I got a chance to witness a top-rated speaker ply his trade at a conference that I attended this week here in St. Louis. The conference was a gathering of several hundred people who work in IT for our intelligence agencies, called DoDIIS. When I signed up for press credentials, I didn’t know he was going to be speaking, but glad that I could see him in action. As someone who speaks professionally at similar groups, I like to learn from the best, and he was certainly in that category.
The odd thing about this person is that he is still a kid, an 11-year-old to be exact. His name is Reuben Paul and he lives in Austin. Reuben already has spoken at numerous infosec conferences around the world, and he “owned the room,” as one of the generals who runs one of the security services mentioned in a subsequent speech. What made Reuben (I can’t quite bring myself to use his last name as common style dictates, sorry) so potent a speaker is that he was funny and self-depreciating as well as informative. He was both entertaining as well as instructive. He did his signature story, as we in the speaking biz like to call it, a routine where he hacks into a plush toy teddy bear (shown here sitting next to him on the couch along with Janice Glover-Jones, who is the CIO for the Defense Intelligence Agency) using a Raspberry Pi connected to his Mac.
The bear makes use of a Bluetooth connection to the Internet, along with a microphone to pick up ambient sound. In a matter of minutes, Reuben was showing the audience how he was able to record a snippet of audio and play it back on the bear’s speaker, using some common network discovery tools and Python commands. Yes, the kid knows Python: something that impressed several of the parade of military generals who spoke afterwards. These generals semi-seriously were vying to get the kid to work for their intelligence service agencies once he was no longer subject to child labor restrictions.
The kid is also current with the security issues of the Internet of Things, and can show you how an innocent toy can become the leverage point for hackers to enter your home and take control without your knowledge. This has become very topical, given the recent attacks using WannaCry, Petya and others that target these connected objects.
Reuben also managed to shame the IT professionals attending the conference. As the video monitors on stage were showing him scrolling down the list of network addresses from phones that were broadcasting their Bluetooth signals, he told us, “if you see your phone listed here, you might remember next time to turn off your Bluetooth for your own protection.” That got a laugh from the audience. Yes, this kid was shaming us and no one got upset! We were in the presence of a truly gifted speaker. I had made a similar point in my speech just a couple of weeks ago about Bluetooth vulnerability, and much less adroitly.
Reuben isn’t just a one-trick pony (or bear), either. The kid has set up several businesses already, which is impressive enough even without considering his public speaking prowess. One of them is this one that helps teach kids basic cybersecurity concepts. Clearly, he knows his audience, which is another tenet of a good speaker. If you ever get a chance to see him in person, do make the effort.