Tom, I think the direction you are leaning would make an interesting and
useful talk. Anything that discusses practical applications or user/site
experience always generates a lot of interest and is usually well-attended.
I wouldn't worry about getting too technical -- you only have an hour,
and as long as there is enough background and business context for
less-technical management types to understand what you are trying to do
and why you are doing it that way, they can get something out of it and
take the red meat details back to people in the trenches. Examples,
sample code, and documentation references are especially important for
the latter.
You might also give a brief introduction to the types of formal
reporting and scanning requirements that your organization needs to
address. I for one don't know what PCI-DSS and FISMA are, or more
importantly, the impact they can have on MCP systems and applications.
Paul