There are many ways a security professional can increase his public profile, and one of these is speaking at a conference. However, getting your work accepted at an event is not easy, as the competition is strong.

Do you wonder what a particular conference is looking for? How long should your submission be? How formal do you have to be? Will your talk will be accepted even though you have never presented before?

Here is some practical advice from leading conferences on things you should pay attention to when submitting a talk.

James Lyne, Director at SANS EMEA

Even serious topics can and should be fun. Don’t get stiff and rely on your PowerPoint, let your passion for a subject flow even if it makes you a little less “polished”.

Do something real and say that you will in your synopsis. People love it when you can show what you are actually talking about. People understand demonstrations screw up but it’s 10x more interesting than pictures.

It can be really tempting to jump on the latest trend in your talk, like submitting on BYOD! Whilst people want to hear about it and no doubt you have good content, competition is typically really stiff and it is hard to make your talk distinguishable from others. Find a different angle and title even if you are talking about that subject.

Speaker reputation and word of mouth are really powerful. Present at some of the smaller tracks and build up your reputation and style. Some conferences such as B-Sides offer a really cool amateur track that can be perfect for this.

Inject personality in to your synopsis, your title and your talk. Keep it short and snappy and don’t give away everything in your synopsis upfront.

Don’t make it a sales pitch. It’s the least effective way of selling and it ruins your content. If you want to mention on your last slide that you can solve it great but your objective is to inform people and provide them with usable information they can walk away fro m the talk with. It sounds so obvious but you would be amazed how many talks I see where they have pitched “Overview of Solution XYZ to solve Virtual Cloud problems”.

Be patient and keep submitting. It can take a couple of years to crack and get in the line up of some shows, but organizers don’t find persistence irritating! They are just struggling to achieve the right balance with other talks. Don’t give up if you get a couple of knocks – sadly I’ve seen a few people do this.

Be REALLY specific on your presentation requirements. If you are doing something live or different, building comfort from the submission that you can deliver can really help at some conferences. I feel like I trust people who know what to ask for way more.

Barry van Kampen, NL Team lead – Hack in The Box

To be sure your submission for a talk (abstract) will be understood properly, it shouldn’t be too long and spoil too much. Your submission has to be balanced.

Length

Don’t make your submission too long. The longer the stories are, the more the CFP panel is going to discuss it.

Don’t make your submission too short either: if we don’t know enough details we can’t judge if it’s interesting enough. A good abstract is between 100 and 500 words.

Add your bio, but make sure it isn’t longer than your abstract for the talk.

Details

Before you write your abstract, create a goal – what would you like to tell the people who will be attending your talk at the conference? Make sure you keep the audience in mind!

Mention this goal in your abstract. This will enable the CFP panel to understand what information you want to relay.

When you write your abstract, always ask yourself: does it support the goal I have?

Make sure to point out the highlights of your talk.

A short line-up of your story is always a nice add-on.

Content

The title needs to be short, powerful and should describe your topic. Has your title previously been used?

The content depends on the conference of course: make sure your topic matches Hack In The Box.

Make sure you are up to date.

If your talk is a “replay” make sure to add new content and mention this very clearly. The people in the CFP panel will visit other conferences as well and any comments like: “He told this before” or “It’s not new, but a replay” will result in a lower chance of acceptance.

Have you asked a fellow colleague whether he/she likes your abstract? This could be very helpful.

Presentation and skills

If you are a new presenter, we don’t know anything regarding your presentation skills. It would really help us if you have any references (i.e. video blogs, interviews or anything) that gives us a chance to learn about your personal style and to determine if it fits ours.

Do you have any special requests? (for example 380V, a video connector cable for your laptop, etc.) Let us know!

Jean Hey, Vice President, Conference Division, MIS Training Institute, InfoSec World

Focus on practical information rather than theory. Our audience consists of audit and security professionals who attend our conferences to find solutions to problems they encounter in their jobs. Avoid theory and history and stick to what works NOW.

Focus on “need to know” rather than “nice to know”.

Ensure your topic is either current or “evergreen”. Yesterday’s hot topic isn’t necessarily today’s problem.

Wherever possible, offer a case study that shows how your ideas have been successfully implemented.

In the session description and in the presentation itself, get to the meat of the topic as quickly as possible, rather than wasting too much time on introductory material (which will probably be covered elsewhere in the conference).

If you give your proposed session a cute title, be sure it points clearly to what the session is about. Better to be straightforward and clear than clever and murky.

We favor users/practitioners/professionals in the field rather than consultants or vendors. If you fall into the latter categories, consider finding a co-presenter that practices what you preach.

Jeanne Friedman, Sr. Content Manager, RSA Conferences

The most compelling sessions come from the speaker’s own experiences in solving real problems. Our delegates are interested in best practices or lessons learned that they can apply to their jobs. If you can provide this type of session you will stand out because many security practitioners

1. May not have permission to share their experiences

2. Are not comfortable speaking in public

3. Are so busy they don’t have the time to submit.

If you are a vendor, the competition is much steeper. However, vendors are exposed to many customer issues and best practices so the same advice applies – submit a session where the audience can come away and immediately apply the learning to their jobs.

Many submitters try to keep up with the latest trends and every year we are inundated with session proposals on the same topic. The winning submissions are ones that take a creative or unusual approach. Some examples are controversy (two speakers with opposing views), new research, real data and metrics, or a different viewpoint on the subject matter.

Per Thorsheim, Organizer of Passwords^

From my perspective, after doing Passwords^XX in 2010, 2011 and 2012, I would start with the best, but still basic advice:

1. Read the CFP

From start to finish BEFORE you start writing your proposal! This is important, so that you do understand if this conference really is suitable for you and your topic. Also, things like travel/accomodation refunds, time/date, location, your own schedule and passport/visa restrictions should be checked thoroughly.

2. Submit in accordance to the CFP

I am amazed how many people fail to provide even simple things like contact information for themselves. Check and double-check before submitting! Personally I prefer receiving a short summary of your planned talk, not just a vague idea for a topic you could potentially talk about.

3. Check your language

You can have the best presentation in the world in your head, but if you can’t describe it in writing in a few sentences, you have a problem.

Consider things like WHY would anyone listen to this talk? WHAT can the audience learn from it? WHO are your target groups for this talk? Catchy titles are important, but adjusting them to the conference audience is even more so.

4. Provide something extra

If there’s a chance you can provide additional information about yourself, do exactly that. If you have a PhD, say so. If you have excellent communication skills, put it into the text. Live demonstrations are hard to do correctly, but can be very convincing. If you have working code, papers or anything else that you will release along with your talk, put it in BOLD TEXT. If you are a crypto mastermind, let us know. Just remember to be honest, there aren’t that many crypto masterminds in this world.

Xavier Mertens, Co-organizer of BruCON

When submitting a talk to a conference, there are several aspects that must be kept in mind.

Once you decided to submit a talk, select carefully the conferences that could accept you. Visit the websites and read completely the CFP. If still online, review the schedule of previous editions and check if your topic goes in the same direction. Some conferences give more focus on “pure” hacking, others to relations with the business etc.

Regions also have an impact. Conferences in the USA focus more on offensive security while others in Europe focus on defensive security. If your talk presents a vulnerabilty in devices used in Europe (ex: specific models of smart-meters or digital passports), the chances of getting to present it to a panel of local people is higher. The key is to ask yourself – is my talk appropriate for the conference?

The content must be written by you and avoid vendor references. I would advise you not present under your company name and remain independent instead. This could avoid some late minute censorship.

How to answer a CFP?

Take your time! Speakers are not chosen based on a FIFO methodology. Often, CFP’s are running during a few months, take the time to brush up your talk

Be honest. You don’t have a lot of experience, so what? If your talk is unique, you’ll win

Fill carefully the submission form and don’t forget important details (it’s like a regular administration form)

Your presentation must be interesting. Find an attractive title. During the conference, visitors will choose to attend your talk based on two parameters – the title and the abstract.

Provide enough details. The goal is not to give a copy of your slides (sometimes they won’t be ready yet) but you must know what will be include in them.

Finally, don’t be disappointed if you receive a negative feedback! Be positive and ask for more details. Why was your submission rejected? Most CFP reviewers will always give you a feedback. Take it into account to improve your skills.

What to avoid?

Basic principles and definitions: most delegates have experience in security and don’t need introductions. The more advanced your content the better.

Marketing or sales titles: you may be extremely technical or have landed in a marketing position due to an acquisition so try to make sure the selection committee knows your background.

Having a PR agency or marketing write your speaking proposal. The danger is your session proposal will be stripped bare of technical detail. A great case study can be turned into a customer reference story. Agencies and marketing can help immensely – they can keep you on deadline, review for typos and grammar, help add sizzle to your title or abstract – but the speaker is the only one who can accurately describe what the session will cover.

Chris Eng, Member of the Advisory Board for SOURCE Conferences

Keep your abstract short. It should be concise – one paragraph. What did you do, how did you do it, and why does it matter?

Specify what’s unique about your submission, especially if it could be perceived as a common topic.

If you’re not a well-known speaker, provide links to videos of you presenting. It is risky to accept an unknown speaker.

Use proper spelling and grammar. Attention to detail matters. If you can’t take the time to prepare your CFP response, you probably won’t work very hard on your presentation either.

Pick an interesting title if you can.

Submit the talk yourself, don’t have your PR company do it. We can usually tell. On a related note, don’t submit five talks thinking it raises your chances of getting accepted. That’s just annoying. Pick the one or two that are best suited for the audience.

Avoid egotistical language. It’s off-putting.

Victoria Windsor, Content Manager for Infosecurity Europe

Keep the visitor at the heart of your submission. Think about your target audience, what their challenges and problems are and how you can provide content and learning that they can take away and apply to their business. Focus on the learning outcomes and benefits to the attendees of your session.

Be innovative, creative and different. In all industry there hot topics and buzzwords and you may wish to cover one of these topics. You will be competing with lots of other submissions so make sure you differentiate your submission – for example present a new angle on a topic or share new research. Make sure your submission reflects your interest in and passion for the topic. Consider different formats for presenting the information to aid engagement with the audience. For example a debate, 20 key questions, 10 steps to success.

Choose the right speaker. Attendees usually want to hear from industry experts, preferably their peers who can share real life insights and experiences and share how they have dealt with problems and issues. They don’t want to hear from sales and marketing professionals. Ask a client to present on your behalf or do a joint presentation to show how a problem has been solved. Share learning and provide practical tips that people will be able to use in their roles.

And finally and most importantly, avoid sales and product pitches. Attendees are looking for educational content. Thinly disguised sales and product pitches always go down badly. It is in your interests to provide practical insights, expertise and information that visitors can apply to their business. By providing solutions to key industry challenges in your presentation, you will enhance your organization’s credibility, demonstrate your thought leadership and show the market that you understand their problems and requirements. If you present a sales pitch you will disappoint your attendees and people will remember that!