I’m Now Running Remote Workshops

Presently sponsored by: Do you desire peace of mind? The hackers don’t wait, secure your website and mobile apps with Gold Security today.

Almost 2 and a half years ago to the day, I left the corporate world. It’s funny looking back on it because on the one hand, 2 and a half years isn’t that long but on the other hand, it was a lifetime ago; my life is totally different today and in entirely positive ways.

When I got that independence, suddenly I had a world of opportunities to choose from. I could do anything I wanted – and it was awesome! More Pluralsight courses, more conferences, more blogging, more Have I been pwned (HIBP) and drawing on everything I was learning from those activities (and a couple of decades of building software), I started running workshops.

I’ve found workshops to be the perfect means of augmenting all those activities. For example, when I go into an organisation and talk about the online threats we see today, I’m not an academic talking about what I’ve read in a textbook. Instead, I’m talking specifically about data I’ve been dealing with in HIBP and how attackers obtained it. Then, after being in an organisation and hearing about the specific challenges they’re dealing with, I take that back to blog posts, conferences talks and further refining the workshop. Occasionally, the workshops also serve up unexpected gems such as the Nissan LEAF vulnerability. And the complimentary nature of all these activities really shows because every single eval ends up looking something like this:

Which is awesome – this makes me enormously happy! It’s also taken me all around the world and I’ve had some fantastic experiences along the way. I was just looking back through the tweets and found a small slice of the 40-odd workshops I’ve done represented there:

But there’s 3 big challenges that running these events pose:

  1. Companies are often coordinating with distributed team members. They’re flying them in from other parts of the country or the world and that’s both logistically tricky and expensive. Plus, they’re paying for my travel and accommodation.
  2. I have way more demand than I can possibly handle. I ended up doing 10 workshops of 2 days each on my last Europe trip (in amongst a heap of user groups and some conference talks as well) and I still had to say “no” to a bunch of others.
  3. I love my home. I mean I really love my home and I love my wife and 2 young kids too! I’d like to see more of all of them and Australia is basically on the opposite end of the earth to, well, pretty much everywhere. In short, travel is hard.

There have been various suggestions of how I might tackle these challenges. For example, people have suggested that I simply hire someone to deliver the training for me but I don’t think that’s the right solution for a number of reasons. One is that I firmly believe the training works so well because of the experiences I personally bring, ranging from HIBP breaches to the disclosures I’m often involved in to the corporate world history I had with Pfizer. Another is that someone else taking material I’ve refined over the last couple of years and simply delivering the content is never going to be as polished as me doing it personally and I simply don’t want to dilute that quality.

But the other – and this is one I’m still getting used to if I’m honest – is that this quasi celebrity status I now have is one of the reasons organisations are engaging me. Folks in the team usually already know who I am and what I do because they’ve seen me on the BBC or CNN or they’re users of HIBP. Having me deliver the training carries a gravitas that apparently, is a valuable part of the experience. I’m trying to say that without sound like a dick, by the way, but it’s important that I express that because it’s important to the organisations I train.

The Mechanics of Remote Workshops

Which brings me to the title of this post – remote workshops. I honestly didn’t give this much thought until recently because I was so focused on traveling and running events whilst I was away. But particularly in the wake of that last Europe trip, I realised I needed to move into this next phase which frankly, is more sustainable. It also comes at a time where companies are specifically asking for this and it’s allowed me to take some time out and think about the logistics of it all. So, here’s how it’ll work:

I’m still running precisely the same syllabus as in the workshops link at the top of this page because it’s exactly the right content for the audience I target. However, I’m breaking it down into 4 half days rather than 2 full days. In part this is because they were already very intense days; by the afternoon break people are always fading. It’s also because frankly, looking at a screen is more tiring than looking at a person. And finally, it helps me make time zones work; I can do Europe first thing in their morning or the US in their afternoon because both work with my Aussie time zone. Half days are only 3.5 hours too because the lunch hour doesn’t need to be factored in, just a short break in the middle of each half day.

The biggest thing I’ve been conscious of in planning this is engagement; how do I ensure the interaction of the classroom translates to remote training? The dynamics will always be different but they’re different in both good and bad ways. On the one hand, it’s hard to beat face to face interaction where you’re literally sat in front of people. On the other hand, that often leads to a few dominant voices in the room commanding the conversation. Going online gives people a more equal footing where they can choose to engage verbally or choose to use chat facilities, whatever they’re more comfortable with. Obviously, this also requires the right tooling.

Initially, I was considering standardising on a platform and I’d use that consistently across workshops, for example, something like BlueJeans. But then the corporate memories came flooding back; Pfizer always used WebEx and that was their thing. Every time I got someone to remotely deliver a presentation (which was a lot because the team I was in was spread all over Asia), if we used their preferred platform it always excluded some people. They couldn’t install it on locked down machines, they had the wrong audio device, the web cam wasn’t compatible or just some other friction which caused the whole thing to be harder than it needed to be. So ultimately, I started insisting that we use Pfizer’s WebEx implementation for everything and now there was only one party that had friction – the presenter.

So that’s how I’m approaching the remote workshops and so long as we have two-way audio, screen share, chat and web cam video, we’re good to go. That’s all bread and butter stuff these days anyway and this approach just reduces the friction of the whole thing.

Who’s This For?

About 85% of the workshops I’ve run have been for corporate customers (a single organisation getting me in) and the remaining 15% have been open events that any paying attendee can go to. For example, at the NDC conference in Sydney a couple of months ago there were folks from all sorts of different organisations present.

For now, I’m just making the remote workshops available to corporate customers. It’s much easier for them to coordinate across all the participants and it reduces the chance of having unexpected dramas I need to get involved in supporting (i.e. conferencing software). Plus, this is where the bulk of the overflow demand I haven’t been able to cater to lies. (In the future, I won’t rule out running these in a more open fashion where anyone can join.)

I’m also keeping the pricing and structure of the events the same. Actually, the pricing itself is better because there’s no longer those travel and accommodation costs but my preference is still to aim for about 15 to 30 people in a workshop. It’ll remain a flat fee too because whether there’s 15 or 30 people, my time and effort commitment is still the same but clearly this makes 30 people effectively half the price per head than 15.

As with the in-person workshops, pricing is POA so get in touch if you’re in an organisation that may be interested. What I will say on that front though is that even with 15 people, it’s more cost effective than sending them to a good conference for a couple of days. Actually, the biggest barrier for organisations has usually been taking people away from their jobs for 2 days and I’m hoping that splitting this training into 4 half days helps alleviate that.

I’m Still Doing In-person Workshops

I’ve got 3 more to do for corporate customers across Australia this year, a public one in London as part of the NDC conference in Jan, another one the following week in Oslo for the NDC Security event then another one for the Loco Moco Security Conference in Hawaii in April (ok, so not all travel is hard!)

There’ll be many more yet in many places so by no means does this spell the end of in-person workshops. Instead, it gives both myself and the organisations I work with more choices about how, when and where we engage. My hope – and indeed my expectation – is that there will always be a blend and that this merely increases my ability to reach more people.

I’m going to be reaching back out to organisations I’ve had to say no to and prioritising those folks. For everyone else interested, do please get in touch, I’d love to hear from you 😃

Leave a Reply

Your email address will not be published.