Main Nav

Your experience is vital to helping our community advance! Before you begin your Security Professionals Conference proposal submission process, please be sure you review the information below and follow the checklist at the bottom of the page.

Session Formats

Starting this year, proposals will be accepted for both preconference seminars and presentation sessions. The committee encourages you to consider the session format that best supports your project and presentation style, such as interactive presentations, facilitated discussions, panel sessions, or point/counterpoint discussions. Longer sessions (90-minute track sessions or preconference seminars) may be more technical in nature, a panel discussion, an in-depth topical discussion, or a non-technical hands-on session.

Please note your proposal will be carefully evaluated and may also be considered or accepted for other formats (I.e., online presentation).

Preconference Seminar
Preconference seminars to be held on Monday, April 18, face-to-face in Seattle. Attendees pay an additional fee to attend preconference seminars. Each seminar presenter (maximum of 2) will be provided with a full complimentary registration to the Security Professionals Conference. If you have any questions, please contact the Presenter Liaison at

  • Half-day preconference seminar (Monday, April 18, from 8:30 a.m. to 12:00 p.m. PT or 1:00 p.m. to 4:30 p.m. PT)
  • Full-day preconference seminar (Monday, April 18, from 8:30 a.m. to 4:30 p.m. PT)

Presentation Session

  • 60-minute track session
  • 90-minute track session

Program Tracks and Suggested Topics

The program committee has outlined a series of six tracks and suggested topics they believe will make an interesting and useful program in 2016.

Note: Each year, almost half of conference attendees are security engineers, security or network analysts, or other security professionals with technical responsibilities or interests. Attendees frequently request more technical sessions in the conference evaluations, so we strongly encourage proposal submissions that include more in-depth, technical content.

Institutional Cyberintelligence Programs

It is a whole new world when it comes to cybersecurity risk management and mitigation. The pragmatic implementation of a cyberintelligence program is essential to inform higher education about risks and make informed decisions about offensive and defensive tactics for safeguarding critical assets. This track will focus on how to build a practical intelligence program and use threat analysis information from multiple sources in order to collectively and qualitatively assess the impact to an institution. These efforts sometimes complement and conflict with traditional compliance-based programs as the goal of regulators is often different than the goal of an attacker.

This track will include discussions and presentations about the challenges and the fundamentals related to building such programs including:

  • Where do you start when you have nothing in place?
  • What resources, budget, and strategic initiatives are necessary to develop a program that provides value and is scalable for your institution.
  • Where do you find or how do you grow intelligence analysts?
  • How to develop and maintain reliable information sources.
  • How to establish a "confidence" rating system for information sources and the information that is provided by them in order to glean the best and most relevant information to serve your institution.
  • How to avoid too much information from too many or potentially distracting sources including your institution's own "big data" sources (e.g. SEIMs, system logs, IPS and IDS logs, etc.).
  • How to analyze and synthesize information to create useful situational awareness and actionable reports or directives.
  • How to share intelligence program products or information within and outside of your institution.
  • What kinds of new opportunities might cyberintelligence programs open up for a CISO?

Technologies, Operations, and Practices

Institutions seek proven solutions for preventing, detecting, and responding to security problems in a wide range of higher education environments. Such environments often present a common set of challenges, including implementing security controls in an open, collaborative environment and having to build a security program with very limited resources. We are interested in proposal submissions that present practices, tools, and procedures in all stages of the development process. We are particularly interested in programs or processes that have demonstrable evidence of effectiveness. Proposals in this track should accomplish two or more of the following goals:

  • Where do you start when you have nothing in place?
  • Address education-specific challenges related to the topic (e.g., firewalling in an open environment)
  • Are just cool (e.g., "Here's how we hijacked a botnet" or "We used students to PenTest our network")
  • Are timely (e.g., "Here's our experience handling targeted attacks at our institution")
  • Present approaches or technology relatively new to higher education (e.g., "Ever heard of Bro? It's handy")
  • Provide expert guidance not readily available elsewhere (e.g., "Here's how we aligned technical controls for HIPAA/FERPA/PCI/breach notification")
  • Save someone time (e.g., "Here are the results of our six months of research")
  • Provide insight as to what's coming in the future for the Higher Ed InfoSec community

Introductory and Advanced TOP Tracks

Introductory TOP talks should provide a broad overview of a topic with specific takeaways and references. Audience members with little-to-no experience regarding the concept should be able to leave with enough information to pilot, or at least research, an implementation of what you would be demonstrating at their institution.

By contrast, Advanced TOP talks afford presenters the freedom to spend 60-90 minutes to deeply explore the topic at hand. Audience members are expected to have at least a working knowledge of the topic and presenters are discouraged from spending too much time with introductory information. Interactivity and live or recorded demonstrations are strongly encouraged.

In terms of content, a suggested rule-of-thumb is, "If you have worked on a technical project that took at least a month, and you're proud of it, submit a proposal." If you need help brainstorming or deciding between multiple ideas, here are some presentation topics that you might consider:

  • Application security and secure development life cycle
  • Business continuity and disaster recovery
  • Cloud and virtualization security, integration of third party services, MSSP
  • Identity and access management
  • Incident response and forensic analysis
  • Network security design, architecture, and segmentation
  • Host- and network-based monitoring and response (IDS/IPS, flow, blackhole DNS, SIEM)
  • Platform security challenges (control systems, embedded devices, BYOD)
  • Security consulting and assessment (pen testing, vulnerability assessment, asset management)
  • Security strategy (threat landscape shifts, globalization, prioritization, information sharing, advanced persistent threats, counter attack options)
  • System and data security (vulnerability management, enterprise encryption, DLP)

Governance, Risk, and Compliance

Safeguarding institutional information while maintaining an open and accessible campus necessitates a significant investment to work through issues of governance, risk, and compliance (GRC) and policies. We seek proposals that offer solutions to help other higher education institutions address and manage risk, security program governance, and policy development and compliance programs. We encourage sharing perspectives on what you need to know, what your institution has done and how you have succeeded in moving forward in a time of growing compliance and additional focus on managing risk.

Presentation topics in this category might include:

  • Establishing governance of an information security program (including executive steering committees)
  • Planning and implementing a GRC system (focusing specifically on information security aspects)
  • Data governance (including data handling policies and procedures)
  • Campus PCI-DSS governance, and addressing version 3.0
  • Developing and implementing an IT risk management plan and procedure (including conducting information security risk assessments)
  • Security frameworks: choosing and implementing (e.g., NIST, ISO)
  • Ensuring appropriate security requirements for strategic partners and vendors (including third party risk assessments)
  • Effective compliance programs (e.g., cost of compliance, reducing the burden of compliance, and tracking compliance)
  • Combining and streamlining multiple compliance programs (HIPAA, PCI DSS, ITAR, etc.)
  • Security compliance programs for researchers (ITAR, EAR, FISMA, HIPAA, etc.) (and working with faculty, researchers, or professional staff on these programs)
  • Designing and implementing compliant data centers for research and storage
  • Information security program metrics and accountability

Awareness and Training

Awareness and training are key components of successful information security programs. We seek proposals that discuss the steps necessary to raise the level of security awareness among faculty, staff, and students. We also encourage sessions or panels delivered by two or more presenters highlighting successful collaboration with organizations both within and outside your institution, including other higher education institutions, consortia, state and local governments, or other external organizations.

Security awareness and training is a broad category that encompasses the needs of information security support staff, system and network administrators, upper management, and end users. Key components of a successful security awareness and training program include the ability to communicate information to a diverse audience; provide a solid understanding on a wide array of security topics; convey the institutional risks; and teach all users how to protect themselves against phishing, malware, identity theft, and more.

Presentation topics in this category might include:

  • Building relationships (internal and external)
  • Communicating policies and procedures
  • Delivering presentations on campus through a "road show"
  • Designing awareness and training web content for mobile users
  • Developing an information security awareness plan or program
  • Establishing a security awareness website
  • Measuring the effectiveness of your security program annually
  • Participating in National Cyber Security Awareness Month
  • Presenting "key messages" and campus resources in existing training venues
  • Publishing (or republishing) articles, ads, or blogs in existing campus publications
  • Sending community alerts as needed (using credible sources; keeping messages short and simple)
  • Using social networking and texting in awareness strategies


The relationship between privacy and security remains a challenging topic for colleges and universities that rarely have the commitment or resources to develop separate programs with full-time staff. Consequently, organizations often merge privacy and security and sometimes confuse both definition and approach. Although privacy is not strictly an IT function, the movement of data from print to digital form has put IT staff in the position of making difficult policy and technical choices about implementing privacy practices that fulfill user expectations, comply with laws and regulations, and adhere to Fair Information Practice Principles. Privacy professionals who are not trained in IT find it equally difficult to serve as privacy advocates in an area that is both technically demanding and rapidly changing. This track is designed to cast a spotlight on the role of privacy in a digital era.

Presentation topics in this category might include:

  • Campus implementations of fair information practice principles
  • Compliance issues: COPPA, FERPA, GLBA, HIPAA, HITECH, Red Flags Rule, etc.
  • Data anonymization and de-identification practices
  • Identity "isolation" practices (pairwise identifiers)
  • How governance address privacy practices and norms
  • Key stakeholders to engage in developing a privacy program
  • Privacy awareness programs
  • Privacy policy development and implementation
  • The role of governing boards and privacy oversight
  • The role of privacy protections for identity and access management
  • Tensions between privacy and security
  • Treatment of administrative and research data (and where they may be different)
  • Training, professional development, and certification for privacy professionals
  • The privacy and security implications of physical security solutions
  • Privacy and the cloud
  • Practical implications of federated identity
  • When, why and how the roles of security and privacy converge
  • Why your General Counsel should be partnering with you on privacy

Career Development

The fifth track is all about you: enhancing the skills that you rely on as an information security professional and inspiring you to be more proactive in your career development. These presentations will help you explore the next steps as a security professional, whether it's transitioning into a management or CISO role, or broadening your perspective to take on challenges outside information security. Regardless of your career level, the size of your organization, or the financial and time constraints you face, there are numerous opportunities that will help you improve your skills and establish a career path to support the institutional mission.

Presentation topics in this category might include:

  • Adaptability in the workplace (dealing with changes in organizational models and the evolving roles and responsibilities of staff)
  • Balancing a diverse range of organizational and technical challenges
  • Building and effectively managing teams
  • Career progression plans for security professionals
  • Communication and presentation skills
  • Cultivating successful mentor/mentee relationships
  • Developing professional peer networks
  • Leadership skills
  • Learning from failure (fabulous flops)
  • Professional development opportunities
  • Project management skills
  • Reflecting on and identifying personal values as they relate to professional careers
  • Time management skills (work-life balance)
  • Utilizing available career development resources, such as the Toolkit for New CISOs or the Mentoring Toolkit

For more ideas and suggestions, consult the Information Security Guide where you'll find additional categories and topics.

Selection Process

Proposals will be reviewed using the following criteria:

  • Relevance of Topic: Is the topic of relevance, importance, value, and/or interest to higher education?
  • Proposed Topic Coverage: Does the proposal adequately cover content related to the proposers' learning objectives/key stated outcomes?
  • Speaker Knowledge: Does the speaker, or speakers, have sufficient knowledge, expertise, and authority to address this topic based on evidence provided in the proposal and/or your prior experience with or knowledge of the speaker?
  • Engagement Strategies: Does the speaker include specific strategies relevant to event size/audience/maturity of topic in which they will engage participants in the session content and do those strategies align with the session's learning objectives/outcomes?
  • Overall Rating: What is your evaluation of this proposal overall?

Proposals will be selected to ensure the conference program offers a comprehensive, noncommercial, objective, and diverse treatment of issues related to the theme and suggested topics. You may also be invited to present in another format other than the one you selected.

Corporate Presentations

The program committee will not review proposals that include a corporate presenter. Corporate and Campus Solutions presentations will be accepted via the Corporate Participation page. These are presentations by a corporation coupled with a client campus on technology challenges and solutions related to information security or privacy, and there is a fee for presenting.

Proposal Preparation Checklist

Before starting the proposal submission process, be sure you have completed these steps to have the necessary information to submit your proposal:

Explore the Speaker Concierge Your Guide to Writing a Successful Conference Proposal.

Review Meeting Demographics to see who participates in this conference.

Examine the track and key topic area descriptions above. Select up to two for which your proposed topic is most suitable.

Examine the session formats and session delivery choices above. Select up to two for which your proposed topic is most suitable.


Submit Proposal

Click here to view or print the form to plan your proposal, or fill out and submit a proposal

Submit your proposal by November 9.

Key Upcoming Dates

  • November 9, 2015: Proposal Deadline
  • Mid-December: Presenters notified
  • Mid-January: Registration opens

Program Committee

Special thanks to our program committee and volunteer proposal reviewers.


Presenter Expectations

Presenters are responsible for:

  • Registering in advance for the conference
  • Paying the full conference registration fee, and securing and paying for travel and lodging.
  • Uploading related resources—documents or links—prior to the presentation (requested). These resources provide support for the presentation and then become a part of the conference proceedings so that your valuable information is accessible beyond your session.

Contact Information

If you have any questions, please contact your speaker liaison, Breanne Maxim.