Acceptable Topics & Areas

We welcome submissions across a broad range of cybersecurity disciplines, including (but not limited to):

• Offensive Security & Red Teaming
• Blue Team, Detection & Incident Response
• Cloud Security & Cloud-Native Attacks
• Application Security & API Security
• Identity, Access Management & Trust Abuse
• OSINT, Threat Intelligence & Investigations
• Malware Analysis & Reverse Engineering
• Attack Paths, Misconfigurations & Privilege Escalation
• Supply Chain & Third-Party Risk
• AI in Cybersecurity (Offense, Defense, or Both)
• Security Research, Case Studies & War Stories

We highly encourage talks based on original research, hands-on experience, or real incidents. Clear takeaways and practical insights are preferred over purely theoretical content.

Session Formats

We accept the following formats:

Talks (20–50 minutes)

Technical deep dives, research presentations, case studies, or practitioner-focused sessions.

Workshops (2–4 hours) (if applicable)

Hands-on, interactive sessions with a clear learning outcome.

Audience & Experience Level

BSides Porto attracts a mixed audience, including:

• Security engineers & practitioners
• Red teamers & blue teamers
• Researchers & analysts
• Students & early-career professionals
• Security leaders & decision-makers

We accept sessions at all experience levels:

• Beginner / Introductory
• Intermediate
• Advanced / Expert

Please clearly indicate the target audience level in your submission so attendees know what to expect.

What We Do NOT Accept

❌ Sales pitches or product marketing talks

❌ Vendor-driven sessions without strong technical depth

❌ Recycled talks with no updates or new insights

❌ Content that promotes discrimination, harassment, or exclusion

Vendor speakers are welcome only if the talk is educational and non-commercial.