Infosec call for papers.

Infosec has no shortage of industry events. From the mega-conferences to intimate gatherings of security professionals at all layers of the job title stack, a quick Google search will reveal multiple options for conferences, summits, forums, symposia, and trainings that are scheduled for each and every week of the year.

For smaller events, organizers may handpick speakers based on various criteria and goals for the event. Programming the agenda for a slightly more expansive event, however, often practically requires a call for presenters/papers (CFP) / call for speakers. Not only do CFPs allow the event organizers to fill available spots on the program, but they also help socialize the event; introduce organizers to new names, faces, and voices; and broaden the opportunity for lesser known industry experts to publicly share thoughts, ideas, or research with the community.

MISTI, as an information security and audit training company, produces over 300 events every year, which necessitates constant introductions to new experts. For our larger conferences—InfoSec World chief among them—we open CFPs many months in advance of the scheduled event date. Our advisory boards have seen it all when it comes to talk/presentation submissions and can surely recall some…interesting proposals. As the InfoSec World 2018 CFP kicks off this week, we wanted to provide lessons learned for getting your CFP submission noticed and accepted.

Follow Instructions

It should probably go without saying, but keep in mind that each organization’s CFP is unique, with its own set of preferences and requirements. Many CFPs today use submission forms, which leaves less room for interpretation. However, open text boxes are unavoidable.

Over the years we’ve received submissions that include questions to the advisory board in the “abstract” box; we’ve had submitters write “none” where we’ve asked for “bullet points that describe your session”; we frequently have PR or marketing agencies refuse to provide the proposed speaker’s contact information (thinking they’re protecting the speaker from spam when in reality they’re preventing us from communicating with her/him if she/he is accepted to speak); we’ve had people attach articles or written research instead of a headshot; and my favorite is the one or two submissions every year that are sent to my email inbox with all of the information requested on the form, but are not actually submitted through the form.

With the plethora of infosec conferences and opportunities to submit talks for consideration, it’s easy to get confused or work by rote. That said, take the time to carefully review instructions before submitting. Many review committees or advisory boards will automatically disqualify submissions that don’t follow form, but even for the ones who will cut you some slack, you’re increasing your chances of acceptance if you provide precisely what’s required.

Review Your Submission

Our world has become super-fast paced and current technology has introduced a certain sense of laissez faire when it comes to written communication. Word will automatically highlight typos and awkward grammar, email and text can be set to autocorrect, and mistakes in texts/instant messages/on social media have become essentially accepted (See DamnYouAutocorrect for how these mistakes are celebrated).

Though texting your friend about all the ducks you gave today will surely provide a good laugh, poor grammar in CFP submissions indicates inattention to detail. The review/advisory board is explicitly looking for speakers who put time, effort, and thought into submissions, as the submission is reflective of the kind of work that will be put into the presentation onsite. Sloppy submissions send warning signals and raise concerns about how good or bad the in-person presentation could be.

In addition to the basics of spelling and grammar, check the accuracy in your claims. We’ve seen submissions that misquote published research or survey work (which is especially uncommon when a reviewer participated in writing the research); we’ve received proposals that call a bug a virus, a vulnerability an exploit, or organized criminals nation-state actors. Expect that the review committee knows and will notice these small (or sometimes not-so-small) errors. We all make mistakes from time to time, but scrutinize your submission before hitting “send” and you will increase your chances of having your talk accepted.

Some people might be thinking, “But this is just the submission. I submit to, like, 50 of these conferences every year. I can’t allocate a huge amount of time to the submission process. If I am accepted, though, I will do a GREAT job!”

A) The advisory board doesn’t know that and B) The advisory board can’t trust that. Always, always, always put your best work forward during the submission process.

Be Original

CFPs can generate hundreds or even thousands of submissions, so naturally, reviewers see a lot of repetition. Some things, like popular topics or references to recent security incidents, are expected. And certain quotes (surely you know Sun Tzu and Donald Rumsfeld by now) will definitely make an appearance. But if the focus of your CFP is information in the public domain, that’s a known know (see what I did there?), or has been used at other conferences, the committee can expect that your talk will also be the same old, same old onsite, and that’s not what we’re looking for.

Yes, with thousands of security conferences each year, and the state of the industry being what it is, it’s hard to be original. It’s hard to say something others haven’t said a thousand times. The ultimate goal is to present something new, but since we also need reminders on things like disabling Server Message Block v.1 and limiting admin privileges, aim to present your topic in a new, fresh, creative way. Doing so might resonate—finally—with someone who has been struggling with a particular problem for years, or perhaps it will spark a different approach to an old problem.

Whatever you do, don’t strive to blend in. When a conference receives 25 submissions about IoT security, the most original one will be chosen. Demonstrate through your written words how your talk will be different and thought provoking. Let your personality shine through. Don’t be afraid to be a little “out there.” I always say I’d rather hear a presenter present something controversial and make attendees think than have attendees say, “Heard it 1,000 times before.”

Be Specific

CFP abstracts are tricky to write because the submission must contain a great deal of information in a limited number of words. An effective CFP submission coveys the speaker’s mastery of the topic while individualizing him/her from all other speaker submissions by displaying a new angle, thought process, or solution. It also perfectly encapsulates the entirety of the much-longer presentation that will be given onsite. That said, unless the conference is a true call for papers, most committees don’t want to read 1,500+ words from 500 SMEs each.

Writing a great CFP can be overwhelming for these reasons, and a lot of people worry that if they don’t provide all the information, there’s no possibility the committee will be able to judge her or his depth of knowledge.

The truth is, no 50- or 60-minute talk should try to “boil the ocean” and therefore neither should your CFP submission. The best talks (and therefore the best CFPs) focus on one aspect of a subject not the whole thing. In other words, you wouldn’t try to cover everything you know about cloud security or identity and access management during one short talk, so don’t try to explain it in your abstract either. Be specific and provide details, but don’t think that if you don’t share every itty bitty thing you know about the topic in an abstract that you won’t be considered.

Narrow your subject to something that can be digested during the allocated amount of time, and then focus your abstract around that. Give examples, share what the audience will learn, but don’t try to cover everything in one submission.


In part two of “8 Tips for Submitting an Outstanding Conference Proposal” we’ll take a look at four more recommendations and share words of wisdom gained from years of reviewing CFPs. Stay tuned!