Security BSides Las Vegas 2025

Security BSides Las Vegas 2025 Call For Papers

The CFP is open!

An example submission is detailed at the bottom of this page. Those who read and emulate it will have a much greater chance of having their talk or training idea adjudicated accurately and in their favor.

Key Dates:

  • Proving Ground (Speakers & Mentors):

    • Closes: April 7th
    • Acceptance/Pairing Notifications: April 21st
  • General CFP (All Other Tracks):

    • Opens: March 3rd
    • Closes: April 7th
  • Acceptances will start to go out the week of 5/12 on a rolling basis.

BSides Las Vegas 2025 is currently accepting submissions for the following tracks:


Breaking Ground

A track where hackers new and old can show off their latest and greatest while interacting with our participants and getting feedback, input and opinion. No preaching from the podium at a passive audience. It is a place where presenters can talk about their newest attack or defensive research, tools, new and novel approaches to InfoSec and to talk about the upcoming areas hackers should be digging into. Talks are either 20 or 45 minutes in length, and often include demos (live or otherwise). Some previous talks include reverse engineering malware in Go, network forensics in an encrypted world, anti-honeypot approach, hacking crypto currencies, 0-days in online services, mobile phone binary hacking.

Common Ground

All other topics of “common” interest to the security community. What should we, as hackers and the security community, know about? Talks in this track have included everything from hardware hacking to law & policy lock picking to mental health to appsec, and everything in between. Talks often but not always assume only minimal specialized background; they are always framed and interactive discussions with your peers and fellow researchers. No passive lectures “at” an audience.

PasswordsCon

Focused on the (in)security of passwords and other authentication solutions, bringing together security researchers, password crackers, and experts in password security from around the globe in order to better understand and address the challenges surrounding digital authentication. This track explores all facets of authentication security, from analysis and education to creating, securing, cracking, and exploiting authentication solutions.

Ground Floor

Foundational talks on topics relevant to security practitioners today. Also, it was originally in Copa so it was literally on the ground floor. Get, it? We get a ton of talks every year that don’t quite fit Breaking Ground, or aren’t quite esoteric enough for Common Ground, but that we really want to be able to share. Since we’re BSides, it hurts our blackened, twisted little hearts to pass on a good talk just because there’s no room in the program. So we made this track, and filled it with the great stuff we couldn’t put in one of the other tracks. Careful. If it goes well, we may get hotel guests to sign a waiver so we can hold tracks in every hotel room next year. You have been warned.

Ground Truth

A place where hackers, academics, and data science practitioners can share ideas, ask questions, and compare notes. It is a venue for talks rooted in scientific approaches to infosec, such as statistical analysis, machine learning, and less common disciplines like linguistics. We are excited to showcase talks on theoretical topics, examples of successful and failed attempts to apply techniques in practice, software and data set releases, and discussions of relevant techniques from related fields. Some past topics of interest have included: data processes, methods for getting or cleaning data, basic statistics done well, data visualization, real science (scientific method/hypothesis testing), practical applications of data science in production, academic research (both student and faculty), machine learning, attacking machine learning and data science, risks of machine learning and data science, and the use of analytics to discover the story told by the data.

Hire Ground

A career-focused track with sessions to provide the tools and knowledge needed for job search and career development. This year, for the first time, BSides LV will be changing our Hire Ground coaching format to offer facilitated group discussions on particular career development topics. Experts interested in guiding such sessions can apply to do so through our CFP.

I Am The Cavalry

The I Am The Cavalry track focuses on security issues that can affect public safety and human life, across our domains: Transportation, Healthcare, Infrastructure, and Home IoT. Discussions cover technical, public policy, societal, and media topics. Our goal is to catalyze action faster than it would have happened otherwise, with BSidesLV participants.

I Am The Cavalry has been at its best shining a light on dark parts of the map. This work takes deep knowledge, persistence, and ambassadorship. Along with our industry and public policy teammates, we have nudged and catalyzed transformational changes, as opposed to incremental ones.

To catalyze action toward transformational change, the I Am The Cavalry track will curate talks that identify and develop “shovel-ready” projects to empower our volunteers toward measurable or observable outcomes. For instance,- Create tools to increase awareness and understanding of I Am The Cavalry, including transformational outcomes, resources, and individuals. Develop capabilities for ambassadorship and translation among the hacker community. Promote new projects that have leadership, structure, and momentum. Feature calls to action for “shovel-ready” projects or tasks – typically those that only need scale or distribution.

Training Ground

This track consists of workshops and classes to give your students hands-on experience learning the latest and greatest tools, tactics, techniques, and processes. We accept proposals for 1/2 day, full-day, and 2-day workshops.

Skytalks

This year, BSides will once again be merging its traditional “Underground” track of unrecorded, off-the-record talks with the one and only Skytalks (https://skytalks.info/). We’re thrilled at this partnership, and look forward to covering all your juiciest/spiciest/most sensitive topics in the kind of frank detail that isn’t always possible in a presentation that will stream out to the world on YouTube.


Proving Ground

The BSidesLV Proving Ground program exists to connect first-time speakers with industry leaders, with the end goal of presenting their research on a global stage at Security BSides Las Vegas. There’s no specific track focus—all cybersecurity topics are welcome.

For four months, accepted speakers will work directly with an experienced and accomplished mentor to:
* Structure their talk into a compelling narrative
* Create slides that enhance rather than distract
* Avoid common pitfalls, like tempting the Demo Gods
* Nail the delivery when they take the stage in Vegas

If you’re an experienced speaker here's your chance to help the next generation of presenters. Being a mentor lets you:
* Give back to the community
* Make friends and build your network
* Get a fresh perspective on current research and emerging threats

Submitting a talk

To give your talk the best chance at getting accepted make sure you meet the following criteria:

Proving Ground will consider any speakers who have original research and have never presented a 20-minute or longer presentation at an international information security conference which is any multi-day conference that:

  • Has 1,000 or more attendees
  • Post their conference recordings online

Think: Black Hat, DEF CON, etc.

At this time we do not accept talks with more than one author or speaker to Proving Ground.

Being a mentor

If you’re interested in being a mentor, you should:

  • Have been in the security industry for 3+ years
  • Have successfully delivered at least one full-length presentation at an international information security conference
  • OR have significant speaking experience (such as teaching, training, public lectures)
  • Want to help build up the future generation of security presenters

What do you get

Both accepted speakers and mentors receive:

  • Full BSides LV conference access
  • Breakfast and lunch
  • Invitation to the speaker reception
  • Access to the speaker lounge
  • Proving Ground program t-shirt
  • A special Proving Ground conference badge marking you as part of the program
  • A participant conference badge for your designated plus-one.
  • Access to register via the reserved speaker room block and rate at the conference hotel.

Proving Ground Participant Roles & Responsibility

Participants in the Proving Ground program agree to undertake the following responsibilities as a condition of their participation in the program:

Speaker Responsibilities:

  1. Work with and without your mentor to develop content and delivery of your talk, including:
    a. Meeting on a weekly basis between April and August
    b. Developing relevant, understandable, and engaging slides
    c. Practicing your talk both with your mentor and on your own
  2. Provide feedback to the Proving Ground Directors as necessary
  3. Escalate issues as outlined in the ‘Conflict Resolution Policy’ below
  4. Be present at BSidesLV in order to deliver your 25 min talk

Mentor Responsibilities:

  1. Work with your speaker to improve the content and delivery of their talk, including:
    a. Meeting on a weekly basis between April and August
    b. Providing relevant and timely feedback
    c. Suggesting resources (books, articles, recorded talks) that might help with content development and delivery
  2. Provide feedback to the Proving Ground Directors as necessary
  3. Escalate issues as outlined in the ‘Conflict Resolution Policy’ below
  4. Be present at BSidesLV in order to attend your speaker’s 25 minute talk

These are the minimum responsibilities expected of all participants, and failure to fulfill these responsibilities could lead to removal from the Proving Ground program and/or denial of future participation in the program.

Conflict Resolution Policy

Conflict is defined as any situation where one or both parties have a difference due to inability to come to agreement or work collaboratively on the delivery of a talk This could be due to personality differences, schedule conflicts, etc.

We ask that the first step in resolving any conflict is to raise the concern directly with your mentor/speaker. However, we understand that resolution may not always be possible. If the issue can not be discussed or a satisfactory resolution is not possible, it must be brought to the attention of the Proving Ground directors. Once the issue is raised, the directors will follow the BSidesLV Proving Ground mediation process in order to obtain the most positive outcome possible for the speaker, the conference, and our participants.


Example Submissions

Below are example submissions for speakers and mentors. You can also watch this talk about CFPs from BSidesLV 2016: CFPs 101

Example Speaker Submission:

Proposal title: Hacking Holograms: How to secure our security blankets
Session type: Proving Ground Talk-25m
Track: Proving Ground

Abstract: (this gets published on the BSidesLV site)

The Galactic Federation estimates that 7.4 million emergency medical holograms will be installed on all space faring vessels by 2345. However, holograms are not only on Federation ships, they also exist in homes and around us as toys, companions, assistants and serve various roles in our daily lives. In this talk we will talk about our journey to secure intelligent holograms on a galactic level. This talk is designed to appeal to a spectrum of different audiences including hackers, developers, testers, consumers, manufacturers to understand the threats to their products and guide enterprises towards building security from the start.

This talk will cover the software stack, operating system, and supply chain security challenges, cyber attacks, as well as our strategy to mitigate threats from ground up. We will walk attendees through (via live demos) Hologram OS attacks, AI JVM decompilation, vulnerability hunting, and an example attack scenario, all using opensource tools developed by us or others in this space.

Description: (only the CFP review board see this section)

This talk has been developed over the past 2 years as a passion project of mine. Holograms aren’t going to go away, once the gates unlocked it was game over. The problem is, most of the companies making holograms aren’t keeping up with security best practices. Through years of research we’ve identified multiple vulnerabilities in commercially available products used by millions of people. This talk will specifically cover reviewing the EMCORP Hologram version 2.781.9 released last year. Using open source tools (listed below) that either I’ve written, or enhanced, or created by others. We’ll step through and explain how the holograms works from the bottom up including reviewing the Operating System (a Linux derivation), mapping the hologram on the network, how to decompile a hologram and what to look for from an attacker standpoint (SQLi, malformed input, etc) then we’ll cover how to write a module to turn a hologram in to an always on listening device that forwards any and all audio to an AWS bucket we browse live during the session to show the sounds our hologram, in our hotel room with the TV on, picked up and sent to our bucket.

Also, the demos will be live, but i’ll pre-record them before coming in in case anything goes wrong.

Tools:
* AI OS Exploit finder: https://github.com/faketool/AIOSEF
* nmap
* AI JVM Decompiler: https://gaggle.com/decompilation
* Python scripts (small and varied): https://gist.github.com/AISUCKS/
* Custom code (attached) – malicious always on listener
research links:
* White paper: https://whitepaper.com/AIOSVULNS.PDF
* Blog/Articles
* Hologram CIS Benchmarks: https://fakesite.com/HOLOCIS
* AppScan Hologram Plugin: https://blog.cybercompany.com/holo_appscan

Outline & Notes: (Use this section for your outline. Talks with detailed outlines have a better chance at getting accepted)

I intend to cover the following in the talk:

Intro – 2 Minutes
* Who we are
* How we got here

Holograms – 5 Minutes
* History of holograms in Starfleet
* Cyber issues in the news
* Evolution to today’s market (breaking trend 1, 2, & 3 that I see happening)

Attacking Holograms – 10 Minutes
* The operating system
* LIVE DEMO – OS level attacks
* The software stack
* DEMO – Decompiling AI JVM using open source
* DEMO – Finding obvious vulnerabilities
* LIVE DEMO – Example attack – Hologram always listens even when off
* Supply Chain attacks, how they work and examples (example 1)
* Examples of JS repo’s being taken over (example 1, example 2)

Protecting Holograms – 5 Minutes
* Mitigating OS level attacks (SE Linux discussion. Specific practice 1 & 2)
* Secure Code development using OWASP-AI (best practice 1/2/3)
* Supply Chain Hardening/Trust (mitigation 1, mitigation 2)

Review/Close/Thank You – 3 Minutes
* Conclusions (enumerated specific list of specific conclusions/takeaways)
* Where people can find more information
* Thanks/Kudos to previous researchers (Kirk, Archer)
* Questions?

Session image: (insert fun image of holograms)
Additional Speakers: glf@starfleet.gov, q@continuum.org (Please note: PG does not allow additional speakers.)


If you’ve never created a pretalx.com account before you’ll need to create a speaker bio

Name: Jean-Luc Picardo
Email: JLP@fakestemailhologram.com
Profile picture (optional): (picture of Jean-Luc)

Biography:
Jean-Luc (aka Nacho Man Tandy SVG) is jack of many trades and master of none, well maybe just one: Hologram hacking. Jean has been doing security related things for nearly 10 years focusing on all things enterprise, from writing custom Nmap scripts, metasploit modules, BURP plugins, you name it he's done it. In the past 2 years he's taken a keen interest in the hologram security space and is aghast at what he's found. As is typical this over-looked consumer (and military) space is rife with vulnerabilities and poorly understood threat models. Ever since Jean has taken it upon himself to raise awareness of the lack of security when it comes to holograms. In his spare time he enjoys 90's dubstep and home made beer.
Link to other talks:
https://www.youtube.com/watch?v=dQw4w9WgXcQ
https://www.youtube.com/watch?v=nzcOqUXXywo
https://slides.com/bsidesto_hologramslol

Availability: (using the calendar select the time that works best for you and BSidesLV speaker ops will try to accommodate)
Any other outrageous requests? Tea, Earl Grey, Hot
What size T-Shirt would you prefer? Men’s M
Social (X/BS/Masto/LI/FB) handle? EMH2-FAKESUBMISSION
Social Platform https://x.com/ (pick from the drop-down of supported platforms)
Do you have any example of a talk you’ve given at any other/previous conferences? (it’s okay to leave this blank)
What is your mobile number? 212-555-4240


Example Mentor Submission:

Proposal Title: Proving Ground Mentor
Session type: Proving Ground Mentor Application
Track: Proving Ground
Abstract:
(blank)

Description: (Please use this section for your mentor bio. You can copy your pretalx bio if you like):

As a seasoned public speaker and public speaking coach, I'm qualified to assist the next round of speakers in preparing for B-Sides Las Vegas' Proving Ground. I have extensive experience in helping speakers develop their presentations, and a proven track record of ensuring that potentially controversial talks are delivered in a content-filled manner without unnecessary offense. I previously served as a mentor for the SANS Women's Cyber Talent Immersion Academy, helping students to learn about security and improve their presentation skills.

I'm passionate about helping others to effectively communicate and share their knowledge. I have a strong interest in teaching and have received positive feedback for the engaging and enjoyable nature of my presentations. I'm eager to serve as a mentor again for Proving Ground, and hope to share my passion for speaking and my knowledge of presentation techniques with someone breaking into the information security industry. I'm happy to work with anyone and I'm looking forward to learning something new in the process.

Outline & Notes: (Mentors, please use this section for your speaking history/experience):

  • "Phishing 101: Understanding the Threat Landscape" - BSidesLV 2011
  • "Phishing Attack Simulation: Assessing Your Organization's Defenses" - BSides San Francisco 2012
  • "Human Hacking: The Weakest Link in Information Security" - DEFCON 21
  • "Phishing in the Cloud: Understanding and Defending Against New Threats" - RSA Conference 2016
  • "Social Engineering in Cyber Espionage: State-Sponsored Attacks" - Black Hat Asia 2016
  • "Phishing in the Digital Age: How to Protect Your Organization" - Infosecurity Europe 2017
  • "Social Engineering for IT Security Professionals: Best Practices and Case Studies" - RSA Conference 2018
  • "Phishing in the Financial Services Industry: A Growing Threat" - Infosecurity Europe 2018
  • "Social Engineering for Cybersecurity Researchers: Advanced Techniques and Tools" - Black Hat Europe 2019
  • "Social Engineering in the Remote Work Era: Addressing the Risks" - BSidesLV 2021
  • "Phishing in the Post-Pandemic World: New Threats and Vulnerabilities" - ShmooCon 2023

Session image: (blank)
Additional Speaker: (blank)

Mentors: please make sure you also fill out all the bio, t-shirt size, etc. fields in your Pretalx speaker profile!

You can enter proposals until 2025-04-07 23:59 (US/Pacific), 3 weeks, 1 day from now.