Black Hat USA 2026 closed its Call for Papers on March 20. DEF CON 34’s main stage CFP closes May 1, 2026 at midnight UTC. BSidesLV is actively accepting submissions for August. Three conferences, three wildly different review cultures, three overlapping weeks in Las Vegas — and one question every first-time submitter asks wrong: what do they want to hear?
The honest answer from people who’ve sat on these review boards: they want research that is new, demonstrable, and accurately scoped. Everything else — the track selection, the abstract wording, the bio — is scaffolding. The scaffolding still gets you rejected if you build it badly, though, and most submissions fail on the scaffolding before the research ever gets evaluated on its merits. This guide walks through what each conference is actually looking for, how the review machinery works, and the specific mistakes that kill proposals at the triage stage.
Why the Three Conferences Aren’t Interchangeable
Submitters often treat “Hacker Summer Camp” as one venue with three wristbands. The review boards emphatically do not. Each conference has a distinct selection logic, and a proposal tuned for one will frequently underperform at the others.
Black Hat Briefings is the most structured and the most selective. The Black Hat Review Board is a standing body of named security professionals, and it reviews submissions individually, often on a rolling basis with follow-up questions sent back through the portal. The bar is explicit: uniqueness, content expertise, and accuracy, with the best submissions accompanied by academic-grade papers, proof-of-concept code, and/or video demonstrations. Product or vendor pitches are disqualified outright.
DEF CON runs on a separate review board with its own sensibilities. It leans toward hacker-culture originality — novel attack techniques, tool releases, research that punctures assumptions — and tolerates rougher framing than Black Hat does. DEF CON 34 uses OpenConf for submissions and takes text or PDF attachments. It also supports something Black Hat doesn’t: anonymous submissions, where the review board sees the proposal without knowing who wrote it. Submitter identity is retained by DEF CON’s human CFP processor but scrubbed before review.
BSides is a global franchise of independently organized events, not a single conference. BSidesLV runs alongside Hacker Summer Camp in August, but BSidesNYC’s 2026 CFP opened April 15 and runs through July 17, and events in Seattle, San Francisco, Budapest, London, and dozens of other cities each run their own timelines and review boards. BSides is often where first-time speakers actually start. The movement was founded in 2009 by researchers whose talks had been rejected from Black Hat USA, and that origin shapes its accessibility.
The practical consequence: a polished Black Hat proposal often reads as overwrought for DEF CON, and a DEF CON-style manifesto often reads as underdeveloped for Black Hat. BSides reviewers are more tolerant of both, but BSidesLV in particular runs specialty tracks — Passwords, I Am The Cavalry, Skytalks, and Proving Ground, a program that pairs first-time speakers with experienced mentors for four months of preparation — that each have their own curators and criteria.
What the Review Boards Actually Read For
The public criteria are sparse and the real ones are learnable. Review board members have written about this repeatedly, and the pattern is consistent across Black Hat, DEF CON, and the larger BSides events.
Novelty, expressed specifically. Not “we looked at cloud security” but “we found that Azure’s conditional access evaluation has a caching window of N seconds that can be abused to persist sessions after privilege revocation.” Every board member reviews dozens to hundreds of proposals; abstraction gets lost in the pile.
Evidence the work is done, not planned. The best submissions come with academic-grade papers, proof-of-concept code, and/or video demonstrations. A CFP that describes what you intend to research between submission and conference reads as speculative. A CFP with a linked white paper, repo, or video demo reads as real.
Honest impact scoping. Review boards get exhausted by inflated claims. Sheila Berta, a Black Hat USA Review Board member and Head of Research at Dreamlab Technologies, has noted that board members frequently ask for clearer explanations about exploit prerequisites, impact, and researcher feedback to understand criticality and impact. A proposal that pre-answers these questions — “requires authenticated local access, affects versions X through Y, impact is credential theft not RCE” — reads as trustworthy. A proposal that vaguely claims “catastrophic” anything reads as inflated.
Detailed outline. DEF CON’s own submission instructions are explicit: the outline is the most important part of your submission and should be as detailed as possible. Black Hat’s 2026 preparation document flags the outline field as a common point of failure where more detail is always better. Reviewers use the outline to distinguish a talk from a blog post. If your outline is three bullets labeled “Intro / Main Content / Conclusion,” you have told the board you haven’t thought the talk through.
Fit. Red-team conferences don’t want pure defense talks unless they invert a red-team assumption. AppSec tracks don’t want hardware talks. Every conference lists its tracks; reviewers reject quickly when the submission is clearly aimed at a different event.
The Submission Mechanics, Conference by Conference
Each conference has its own portal, field set, and quirks. Missing a mandatory field or submitting in the wrong format causes automatic disqualification before review.
Black Hat USA
Black Hat USA 2026 closed its Briefings CFP, but the system and terms recur yearly. Submissions go through the Black Hat CFP portal — not email; all proposals must be submitted through the CFP Portal. The system has specific constraints worth knowing before you start drafting:
- File uploads accept plain text (.txt) files only, with a maximum 64 MB size; other formats must be linked via the Supporting Materials field.
- Submissions containing source code excerpts, emojis, geometric shapes, or images trigger automatic system rejection for security reasons. Remove them.
- Each speaker may submit up to five unique proposals under the Bulk Submission Policy; excess proposals are not reviewed.
- Speaking teams are capped at 2 on stage; additional researchers are listed as contributors.
- LLM-generated text is not permitted; LLMs may only be used to edit or refine author-written material.
Briefings and other programs run through separate CFPs. Arsenal (for tool demos), Trainings, and Summits (like the CISO Summit or The AI Summit, running August 4, 2026 at Mandalay Bay Convention Center) all have their own portals and deadlines.
DEF CON
DEF CON 34 takes place August 6–9, 2026 at the Las Vegas Convention Center, with the CFP deadline May 1, 2026 at midnight UTC. The main stage CFP uses OpenConf. The submission structure is less bureaucratic than Black Hat’s but more demanding on the outline.
Required attachment sections for the DEF CON main stage CFP include detailed outline, abstract (capped at a famously specific 1337 characters), publishable references, confidential references, demo indication, tool release indication, and exploit release details. DEF CON also runs separate Policy, Workshop, and Demo Labs tracks, each with their own review boards and deadlines. The Policy track supports 25, 50, or 80-minute slots and accepts Talk, Interview, Panel, or Interactive Session formats.
Anonymous submissions are a meaningful feature for researchers from employers that wouldn’t approve public attribution, or for anyone trying to get past reviewer name-recognition bias.
BSides
There is no single BSides CFP. Each event runs its own, and timelines stagger across the calendar:
- BSidesLV (August, Las Vegas) runs multiple specialty tracks through one portal at
callforpapers.bsideslv.org. - BSidesNYC 0x05 runs April 15 to July 17, 2026.
- BSidesSF, BSidesDC, BSides Seattle, BSides London, BSidesBUD, and others have independent schedules.
- Many BSides events use anonymous review. BSides Orlando, for example, runs an anonymous CFP review process where administrators scrub submissions of submitter-identifying details before reviewers see them.
For first-time speakers, the BSidesLV Proving Ground program is designed for speakers who haven’t previously delivered a 20+ minute talk at an international security conference with 1,000+ attendees, and it provides four months of mentorship leading up to a 25-minute talk slot. Accepted Proving Ground speakers can also request a scholarship of up to $500 to offset travel costs. This is the most structured on-ramp in the industry.
How to Write the Abstract
Most rejected proposals are rejected at the abstract. Reviewers read hundreds of these; the abstract decides whether the outline gets opened. Three patterns consistently work.
Lead with the finding, not the context. “We discovered that [specific technology] has [specific weakness], allowing [specific impact].” Not “The rise of [general trend] has created [general problem], which our research investigates.” The first sentence should be the claim, not the setup.
Quantify where you can. Version numbers, CVE identifiers if assigned, affected user population estimates, measured bypass rates, performance numbers. Review board members look for clarity on exploit prerequisites, impact, and disclosure status — give them those answers in the abstract, not just in follow-up fields.
Name the audience takeaway. Black Hat explicitly requires three actionable takeaways the audience can apply. Even when not explicitly required, stating the takeaway — “defenders will be able to detect this technique via [specific signal]” or “developers can remediate by [specific change]” — signals you’ve thought about why the talk matters to attendees, not just to you.
Katie Nickels, an incident response practitioner and former Black Hat reviewer, has noted that abstract tone varies significantly by conference — an academic-conference abstract will read wrong for BSides, a SANS Summit, or DEF CON, and vice versa. Read five to ten accepted abstracts from the previous year of the specific conference you’re targeting before writing yours.
The Disclosure and Ethics Questions
If your talk involves a vulnerability, three questions control whether the proposal moves forward.
Has the vendor been notified? Black Hat’s Briefings CFP asks explicitly when and which vendors were notified, the current disclosure status, and whether a patch is available. Black Hat strongly encourages and supports coordinated disclosure. Researchers uncertain about legal exposure can access pro-bono legal consultations from the Electronic Frontier Foundation through Black Hat’s partnership with them.
Are you releasing a new tool? If the answer is yes and the talk focuses on the tool itself, it should be submitted to Arsenal instead of Briefings; tool demos belong to Arsenal. A Briefing can announce a tool release as part of broader research, but a talk that is primarily a tool walkthrough will be redirected or rejected.
Is the work previously published? This is not automatic disqualification. Black Hat accepts previously released material, provided submitters disclose where it was released, how this submission differs, and the percentage of new material. BSides Orlando has historically accepted previously presented content, though major-conference recordings reduce acceptance probability. Hiding prior publication is the mistake that disqualifies — disclosing it is usually fine.
The Specific Mistakes That Kill Proposals
Nathan Hamiel, a Black Hat USA Review Board member, has published a list of common CFP submission mistakes that the Black Hat CFP page links to directly. The failure modes are consistent across conferences.
Submitting a product pitch. Black Hat will disqualify any product or vendor pitch. This extends to talks that are technically about research but conclude with a sales funnel. Reviewers recognize this within a paragraph.
Submitting a blog post with a title. A 700-word abstract and no outline, no proof of concept, no evidence the research has been performed. This pattern is frequent from first-time submitters and is rejected almost automatically.
Submitting to the wrong track or wrong conference. A Briefings-quality hardware hacking talk submitted to The AI Summit. An academic machine-learning paper submitted to DEF CON main stage. An offensive red-team walkthrough submitted to a BSides policy track. Fit failures are visible immediately.
Incomplete submissions. Black Hat will disqualify incomplete submissions. DEF CON’s historical CFP guidance lists incomplete application forms, missing abstracts or outlines, and submissions that only attach slides or link to external URLs as automatic rejection reasons. Fill every required field, and fill it with substance.
Contacting review board members directly. Prospective speakers should not directly contact Black Hat Review Board members regarding submission status or feedback; all correspondence should go to the CFP email. DEF CON and SecTor enforce the same rule. A DM asking a reviewer to “take a look at my submission” is likely to end that reviewer’s interest in the submission.
Ignoring the LLM policy. Black Hat’s 2026 CFP explicitly prohibits LLM-generated submission text. LLMs may be used only to edit or refine author-written material. A submission that reads as machine-generated will be scrutinized and may be disqualified.
If You’ve Never Spoken Before
First-time submitters are better served by BSides than by swinging at Black Hat or DEF CON’s main stage. This isn’t a consolation — it’s strategic. BSidesLV’s Proving Ground track exists specifically for researchers without prior 20+ minute talks at 1,000+ attendee conferences, and the four-month mentorship genuinely changes presentation quality. Smaller regional BSides events (Seattle, NYC, Orlando, Budapest) are also forgiving of first-time speakers and often produce excellent talks.
From there, the path forward: present at one or two BSides events, film your talks, and when you submit to DEF CON or Black Hat the next year, link the videos. Review boards evaluate speakers as well as proposals. A submitter with evidence they can hold a room for forty minutes is meaningfully easier to accept than one without.
FAQ
Can I submit the same talk to Black Hat, DEF CON, and BSides in the same year? Yes, and many researchers do. Each conference has its own first-release preferences, but none require exclusivity. Be transparent about other submissions in the “prior release or plans to publish elsewhere” fields. Hiding concurrent submissions creates problems if multiple acceptances arrive.
What’s the acceptance rate? None of the three publishes official numbers. Anecdotally, Black Hat USA Briefings accepts roughly 15–20% of submissions; DEF CON main stage is similar or slightly lower; BSidesLV varies by track with Proving Ground being more accessible. Treat these as order-of-magnitude estimates, not hard numbers.
Do I need a white paper? Not required, but heavily favored at Black Hat — submissions including white papers are highly encouraged and receive priority consideration. Not expected at DEF CON or BSides, though proof-of-concept code or video demos serve a similar function.
Can I submit if I can’t travel to the US? Yes. Black Hat offers virtual presentation options for speakers unable to travel; indicate the preference in the Support & Accessibility Requests field. DEF CON 34 requires in-person presentation for main stage. BSides policies vary by event.
What if my submission is rejected? Rejections rarely come with detailed feedback — review boards process too many submissions for individualized notes. Submit the same research to other venues, iterate on the abstract, and try again next cycle. BSides founders were Black Hat rejects. The work still mattered.
The Short Version
The conferences don’t reward submissions that read like pitches. They reward submissions that read like completed research described plainly, with the scope honestly bounded and the evidence linked. If you find yourself writing a sentence about “paradigm shifts” or “game-changing discoveries,” delete it. Write the sentence about what you actually found and how it works.
Submit early, not at deadline. Read accepted proposals from the previous year of the specific track you’re targeting. Fill every field. Include the white paper. Disclose prior publication. If a tool is releasing, submit it to Arsenal instead. Don’t email review board members. Don’t use an LLM to write the submission.
The research is the hard part. Everything in this article is the part you can control.
