Training: 8–9 November 2016
Tutorials & Conference: 9–11 November 2016
Amsterdam, NL

Security Conference call for speakers information

Call closed 23:59 24 May CET.

We invite proposals from practitioners who want to have real conversations about security: security analysts, engineers, and administrators, developers, testers, results-focused QA researchers of all kinds, chief security officers, leaders in risk and audit, and security data scientists. If you’re on the front lines of defense with stories of great success and worthy failure, especially if they provide clear ideas for what to do next, let us hear from you. And while people need a sense of what’s possible, bring concrete technical solutions above all else. Please read our tips for preparing a proposal, and then submit your idea by 23:59 CEST 24 May 2016.

Themes we’re focusing on for the conference program include:

Bridging the gap
Security is not done for its own sake—it’s a business necessity. How can we break down the insularity of security teams and communicate effectively with other departments and decision-markers?

  • The wisdom or folly of creating a separate risk-management cycle
  • The true cost of security problems in both time and resources
  • Secure vs. cheaper vs. faster – what are the tradeoffs, and how do you work with the business side of your organization to discuss these?
  • Balancing security and privacy
  • What language can defenders use to reach leaders and decision-makers in their organization?
  • External factors vs. internal controls: Competitive influences, innovation, regulation, international considerations

Tech, tools, and processes
We’re hearing a lot about magic tools that can automate our work, often using “big data” as part of the incantation. What are the best methods for improving security, particularly those that introduce fewer vulnerabilities and demand fewer developer, maintenance, or monetary resources? How can effectiveness be measured, given the current lack of comparative analytics and data?

  • DevOps style instrumentation and measurement
  • Building security in: Dev/Test/Integration tools and processes that help develop secure software
  • Integrating security as part of UX design
  • Learning from the environment – what’s actually working?
  • Working around the complexity of increasing technical debt
  • Supporting innovation without losing control of existing controls
  • Making the invisible wins visible
  • Injecting pragmatism and sustainability into defense tools and processes
  • Thrifty best practices: myth or reality?
  • Using data and risk analysis to identify priorities and measure progress
  • Reducing the technical competency necessary for companies to be secure, particularly for companies without a dedicated security team
  • Increasing compliance productivity
  • Unsung tools that are currently available and effective, but unused

Security in context: Data, research methods, and the sciencification of security
Security in general has a mindset that the problems being faced are unique and in some ways they are, but analyzing large sets of complex data is the bread and butter of data scientists. How can practitioners leverage the methods of data science, from collection through analysis, to make improvements to security and operations? How can data be used to make good, actionable decisions, particularly when much of the existing data is from vendor reports?

  • WWDSD: What would data scientists do if security was their problem?
  • How to work with, or around, threat intel
  • The right data to collect: What’s the role of external, easily available data sources in an internal security program?
  • How are security exposures, issues, performance, and investments measured?
  • What is the role of user-level data in a security program?
  • Data visualization tricks and tips to get situational awareness, improve detection and response
  • Statistics 101 for security: How to read your data and evaluate research results
  • A/B testing applied to Dev, Ops, & Security
  • Affordable and accessible data tools for security pros
  • Finding and leveraging benchmarks and metrics
  • Using attacker tools/methods to generate ground truth for data-driven defense

The human element
How have you built a successful, responsive security culture at your company? Communication and collaboration can make the difference between a win and a loss during the stress of a breach or attack. We’re looking for stories of hiring, training, team structure, and changing behavior that lead to better security.

  • How do you build an organization that will respond well to security events in 10 years, when the security concerns of today will be irrelevant?
  • Decision-making under stress and uncertainty
  • How do you respond to a breach or other vulnerability?
  • What is your response to failure? How you respond to failures represents a more important metric than whether or not there has been a failure
  • Building a bridge to service design and UX, to talk about security as helping users accomplish their goals more than as stopping machines from getting owned
  • Security industry workforce trends that practitioners and management teams need to know
  • What about end-users? The best defensive practices, tools, and tips for people outside the corporate firewalls

Case studies
What does success look like? If all goes well, few people will ever know how you saved the day. Talking about failures is hard, and might be frowned on by your company. But sharing what things led you to discovering that something was wrong and how you responded when you discovered a breach, might save others a lot of heart(bleed) ache.

Topics

  • Bridging business and security
  • The human element
  • Security in context (security datasci)
  • Tools and processes

Proposals will be considered for the following types of presentations:

  • 40-minute presentations, discussions, or panels
  • 90-minute tutorials
  • 3-hour tutorials

Required information

You’ll be asked to include the following information for your proposal:

  • Proposed title
  • Overview and extended descriptions of the presentation
  • Suggested main topic
  • Speaker(s): biography and hi-res headshot (minimum 1400px wide; required)
  • Prerequisite knowledge and/or requirements needed by attendees
  • A video of the speaker (strongly recommended)
  • Reimbursement needs for travel or other conference-related expenses (if you are self-employed, for example)

Tips for submitting a successful proposal

Help us understand why your presentation is the right one for Security. Please keep in mind that this event is by and for professionals. All presentations and supporting materials must be respectful, inclusive, and adhere to our Code of Conduct.

  • Pick the right topic for your talk to be sure it gets in front of the right program committee members.
  • Be authentic. Your peers need original ideas in real-world scenarios, relevant examples, and knowledge transfer.
  • Give your proposal a simple and straightforward title.
  • Include as much detail about the presentation as possible.
  • If you are proposing a panel, tell us who else would be on it.
  • Keep proposals free of marketing and sales.
  • If you are not the speaker, provide the contact information of the person you’re suggesting. We tend to ignore proposals submitted by PR agencies and require that we can reach the suggested participant directly. Improve the proposal’s chances of being accepted by working closely with the presenter(s) to write a jargon-free proposal that contains clear value for attendees.
  • Keep the audience in mind: they’re professional, and already pretty smart.
  • Limit the scope: in 40 minutes, you won’t be able to cover Everything about Framework X. Instead, pick a useful aspect, or a particular technique, or walk through a simple program.
  • Explain why people will want to attend and what they’ll take away from it.
  • Don’t assume that your company’s name buys you credibility. If you’re talking about something important that you have specific knowledge of because of what your company does, spell that out in the description.
  • Does your presentation have the participation of a woman, person of color, or member of another group often underrepresented at tech conferences? Diversity is one of the factors we seriously consider when reviewing proposals as we seek to broaden our speaker roster.

Other resources to help write your proposals:

Important Dates:

  • Call for Participation closes: 24 May 2016
  • All proposers notified: By June 2016
  • Registration opens: June 2016

Code of Conduct

All participants, including speakers, must follow our Code of Conduct, the core of which is this: an O’Reilly conference should be a safe, respectful, and productive environment for everyone. Read more »

Create a proposal