ShmooCon and The Shmoo Group are soliciting papers and presentations for the fifteenth ShmooCon to be held at the Washington Hilton in Washington D.C. the weekend of January 18, 2019.  This information is also available as a PDF.


September 15, 2018 – CFP opens
November 18, 2018 – CFP closes at 11:59 PM, EST
December 10, 2018 – Final CFP notifications go out
January 18-20, 2019 – ShmooCon XV


The Shmoo Group (TSG) comprises security professionals from around the world who donate their time and energy towards information security research and development. Many years ago TSG had an idea. This idea has grown into a community recognized annual security conference attended by over 2000 people.

Our goal for ShmooCon is to educate, inform, and entertain the attendees. ShmooCon is primarily a security conference, but we also encourage innovative and interesting submissions on offbeat technology topics.


We are most interested in new presentations, but important updates on existing work are welcome too. We are also interested in presentations from new faces, therefore, we encourage any individual who has not spoken at a conference before to submit a talk and attempt to make ShmooCon their inaugural event.


ShmooCon has four tracks to accommodate a variety of speaking styles and topics.

  • ONE TRACK MIND – Plenary presentations of broad technical interest
  • BUILD IT – Creating inventive software and hardware
  • BELAY IT – Cutting edge defensive solutions to contemporary problems
  • BRING IT ON – Open discussion of technology and security topics

One Track Mind
When: Friday
Talk Duration: 20 minutes

One Track Mind presenters have 20 minutes on Friday night to give the entirety of ShmooCon a view into their mind. Presenters beware: You need to be diligent about your use of time as ShmooCon staff strictly enforces the 20-minute timeline. You will have just a few minutes for audience questions while we switch to the next talk.

One Track Mind presentations should showcase material that will appeal to the ShmooCon audience at large.

Presentations for One Track Mind may include, but are not limited to:

  • Software or hardware releases that have broad appeal
  • Research results, particularly focusing on surveys and “state of the industry”
  • Talks that are as much about fun as they are about technology
  • Rants, Homages, Calls to Action…you get the idea.

Build It, Belay It, Bring It On
When: Saturday and Sunday
Talk Duration: 20 minutes OR 50 minutes

Each track will contain six 20-minute presentations and six 50-minute presentations. If you would like to be considered for both, please describe within your submission how you would compensate for length of presentation.

Presentations in these three tracks run concurrently on Saturday and Sunday and are either 20 minutes or 50 minutes in length. It is the presenter’s responsibility to budget time for audience participation and questions – there are hard limits.

Presentations in Build It and Belay It are enthusiasticly encouraged to include demonstrations of personally developed techniques, working code, devices with code and/or schematics, or other projects, that are open-source and released to the public for free. We’re serious about this. We want the community to get something from your presentation, not just 50 minutes of fluff or a vendor pitch. In your CFP response, be sure to indicate what you are releasing. If you aren’t releasing code or something similar, be sure your techniques and methods can stand on their own.

Presentations in Bring It On are intended to be more open discussion and less about the next big tool. While still relating to technology and our community, Bring it On presentations are also chosen to help broaden the perspective of audience members to new topics and new ways of thinking.


ShmooCon presentations should be focused on topics that are of interest to security and technology professionals who are paying attention to current trends and issues.

Some topics we think might be of particular interest this year include:

  • Formal Methods for Security
  • Sustainability of Open Source Infrastructure
  • New approaches to IOT and OT security
  • Breach Detection and Response
  • Operational Security
  • Security Automation
  • Tech Policy and Politics
  • Advances in Security Education
  • Workforce Development

Presentations that are rehashes of old talks, primers on known technologies, or vendor pitches are not likely to be accepted. We want ShmooCon to be educational and entertaining to the attendees and the community at large. We expect our speakers to be an integrated part of that experience by delivering talks that are well thought out, well presented, and original.

If you feel you have a presentation that would be appropriate but that does not meet the guidelines in this CFP, feel free to submit it anyway as we sometimes accept out-of-scope talks that are so cool and compelling they’ll obviously be of interest to ShmooCon attendees. Just be sure to include information explaining your reasoning so we can better evaluate your proposal.


 Submissions with two or more speakers are welcome at ShmooCon. However, we reserve the right to limit the number of free speaker passes granted to an accepted talk.


ShmooCon XV will continue to use a web based submission process.   Please note that all communications from the conference will be via the contact author.

Beginning September 15, 2018, visit HTTPS://CFP.SHMOOCON.ORG and be prepared with the following information:

  • Speaker name(s) and contact information
  • Presentation Title
  • Track Preference (may select more than one but please describe how your talk would differ between tracks in item 6 below)
  • Abstract (copied from your submission)
  • Document in TEXT or PDF format which contains the following in this order:
    1. Title of Presentation
    2. Presenter(s) Name
    3. Abstract of your presentation limited to 200 words or less for use in the ShmooCon program and on the website.
    4. Bio limited to 100 words for you OR your group (not 100 words per person).
    5. Detailed Description – the most important part of your submission. You need to provide detailed information that demonstrates your knowledge of your topic and how you will present it to the audience. Do not rely on your abstract to be enough for the review committee. It isn’t.
    6. Track Preference – include how you would adjust your presentation for track or time considerations.
    7. Why do you feel this submission is a good fit for ShmooCon?
    8. List of other conferences at which submission has been presented or submitted.
    9. Are you a potential first time presenter at ShmooCon? Have you spoken at any other conferences? If yes, which ones?
    10. If accepted, would you be willing to write a 1000 word article about your topic for ShmooCon Proceedings?
    11. List of facilities requested beyond what is already provided (power, projector with VGA input, sound projection, and internet connectivity).

Please Note: Submissions that do not follow the above format risk being rejected without review. 

A sample submission can be found online at We provide this as a general example. Your detailed description (number 5 in the above list) need not look like or be formatted like ours, but it should contain more than enough information to convince us of the merit of your talk.

A CFP submission checklist has been created for your convenience.


Speakers in all tracks receive free admission to the conference. Accepted talks also receive a $200 (shared) honorarium OR one (1) guest admission to ShmooCon. You will need to inform us of your choice upon being accepted. Please be kind and confer with fellow presenters if applicable before making this decision.

Several alternates will also be chosen and receive free admission. Alternates should come to ShmooCon prepared to speak.


First and foremost, follow the instructions above. We cannot stress this enough. It’s off-putting to open a submission and not find all the information requested. In addition, please submit the information in the order outlined. Don’t make it hard to find.

Convince us that we should accept your talk – your abstract is a teaser to the audience, but your detailed description (number 5) is where you show the review committee why you should be on stage. We get five to six times as many submissions as we have slots. The more you help us see how cool/unique/timely/etc. your talk is, the better chance it has of being accepted.

Spelling does count!  Let spell check do its job and present us with a professional looking submission. Also, sentences start with capital letters.  As for oxford commas and spaces after a period, we’ve agreed to disagree on those for now.

On a similar note – Spell ShmooCon and Shmoo correctly. Your submission stands out for the wrong reasons if these words are presented incorrectly.  There is only one C in ShmooCon and none at all in the word Shmoo.  It’s a bit like spelling the name of the college wrong on a college application.

Finally, please be respectful to those who have come before us. Where appropriate, reference prior art and the work of others in this space. We will admit that the records of who has done what in the hacker community can be hard to piece together and prior art is often hidden in strange places. However, if the Program Committee does a quick Google search on your topic area, we would expect to see relevant and directly related prior art referenced in your submission and presentation.


Members of TSG and select ShmooCon volunteers review all submissions.


If you submitted – Thank you!

If you get accepted – Congratulations!

If you aren’t accepted, don’t fret. Remember that we receive many more submissions than we have room for in our program and this absolutely means that talks with merit get turned away. Keep submitting elsewhere. Submit to us again next year.  And again, thank you.

Questions can be sent to