I achieved a career goal of mine! I spoke at at my first security conference, PancakesCon 6! This is a second, behind the scenes post where I discuss what went into submitting my CFP, how I researched for my presentation, and created my slides.

New Speaker Thoughts

As mentioned before, this was my first industry talk. I've spoken at high schools, colleges and universities plenty of times at this point. However this is the first time I've spoken to my peers instead of students who are trying to break into the field.

Why PancakesCon?

In January 2023 I attended one of Lesley's weekend mentorship sessions looking for some advice. I was in a tricky situation that I was looking for some guidance on. I just needed someone to confide in, and they listened very patiently, extended their sympathies to me, and gave me some great advice for my career. Which, I would follow through with that summer.

I volunteered for PancakesCon 5 as a moderator, and after that experience I decided I wanted to come back to PancakesCon as a speaker. Partially as a way to show Lesley that I'm continuing to grow and push myself, and partially as a way to thank them by contributing to something I believe is beneficial to the community as a whole. To prevent burnout, I strongly believe that it's important to keep a balance on our careers and hobbies. I love that PancakesCon showcases that balance in their talk format.

Finally, with PancakesCon targeting students and new entrants to the industry, I figured that would match well with where I was already comfortable speaking, as students had been a major focus area for me in recent years already. This allowed me to expand my audience a little bit, as PancakesCon has more exposure to the general industry than speaking to a class or university club does while keeping it manageable, anxiety wise.

Once they get talks uploaded to the PancakesCon YouTube channel, I hope to get some feedback from a few folks. However, initial feedback I saw on Mastodon and the PancakesCon Slack seem generally positive, which I'll take as a win.

Behind the Screen

As this was my first industry talk, I had no idea what to expect going into it, outside some initial research in CFPs that didn't really answer any of my questions. After PancakesCon 5, I spent a fair amount of time trying to figure out a talk topic. Like most ideas, they often came while I was showering and then had to try to scramble to get them down in my phone. With Lesley moving to Australia and therefore PancakesCon moving from the spring to the fall, I had a little more time to workshop some ideas than I otherwise would have. Part of this was bouncing some talk ideas off a few coworkers at SecretCon for the technical part. However nailing down the non-technical part was trickier.

The CFP opened, and I had just finished up a D&D campaign with my group. It was essentially a mashup of The Lost Mines of Phandelver mixed with The Dragon of Icespire Peak that my insane DM cooked up. I stepped away from being the Forever DM a few years ago, but I still enjoy DMing. I just needed to take a step back so I could focus on my career a little more. Fighting the Big Bad Evil Guy in my DM's campaign made me think about when I created an extension of Baldur's Gate: Descent into Avernus which covered a new rise of Vecna, before Wizards of the Coast created a 5e version of him. I reminisced on how I enjoyed workshopping him, and then the non-technical part of the talk hit me. I wanted to write about creating D&D villains, because I've had a lot of fun with it over the years.

YOLOing the CFP

I had my topic, next up was working an abstract. I actually still have my first draft of the abstract. I didn't end up changing a whole lot between my initial draft and my final.

Initial Draft of CFP Abstract

Part 1: A Primer on Windows Access Control. This part of the talk will cover the 3 parts of ACLs on Windows, Discretionary ACL, System ACL, and Access Control Entries at a high level, then dive in a little deeper into Discretionary ACLs on NTFS file permissions.

The idea here is to connect the permissions that appear in the GUI and tie it the underlying name used in PowerShell, and demonstrate what they do using a text file as an example. The Advanced permissions of NTFS are more complex than Linux file permissions and initially confused me when I started working with them. Therefore I think I could help shed some light on what they do to help newer Windows Admins better understand how ACL's work.

Part 2: Creating a Compelling D&D Villain. This part of the talk will start by asking "What makes a great villain?" From there, I am planning to go into a case study on some memorable D&D 5e villains such as Strahd von Zarovich, Zariel, Vecna, Tiamat and others.

The goal is to highlight traits that make them great villains, and show how their motivations, methods, and personalities contribute to their reputation as a great D&D villain. While highlighting these traits, I plan to show Dungeon Masters how they can take inspiration from these characters and remix ideas to create a compelling new villain that their party members will love to hate.

I'm fortunate enough to work for SpecterOps, which means that we have an internal editor that I asked for some advice on my abstract for my final version. Thank you Sarah for helping with refinements!

Final Draft of CFP Abstract

Part 1: A Primer on Windows Access Control. This part of the talk will cover the 3 parts of ACLs on Windows, Discretionary ACL, System ACL, and ACEs at a high level before diving a little deeper into DACLs on NTFS file permissions. I intend to connect permissions that appear in the GUI to the underlying name Windows uses while demonstrating what those permissions do using a basic text file as an example. Given the advanced permissions of NTFS are more nuanced the standard read, write, execute permissions, showing how the additional permissions can affect files could prove useful for new Windows administrators to better understand how to lock down their filesystems.

Part 2: Creating a Compelling D&D Villain. This part of the talk will consist of a case study on some memorable D&D 5e villains such as Strahd von Zarovich, Zariel, Vecna, Tiamat, and others. The goal is to highlight traits that make them great villains, The audience should come away understanding how their motivations, methods, and personalities contribute to their reputation as a great D&D adversary. While highlighting these traits, I plan to show Dungeon Masters how they can take inspiration from these characters and remix ideas to create a compelling new villain that their party members will love to hate.

Submission

As far as actually submitting the CFP is concerned, PancakesCon uses a Google Form to handle it. The form contains a short summary of what the con runners are looking for, code of conduct, and deadlines. It then asks for the following:

• Email
• Talk title
• Abstract
• If you've spoken at PancakesCon before
• Time frame that you are comfortable speaking
• If you're comfortable being a backup speaker
• If you are comfortable or interested in being referred to ComfyCon if not selected for PancakesCon (They were partnered up this year)
• Name or Handle
• Social Media accounts

The CFP review is blind, so I think the review board gets everything except for email, name, and social media accounts in their review.

For just a moment, I want to make a quick tangent for my past self. When people are talking about submitting CFPs, THIS IS WHAT THEY MEAN. It's just some basic information on your talk, plus whatever additional questions the specific con you are submitting to wants answered. For some reason, I either missed the boat here, or made it sound way larger in my head than it actually is. It's not scary, just a Google Form, at least in this case.

A few weeks later, I received an email from Lesley saying that my talk was accepted!

Outlining and A Little Research

I started with the technical part of the talk, "A Primer on Windows Access Control" as I had a game plan in place for it already. I kicked off efforts with an outline.

## Questions I am hoping to answer
- What is access control?
	- What is it for?
- What does access control apply to?
- How does it work? (Surface level)
	- DACL
		- Access
	- SACL
		- Auditing
	- ACE
		- Specific entries
- Demo showing NTFS file permissions
	- GUI first
	- Correlate them to the WinAPI values
	- Explain how they are used and how they can be abused

Then, I fired up my Dev VM, created breakfast.txt, then started manipulating it and grabbing screenshots along the way. It took a few hours to get everything the way I wanted into the slides, but I was able to get it done in an evening. As you can see in the outline, I actually intended to showcase the permissions better in my talk, however I was running up to the 20 minute limit as it was, so those slides were cut. If you attended the talk, or watched it on YouTube, you'll know that I showed read permissions. I had planned to showcase write, execute via a batch file, modify, and full control too. The main reason I kept read in there, and skipped the rest was because I was proud of the haiku I wrote for the talk and wanted to showcase it. I also felt that given the time limit, changing context to a batch file could have been confusing when demonstrating execution, and would have needed to take 15-20 seconds to explain the context shift, which I wanted to avoid.

If I could change one thing about the talk I would have done a better job showcasing the other permissions. Also, after the livestream just to make 100% sure I wasn't losing my mind, I checked that Read and Execute was giving GenericWrite permissions when looking at the DACL with Powershell. I didn't make a mistake. It's just weird. I haven't been able to find a conclusive reason for this yet, but I will probably dig into it a little deeper. It's weird and doesn't make sense to me.

So. Much. Reading.

I knew from the outset that the second half of the talk, "Creating a Compelling D&D Villain" was going to be significantly harder. I knew going into this that literary analysis isn't a strong suit of mine, as I haven't really dug into it since college, despite being a Hello Future Me fan. What I underestimated however, was the sheer amount of reading I was doing to make sure I properly understood the villains I would showcase. I had initially planned on showcasing 4 villains. Zariel, Tiamat, Strahd, and Vecna. Tiamat was cut at the last minute for time constraints. I ended up reading a bunch of 5e books and the Forgotten Realms Wiki to make sure that I didn't miss anything critical about each of the villains I showcased.

Zariel

Zariel was the first villain that came to mind, as I ran Baldur's Gate: Descent Into Avernus for my party when COVID forced us to play online. Since I spent a year DMing it, I already had a pretty good idea of how she thinks and operates. I liked her backstory and thought it would fit well with what I wanted for the talk.

• Baldur's Gate: Descent Into Avernus
  • Because it covers basically everything about her
• Chapter 1 of Mordenkainen's Tome of Foes
  • Supplementary information on the Blood War, additional information on Devils and their Infernal Hierarchy.
• Forgotten Realms Wiki
  • Zariel
  • Archdevil
  • Asmodeus
  • Nine Hells
  • Avernus
  • Blood War

As I was reading, I was of course, building an outline.

## Background (Before events leading to BGDIA)
- Solar Angel of Lathander
	- Highest ranking type of angel
	- Directly serves her assigned Deity
- Wanted to intervene in the blood war
	- Policy of Mount Celestia at the time was essentially let demons and devils fight it out. Less evil the better
		- Zariel wanted to stamp out any and all evil. Felt it imperative to personally intervene
	- Zariel defied her superiors (god?), went to Eltruel, formed the Hellriders and intervened
		- Some of the hellriders' resolve wavered, returned home, then sealed Zariel and the remaining Hellriders in Avernus
			- Hellrider name came later. The charge was called "The Ride"
		- Zariel lost her left hand and with it, her sword
			- Yael was ordered to hide the sword and Lulu on Avernus so it could not be corrupted 
	- Zariel, and 2 other generals were eventually captured and sent to Nessus before Asmodeus
		- Asmodeus commended Zariel's conviction and battle prowess, and offered Avernus to give her a permeant station to fight against demonic hordes
			- Zariel agreed to the terms, and fell from grace
			- One general committed suicide, before being resurrected as a Death Knight
			- The other was also turned into a Devil
            
## Motivations
- Multifaceted
	- Archdevil
		- Collect souls
			- Quota
			- Increase army size
		- Don't get toppled from Power
	- General
		- Wage battle in the Blood War
			- Done this by Orchestrating "The Descent" with Kreeg
				- Kreeg sold out the city when it was conquered by a vampire lord and an undead army
				- Created "The Companion"
					- Trapped Planetar
					- Drove off undead army
					- Kreeg took credit
				- Companion was timed to "go dark" and pull Eltruel into Avernus
					- Kreeg knew the timeline
				- Kreeg bound souls of Eltruel with "The creed resolute"
			- Baldur's Gate was planned next before BGDIA
				- This is planned with Thalamra Vanthampur getting the Flaming Fist to disband, and have her take over as leader of the city
					- Funded by gold stolen from Tiamat
				- Goal is to use Thalamra to orchestrate the "sale" of the city to Zariel
                
## Personality
- Vengeful
- Contempt
	- Mortals
	- Demons
	- Not proven warriors/weaklings
- Zealotry
	- Slaying demons at all costs
	- Lead to her fall
    
## Party Interactions
- Ransoming the party
- Potential redemption with the help of Lulu
- Otherwise just wants to fight demons and anyone who prevents her from fighting demons.
- Offers deals to the purest party members
- Offers deals to the most battle-worthy party members

As you can see, I had to barely scratch the surface when working on this talk. Especially since Avernus has a surprisingly amount of political drama and interconnected stories which can cause the party to have a pretty significant effect on the politics of the Hells. Even this feels like I still have stones unturned. However, I had more villains to profile, so next in line was Tiamat.

Tiamat

Tiamat is everywhere in 5e, so I wanted to put her in as well. However, despite Tiamat being in D&D since basically forever, there's simultaneously a ton of information about her, and also surprisingly little. She gets talked about frequently, and her influences have shown up pretty often in campaigns over the years, however there's a lot more talking about Tiamat than there is of Tiamat actually doing things. She's kind of like a damsel in distress, if that damsel is evil and just generally wants to ruin everyone's day. Also being a giant 5 headed colorful dragon queen. Anyways, to prepare for Tiamat, I read:

• Baldur's Gate: Descent Into Avernus
  • She's a significant secondary villain in this book
• Tyranny of Dragons
  • This is the combined re-publishing of 2 previous adventures
    • Horde of the Dragon Queen
    • Rise of Tiamat
• Fizban's Treasury of Dragons
  • Covers some ancient lore
• Sword Coast Adventure's Guide
  • The portions which cover deities
• Dungeon Master's Guide (2014)
  • Specifically covering the Dawn War deities
• Forgotten Realms Wiki
  • Tiamat
  • Tiamat's Lair
  • Church of Tiamat
  • Bahamut
  • Untheric Pantheon
  • Elegy for the First World
  • Thousand Year War
  • Dragonfall War
  • Orcgate Wars
  • Battle of the Gods

Maybe there's some content in older editions of D&D which do a better job of showcasing Tiamat rather than telling you things she did, but in 5e she's not highlighted as well as I had hoped. Additionally, her being a goddess that's been around a while, she has a lot of conflicting information in her backstory and mythos. This is common when dealing with deities in D&D, but if you're unaware it can be confusing. Here's the resulting outline that came from all that reading.

## Background (Before events leading to BGDIA)
- Goddess of Evil Dragons
- Fought against giants in the Thousand Year War
	- Lost a fight against an unknown Giant god and was imprisoned in Avernus
		- Allegedly
- Otherwise just a menace

## Motivations
- To be freed from her prison in Avernus and return to rule the material plane
	- Create a horde of treasure
	- Gather an army to protect Tiamat's invasion
	- Capture prisoners to feed their souls into the ritual
- Grow horde

## Personality
- Vengeful
- Spiteful
- Selfish

## Party Interactions
- Using the cult of the dragon to loot villages and ship it to the northern portion of the Sword Coast
- Using the cult of the dragon to summon her out of Avernus

Unfortunately, there isn't much to show despite all that effort. This is what I mean by Tiamat being everywhere and also nowhere. There's so much talk about Tiamat but not much of Tiamat doing stuff.

Strahd von Zarovich

Strahd is well known within 5e as Curse of Strahd has been one of, if not the best selling standalone campaigns. Curse of Strahd was also the first campaign that I finished as a player and not a DM, so I wanted to showcase him because my DM absolutely killed it. Curse of Strahd also does an excellent job focusing in on The First Vampire, and therefore required very little supplemental reading afterwards. The entire reading list:

• Curse of Strahd
  • Basically contains all his backstory
• Van Richten's Guide to Ravenloft
  • Supplemental reading
• Forgotten Realms Wiki
  • Strahd von Zarovich
  • Dark Powers
  • Tatyana
  • Barovia
  • Domains of Dread
• Vecna: Eve of Ruin
  • Covers what Strahd has been up to since the events of Curse of Strahd

Fortunately, since Curse of Strahd is extremely information dense on it's Big Bad Evil Guy compared to most campaign books, most of the outline was created from just that one book.

## Background (Before events leading to COS)
- In life, Strahd conquered the land of Barovia, then named it after his father
- After the war, he started studying magic
- Made a deal with the Dark Powers for immortality
- Built Ravenloft (Castle) and invited mother and brother to it
	- Ravenovia died on the way
	- Sergei lived there afterwards
- Courted Tatyana, but she fell for Sergei
- Strahd murdered Surgei and drank his blood (Sealed the pact)
	- Turned him into a vampire
- Tatyana hurled herself off a balcony to avoid Strahd
- Guards attempted to kill him, but couldn't
- Barovia was then sealed away into the Shadowfell
- Lordship over Barovia granted by the Dark Powers grants Strahd the ability to know when strangers arrive, and gives him control over the weather
	- Uses this to make sure clouds are so thick that he can go out during the day
    
## Motivations
- Turn a reincarnated Tatyana into a vampire spawn consort
- Find a monster hunter to capture and torture him
- Hold power in Barovia

## Personality
- Appears to be calm and collected, but flashes to rage when things dont go his way
- Dark, playful sense of humor. (In the same way a cat does)
- Vengeful when crossed by party members

## Party Interactions
- Plays with the party, taunting them and driving a wedge between them
- Uses spies (wolves, barovians, vistani) to keep an eye on adventurers. The spy may steal something of the party's to keep a better eye on them. 
- Supporting druids to summon a gulthias tree and sack the winery
- Weeping over Sergei
- If Strahd wins the final confrontation, he will turn the party into vampire spawn under his control.
- Regain control of the Tome of Strahd if taken from him

Now onto Vecna, the biggest, baddest, most evil Big Bad Evil Guy. Or at least, he's supposed to be.

Vecna

For Vecna, I started with Vecna: Eve of Ruin, as I wanted to go in without my pre-conceived notions of how he should be, as I ran him as the villain for an extension for Baldur's Gate: Descent into Avernus I wrote for my party after they wrapped up the published campaign. After finishing the book, I realized that I really didn't like what Wizards of the Coast wrote on Vecna for 5e.

His fighting style makes absolutely no sense, as a lich should fight like an undead wizard. Because he is literally, an undead wizard. Instead, Wizards of the Coast decided that he needed to be run like a weird half caster (but not really) not-quite-a-rogue for some reason? He's got the damage output that he should, which is great. However for an undead wizard, the fact that he only has 13 spells is a crime. Of those 13, only a handful of high level spells at all. So much for Vecna being one of the most powerful wizards in D&D history.

Anyways, I have other issues with Vecna: Eve of Ruin, in that he's barely present. Characters have a "link" to Vecna they get early on. They fight some cultists, sure, but I was hoping for so much more. It feels like they wanted to write a story about Kas but went "Oh we need multiversal stakes to wrap up 5e 2014 so lets add Vecna". Anyways, DM rant aside this is what made me decide to tell the story of Vecna from 2nd edition. I used this story when writing Vecna when I ran him in my homebrew. This was my reading list.

• Vecna: Eve of Ruin
  • It has a very "Avengers: Endgame" feel to it though, which isn't necessarily bad. Just not what I would have done.
• Mordenkainen's Tome of Foes
• Dungeon Master's Guide (2014)
  • He's mentioned in here quite a bit with his artifacts
• Veecna Lives!
  • This is a 2e adventure + some notes I took when reading it a few years ago
• Vecna Reborn
  • This is also a 2e adventure
• Die Vecna Die!
  • This was the final 2e adventure and sets up the multiverse for changes that Wizards of the Coast made in 3(.5)e after they bought TSR
• This reddit post
  • I used this as my jumping off point when researching Vecna as a homebrew villain
• Forgotten Realms Wiki
  • Vecna
  • Lich
  • Hand of Vecna
  • Eye of Vecna
  • Book of Vile Darkness
  • Raven Queen
• Grayhawk Wiki
  • Kas
  • Sword of Kas

And now, time for the outline. This was mostly compiled from my homebrew notes plus additional notes from Vecna: Eve of Ruin

## Background (Before events leading to VEOR)
- Son of an abusive evil necromancer (Mom)
	- Dad not mentioned
- Mom was executed for witchcraft
	- By paladins and clerics of good aligned gods
- Murdered guards and escaped the city
- Vecna became a necromancer 
	- With the help of The Serpent
	- Some say he joined a monastery
	- Some say he was enslaved by wizards
- Becomes a lich with Orcus's help
- Attempted to conquer hometown
	- Failed
		- Saved by Acerack
- Takes Acerack as apprentice
- Successfully conquers hometown 
	- 1000 years later
	- On the verge of conquering Fleeth, the officials of the city came before him to beg for mercy. They offered up the entire city and her wealth if only Vecna would spare the lives of her citizens. When Vecna was not satisfied, the officials offered their own lives. Vecna gave one of their number, Artau, and his family, over to his lieutenant, Kas, who spent the entire day torturing and murdering them before the other officials. Still unsatisfied, Vecna slaughtered all within the city, and had their heads stacked before the officials, with those of their family members prominent. Vecna then granted his mercy, granting the officials leave to depart, and promising them his protection for the rest of their lives.
- Vecna conquers a large kingdom
	- Gets bored
	- Delegates a significant amount of work to Kas
- Gives Kas the Sword of Kas
- Kas betrays Vecna, destroying them both and destroying Vecna's kingdom.
	- Except for Eye and Hand
- Comes back in Ravenloft
	- Not explained how
	- Escapes
- God of Secrets (on Oerth)
- Devised a ritual called the Ritual of Remaking to remake the multiverse in his own image
- Ritual is nearly complete in VEOR

## Motivations
- Remake the multiverse into his own image with him as it's undisputed overlord
- Torment Kas until the end of time

## Personality
- *extremely* sadistic
- power hungry

## Party Interactions
- "link"
- Fight the party

Finally, we can start talking about how I got this distilled into ~20 slides. Essentially, I was trying to showcase some personality and a significant act of evil they performed. This is ultimately why Tiamat got cut. With time dictating that one had to go, Tiamat had the least interesting story for me to tell. So off she went as she is not very personally involved in her evil, often pushing the job to lackeys.

Finalizing Slides

At this point, It was time to start crafting the villain. I outlined the process over in this article, so I won't repeat myself here. Once I finished the slides, I went through 2 rounds of QA on them. The first was pretty much immediately after finishing up my slides, then the second was two days later (Friday night before the con). I ran through two dry runs on Saturday, the day before the con. I made a few minor final tweaks and left myself some notes for the presentation.

Presenting

Sunday morning came. I downloaded Zoom onto my personal desktop, double checked my keylight, camera, and mic. Then I messaged the AV person for soundcheck. I was then put into a staging room with 2 individuals who prepped me to go live, then was introduced by Elle Armageddon, and away I went. When I wrapped up, Elle asked some thoughtful questions, which I appreciated. Afterwards, I checked Slack to answer some questions that Elle tagged me in. Then I checked BlueSky and Mastodon for any additional feedback, and initial feedback seemed positive. So I think the talk went okay? If you saw the talk or recording and have any feedback, please let me know!