How to get your talk accepted at Black Hat

There’s a wealth of technical information security conferences all over the globe, but Black Hat USA is the only one that gathers so many of the world’s top researchers under the same roof at the same time. In fact, last year more than 11,000 people showed up in Las Vegas to network and attend 110 research-based briefings presented by more than 190 researchers.

Black Hat

Media exposure

The media exposure is immense, with both specialized industry publications and mainstream media covering the talks. And this doesn’t happen only during the event, some of the presentations get hyped months before Black Hat USA even takes place.

With so much publicity, interest to speak at Black Hat is overwhelming and, naturally, in the selection process you go head-to-head with many infosec heavyweights. Speaking at Black Hat is not just a chance to get your work in front of a discerning audience and to create a brand of yourself – it’s become a matter of prestige.

The seriousness of the submission process

The skillset that makes you technically proficient and able to understand something exceedingly complicated doesn’t necessarily translate to the stage and an ability to explain your discovery to the audience.

Most researchers are so focused on the technical aspect of their work that they forget to invest into simplyfing the message, making it clear and accessible, telling the story in an engaging way.

You may not realize it, but even some of the most publicized talks have been rejected in the years before they were presented because their submission just wasn’t good enough at the time.

Let me put the Black Hat USA submission process into perspective for you. Last year there were more than 600 submissions and 24 experts on the review board. It takes a minimum of 30 minutes to review a thoughtful submission, so you can imagine how much time is spent on the process.

What topic should you submit?

“Content is king. We are not trying to anticipate trends. We are, in some ways, creating them,” Stefano Zanero, member of the Black Hat review board, told Help Net Security.

How can you anticipate what will be a far-reaching topic 6 months from now? When it comes to car or rifle hacking, the potential is obvious. However, with many other subjects, interest is often tricky to anticipate.

There is limited space available on the submission form for the description and it’s often difficult for the reviewers to discern what constitutes a thought-provoking talk from such limited information if it’s not written with care.

With a big influx of submissions, you have to make sure yours is understandable to someone who hasn’t done the research and that it explains your presentation well. Frequently, making things short can be quite a challenge in itself.

The biggest mistakes presenters make

Doing the groundwork is not enough. In order to be selected as a speaker you’re supposed to be able to articulate what you’ve done and explain why it’s important.

The biggest mistake you can make is to disregard the submission process as trivial. Let’s face it, you’ve spent a tremendous amount of time on your work, so it makes sense to focus on explaining its merits when pitching the talk. In other words, don’t spend 100 hours on the research and just 5 minutes on the submission form – this approach will backfire on you.

Less is not more in this case. Be thorough and be thoughtful.

Zanero explains from experience: “Writing an article or a proposal is an art and a science, as much as doing an experiment. While we ask for an abstract and not a full academic paper, you still need to convey the key aspects of what you’ve done. Remember that we want to understand your work.”

It happens regularly that two or more researchers pitch talks related to similar topics. At this time it’s critical to have a strong submission since the review board has to be able to discern which of the submissions has the best elements, and will therefore result in a superior presentation.

You have to be able to appreciate the audience. Given the general technical proficiency of Black Hat attendees, many of them will understand what you’re talking about, but you have to be able to take them along for the ride by making it interesting.

Use Google. It may sound as deceptively simple and obvious advice, but you’d be surprised to learn that some don’t use it at all. Occasionally Black Hat gets well-written submissions for talks that show the work and the research, but someone else already did a similar talk 5 years ago.

Advice for new presenters

The quality of submissions is rising steadily along with the quantity, but Black Hat USA is still getting the most pitches.

“If you’re a new presenter, you should try to get into one of the smaller Black Hat events first, since there’s less competition. In Singapore or London you can talk in front of a smaller crowd and hone your speaking skills,” said Zanero.

If you’re a new speaker and entering the infosec job market, smaller shows also make it easier to find your first connections in the industry.

Review questions

Here are some essential questions you should ask yourself when preparing a talk submission:

  • Did you review previous research on the same subject and explain how you built on it, or why it’s different?
  • Is your short description an immediate draw?
  • Did you explain all the important points?
  • Have you removed unnecessary marketing-type descriptions?
  • Based on what you’ve seen accepted at previous Black Hat events, would you deem your submission as a good fit for this type of audience?

Good luck with your submissions and get in touch if you’d like to meet at Black Hat USA this August, I’m definitely attending.