Infosec CFP submission tips
Recently updated at
increasing your acceptance rate to a Call for Papers submission
Introduction
So you discovered a Call for Papers (CFP) of a security conference and decided to submit a talk proposal. Great! Now the question is: how to craft that great submission that will land you that presentation slot? This step-by-step guide will cover the related steps and provides tips increase your chances.
Preparation
First impression
The people of the program committee or review board, are typically experts in their field. When a conference covers technical subjects, you can safely assume that most reviewers are technical. Still, they are human and will base their judgment on a first impression. Not surprising, but the first impression counts.
- What is the preferred first impression that your talk proposal should have?
- Ask a friend to review your talk proposal. What is his or her first impression?
- Would the attendees of the conference have a clear picture of the talk proposal?
Information gathering
Pentesters typically start with preparation work, a process called reconnaissance. By learning as much as possible about its target, every step after becomes easier. This reconnaissance phase might be the key to success. That is, if you like to increase your chances to have your submission accepted.
- In what country is the conference and does that impact your performance?
- What type of room is used and what is the average number of attendees?
- Who is the audience? Are they technical experts or beginners?
Writing the proposal
Abstract
The title
The title is one of the hardest parts of creating a good proposal. It needs to be catchy, make people curious, yet avoid being overused. Especially in the infosec industry, there are phrases that are used over and over ("for fun and profit"). People get tired of them, so avoid them at all costs.
It is common to create first the abstract and take your time to come up with a good title. So even if you don't know a good one immediately, just write down something. Rewriting the title takes only a fraction of the time of rewriting an abstract.
Beginner talks can have a simple title, so people know exactly what to expect. Example: An Introduction to Web Application Firewalls. When covering a new product, tool or technique, you could choose for a comparison. Examples: How Cyber Washing will Replace Web Application Firewalls. Ditch your obsolete WAF with this technique.
Are you giving an expert talk about a subject and you know that your audience is highly technical, then you can show that. This will help you also attracting the right attendees. Example: Unraveling the assembly code of the Marabi worm.
Still can't come up with a good name? Have a look at how copywriters and editors work. They typically write for a living and are the ones that created the headlines in a newspaper. There are even generators available, which may give you some hints for your title. If you still can't think of any good name, then why not look at your competition? Look at past submissions that made it publically. You don't have to copy one, but you can definitely be inspired by them.
Submission length
When it comes to submitting a proposal, often you have two options regarding the length. The first option is the type of conference that focuses on scientific research. They often request long-length papers. If you are not a writer, it might be an idea to skip this type of CFPs. The second type is more common: limited length or no restriction. Even with the latter, it is suggested to be brief. Explain what you want to share and what the takeaways for the listener will be.
Readability
Independently of your audience or subject, your abstract should be easy to read. Every complex word or long sentence will slow down the reader, increasing the chance to abandon your proposal.
There are several methods to calculate the difficulty of a text. Examples include Coleman-Liau, Dale-Chall, Flesch-Kincaid, SMOG, Automated Readability Index, and Flesch Reading Ease. They typically calculate the score based on sentence length, word length, syllables, and the numbers of vowels. If you are a developer, have a look at your programming library and measure your texts. Otherwise, the Hemingway Editor is suggested.
Grammar
When discussing grammar, we can be very short: check, check, and check. English will be the preferred language for many conferences, especially those with international speakers. When English is not your native language, use a spell and grammar checking tool. Most spell checkers will flag incorrect words, yet have limited grammar checking capabilities. Grammarly is one of the better options if you are writing in English.
When you have the chance, let a native English speaker review your work. It is just another step that brings you closer to a positive answer from the program committee or review board.
More resources
Articles
Like to learn from other people on how to submit your talk proposal? Have a look at the tips provided by Enno Rey. He has valuable experience on the review board of TROOPERS and Black Hat.