his journey.
Kudos and accolades from colleagues
Title and packaging seemed a good format
Format and availability -- it was in front of me and easy to pull the trigger

How will my customers perceive the information that I have, and how can I create that desperate, passionate desire to buy what I'm selling? How can I fulfill desire? How can I create a compelling sense of immediacy and urgency?

Am I presenting information in the style and format that causes their brain to make the leap to, "How can I get more of what this person is teaching me?"

How can I keep my information, my brand, in front of event planners and foremost in their brains?

So, Why can I learn from Darren?

What is it that I have to GIVE?
What things can I GIVE to others, that they wish they knew how to do?
How can I give low-rent/free speeches and still make money? What content might I be able to package, much like Darren has, that I can offer to the audience that will scratch that itch, that thing that I can share with them that they WISH they could do. Those wishes can provide $$$.

Dedicating 10% of what I earn to God.

What are the safety nets I am hanging onto that are actually drag nets? What is holding me back?

Healthcare plan at work
Activities that don't take me in the direction I want to go
Debt
Family to support
Fears and doubts

Persistence is ALL I NEED. Look where I started, giving a rambling long-winded icebreaker where I shook like a leaf. Look where I've come through persistence... nothing can hold me back.

Why do I want to get paid to speak?

What will getting paid to speak give me?

Stop trading hours for dollars, and start multiple income streams
I love to teach, so want to maximize the time I can teach, which means getting paid to speak
Changing my life and pursuing all that I'm capable of
Experience the buzz of taking on a tough challenge and being successful
Training is enjoyable
I like to help people
If I want to teach more, it means I need to support my family doing it
Financial independence
Ability to travel as an empty-nester for speaking & consulting engagements
Feeding Publishing & Consulting streams
Possibilities for international travel and meeting diverse people for collaboration
More publishing
Paying for kid's college
Freedom from 9-5 drag
Confidence
Geographic freedom - I can work anywhere in the world
Sharpening speaking skills to a fine-edge to better customer experience
Pinnacle of professionalism
Launch second career
Using the gifts God has given me
Ability to benefit the church
Discretionary income to Vacation in Asia, Europe & cruise
Launch professional trainer career for instructing topics of my passion
Free time - me curled up in a library or Panera with a book, just because I can

Setting the Stage

Wow, incredible thought. "Some of you will surpass me." Do I have what it takes to surpass freakin' Darren LaCroix? He's setting me up to be successful, so why not?

When I look at the journey he took, it's not dissimilar from mine, except that I've focused on technical, where he's focused on comedy. It's true, you can surpass your mentor, I've done it, and it's certainly an odd feeling... the day my trombone instructor looked at me and said, "I have nothing more to teach you. You're better than me, you need another instructor."

$5000 for half a speech. Whoa. I thought I was doing _awesome_ when I finally hit $11,000 for full-day seminar, but to make that for an hour. Again, I repeat, "Whoa."

To be successful, I will need to be willing to stretch and get uncomfortable, and try something different, and of course, "Stage time, stage time, stage time."

Other thoughts:
Avoid costly mistakes
I need to have an open mind about this
I need to determine how I can take each tip to Super-Size the program - malleable learning
Keep is simple, and focus on the goal.
Take this and make it my own to maximize customer value
Think like a champion

Other funny thought - The audience isn't there to see the tie you're wearing... they don't care about the tie.

Starting the Journey

Yesterday I heard Darren LaCroix for probably the 5th time. Darren is awesome, and one of my heroes.

Now that my speaking career is starting to take off, it's time for me to get serious, so I plunked down nearly $500 for his Get Paid to Speak by Next Week program. If it can help me land 5 speaking engagements, it's worth the money.

I've earned some of the same levels of payment Darren talks about, but not consistently or nearly as often, so it's time for me to get serious and see if I can get that consistency, and to start leveraging my speaking efforts through multiple channels.

This blog will describe and annotate the journey. At time the notes are for you. Mostly, they're for me, to record my dreams, fears, aspirations, goals and plans. Some of the posts I'm not going to share, sorry, because they will give away intellectual property, but most of it will be right out there, for you happy/bored reader. Let's begin...