ShmooCon and The Shmoo Group are soliciting papers and presentations for ShmooCon XVIII, to be held at the Washington Hilton in Washington D.C. the weekend of January 20, 2023.
September 19, 2022 – CFP opens
November 30, 2022 – CFP closes at 11:59 PM, EST
December 12, 2022 – CFP notifications go out
January 20-22, 2023 – ShmooCon XVIII
ABOUT SHMOOCON AND THE SHMOO GROUP
The Shmoo Group (TSG) is a group of security professionals from around the world who donate their time and energy towards information security research and development. Many years ago, TSG had an idea. This idea has grown into a community recognized annual security conference attended by over 2000 people.
Our goal for ShmooCon is to educate, inform, and entertain the attendees. ShmooCon is primarily a security conference, but we also encourage innovative and interesting submissions on offbeat technology topics.
ShmooCon has always been committed to providing a safe and healthy environment for its attendees. Based on current DC COVID restrictions, controls in place at the Hilton, and our own decisions on current best practices several policies will be in place. Most notably for you, ShmooCon 2023 will have a mask policy in place for the protection of all in attendance.
Please visit https://shmoocon.org/covid for more information and to follow any changes as we get closer to the con.
WHO SHOULD SUBMIT
We are most interested in new presentations, but important updates on existing work are welcome too. We are also interested in presentations from new faces; therefore, we encourage any individual who has not spoken at a conference before to submit a talk and attempt to make ShmooCon their inaugural event.
ShmooCon has five tracks to accommodate a variety of speaking styles and topics.
- Fast and Furious: 10-minute presentations meant to entertain, educate, and allow you to drive your point home quickly.
- One Track Mind: 20-minute plenary presentations of broad technical interest.
- Build It: 20- or 50-minute presentations about creating inventive software and hardware solutions.
- Belay It: 20- or 50-minute presentations about cutting edge defensive solutions to current problems.
- Bring It On: 20- or 50-minute presentations with an open mind to technology and security related topics.
1. FAST AND FURIOUS
Talk Duration: 10 minutes
Fast and Furious presentations will run on Saturday. There won’t be time for Q&A as we plan to move through these talks in a fairly rapid manner.
Presentations for Fast and Furious may include, but are not limited to:
- Talks that are as much about fun as they are about technology
- Rants, Homages, Calls to Action…you get the idea.
- Research results, particularly focusing on surveys and “state of the industry”
2. ONE TRACK MIND
Talk Duration: 20 minutes including Q&A
One Track Mind presenters have 20 minutes on Friday night to give the entire ShmooCon audience a view into their mind. Presenters beware: You need to be diligent about your use of time as ShmooCon staff strictly enforces the 20-minute time slot which includes any time for audience questions.
Because One Track Mind presentations are plenary, they should be focused on topics that are of a more general interest to security and technology professionals and/or focused on current trends and issues.
3. BUILD IT, BELAY IT, BRING IT ON
When: Saturday and Sunday
Talk Duration: 20- or 50-minutes including Q&A
Presentations in these three tracks run concurrently on Saturday and Sunday and are either 20 minutes or 50 minutes in length. It is the presenter’s responsibility to budget time for audience participation and questions within those time limits – these are hard stops to allow the next speaker time to set up and give audience members time to move between sessions.
You can submit for either the shorter (Build It 20, Belay It 20, Bring It On 20) or longer time slot (Built it 50, Belay It 50, Bring It On 50), or both!
Important – If you would like to be considered for both, you must describe within your submission how you would compensate for the difference in length of your presentation.
Presentations in Build It and Belay It are enthusiastically encouraged to include demonstrations of personally developed techniques, working code, devices with code and/or schematics, or other projects, that are open-source and released to the public for free. We’re serious about this. We want the community to get something from your presentation, we don’t want needless fluff or a vendor pitch. In your CFP response, be sure to indicate what you are releasing. If you aren’t releasing code or something similar, be sure your techniques and methods can stand on their own.
Presentations in Bring It On are intended to be more open discussion and less about the next big tool. While still relating to technology and our community, Bring It On presentations are also chosen to help broaden the perspective of audience members to new topics and new ways of thinking.
Some generalized topics we think might be of particular interest this year include:
- Defensive tooling and related open-source software
- Supply chain security
- New approaches and research in security training
- Melding business needs with technology
- Security user experience improvements
- Breach detection and response
- Managing risk and threats from third parties
- Disinformation and other information operations topics
- Operational security
- Security automation
- Tech policy and politics
Presentations that are rehashes of old talks, primers on known technologies, or vendor pitches are not likely to be accepted. We want ShmooCon to be educational and entertaining to the attendees and the community at large. We expect our speakers to be an integrated part of that experience by delivering talks that are well thought out, well presented, and original.
If you feel you have a presentation that would be appropriate but that does not meet the guidelines in this CFP, feel free to submit it anyway as we sometimes accept out-of-scope talks that are so cool and compelling they’ll obviously be of interest to ShmooCon attendees. Just be sure to include information explaining your reasoning so we can better evaluate your proposal.
Submissions with two or more speakers are welcome at ShmooCon. However, we reserve the right to limit the number of free speaker passes granted to an accepted talk.
Before submitting to ShmooCon we highly recommend that you read all the information on this page, especially the Hints about Submissions section below.
ShmooCon XVIII will continue to use a web-based submission process. Please note that all communications from the conference will be via the contact author.
Beginning September 19, 2022, visit HTTPS://CFP.SHMOOCON.ORG and be prepared with the following information:
- Speaker name(s) and contact information
- Presentation Title
- Track/Time Preferences
- Abstract (copied from your submission)
- A Document in .TXT or PDF format to be uploaded which contains the following in this order:
- Title of Presentation
- Presenter(s) Name
- Abstract of your presentation limited to 200 words or less for use in the ShmooCon program and on the website.
- Bio limited to 100 words for you OR your group (not 100 words per person).
- Detailed Description – the most important part of your submission. You need to provide detailed information that demonstrates your knowledge of your topic and how you will present it to the audience. Do not rely on your abstract to be enough for the review committee. It isn’t. (See more about this in the hints section below.)
- Track/Time Preference – If you submit to more than one track or more than one time option, tell us how you would adjust your presentation accordingly. Do not leave this out.
- Why do you feel this submission is a good fit for ShmooCon?
- List of other conferences at which submission has been presented or submitted.
- Are you a potential first-time presenter at ShmooCon? Have you spoken at any other conferences? If yes, which ones?
- List of facilities requested beyond what is already provided (power, projector with HDMI/VGA input, sound projection, and internet connectivity).
- Submissions that do not follow the above format risk being rejected without review.
- A sample submission is provided as a general example. Your detailed description (number 5 in the above list) need not look like or be formatted like ours, but it should contain more than enough information to convince us of the merit of your talk. In fact, it should be better than what we show in the sample.
- A CFP submission checklist has been created for your convenience.
Speakers accepted to Fast and Furious will receive free admission to the conference.
Speakers accepted to One Track Mind, Build It, Belay It, and Bring It On, receive free admission to the conference and either a $200 (shared) honorarium OR one (1) guest admission to ShmooCon. You will need to inform us of your choice upon being accepted. Please be kind and confer with fellow presenters if applicable before making this decision.
Several alternates will also be chosen and receive free admission. Alternates should come to ShmooCon prepared to present in the event a named speaker is unable to take the stage.
HINTS ABOUT SUBMISSIONS – PLEASE READ THIS
First and foremost, follow the instructions above. We cannot stress this enough. It’s off-putting to open a submission and not find all the information requested. In addition, please submit the information in the format and order requested. Make things easier for us, not harder.
Convince us that we should accept your talk – your abstract is a teaser to the audience, but your detailed description is where you show the review committee why you should be on stage. We don’t need a novel, but the more you help us see how cool/unique/timely/etc. your talk is, the better chance it has of being accepted. Do not just upload slides. You can link to them in your submission as supporting evidence as part of your detailed description if you like, but you should still take the time to describe your presentation in the uploaded document.
Give us the spoilers! We’re not the audience, we’re the selection committee. Often, we get a proposal that outlines an excellent situation with a problem that needs to be fixed, insightful analysis and then merely the promise of an exciting solution. That’s great for the abstract, not for the explanation. We need to know the solution, the punch line, or the story’s exciting conclusion. If you don’t tell us the whole thing, we’re going to presume the ending is disappointing.
Spelling does count! Let spell check do its job and present us with a professional looking submission. Also, sentences start with capital letters. As for oxford commas and spaces after a period, we’ve agreed to disagree on those for now.
On a similar note – Spell ShmooCon and Shmoo correctly. Your submission stands out for the wrong reasons if these words are presented incorrectly. There is only one C in ShmooCon and not a one in the word Shmoo. Bonus points if you remember to capitalize the single C.
Finally, please be respectful to those who have come before us. Where appropriate, reference prior art and the work of others in this space. We will admit that the records of who has done what in the hacker community can be hard to piece together and prior art is often hidden in strange places. However, if the Program Committee does a quick Google search on your topic area, we would expect to see relevant and directly related prior art referenced in your submission and presentation.
FOR A BIT OF FUN
You might have noticed we have a bit of a Broadway/theater theme going on this year. In general, our graphical themes have almost nothing to do with the actual content of the con – it just helps us give a somewhat cohesive look to any given year. However, this time we thought it might be fun if talk titles played along. Fake bonus points if your talk title is a pun or riff on a Broadway show/song, etc. No worries if it’s not your thing, it absolutely won’t count against you.
Members of TSG and select ShmooCon volunteers review all submissions.
If you submitted – Thank you!
If you get accepted – Congratulations!
If you aren’t accepted, don’t fret. Remember that we receive many more submissions than we have room for in our program and this absolutely means that talks with merit get turned away. Keep submitting elsewhere. Submit to us again next year. And again, thank you.
Questions can be sent to email@example.com.