INTRODUCTION

What’s ThreatModCon?

ThreatModCon is the world’s only conference dedicated to Threat Modeling and Secure by Design. The event brings together threat modeling communities around the world to share best practices, collaborate with peers, and discover the latest developments in the field. 

What’s unique about this Call for Papers?

This Call for Papers not only offers a chance to shine on the ThreatModCon stage and share your work with many in the threat modeling community, but it also provides a unique opportunity to get personalized mentorship from the best of the best Threat Modeling experts around the world. Accepted speakers will receive 1:1 mentorship and coaching from the conference committee members to enhance the content and delivery of their sessions.

*****************************************************

CONFERENCE THEME

Threat Modeling Journeys: Stories about Success, Failure, and Everything in Between

The path to secure design is paved with threat models. Join us for threat modeling story time – where we share the highs and lows, the light and dark sides, what worked and what didn't. Everything that shapes our journeys towards secure design. 

*****************************************************

CALL FOR PAPERS (CFP): WHO, WHAT, HOW

Who should submit a paper?

ThreatModCon 2025 Barcelona is an event for application security professionals, researchers, developers, architects, testers, and practitioners to discuss and share their knowledge on threat modeling techniques, methodologies, tools, and best practices. We invite the submission of original and innovative research, case studies, and practical experiences.

What topics should you submit about?

The conference welcomes contributions from a wide range of topics related to threat modeling, including but not limited to:

• Threat modeling methodologies and frameworks
• Threat modeling techniques and tools (OSS)
• Uses of machine learning and AI for threat modeling
• Security design patterns
• Privacy and data protection considerations in threat modeling
• Risk analysis, prioritization, and management
• Training and awareness for threat modeling
• Case studies, best practices, and lessons learned
• The role of standards, guidelines, and regulations in threat modeling
• Integration of threat modeling into DevSecOps and Agile development
• Threat modeling (academic) research 

What types of sessions are we looking for?

• Presentation (session length: 30 minutes) - An in-depth exploration of a Threat Modeling topic, followed by a Q&A session to engage with the audience.
• Lightning talk (session length: 5-10 minutes) - Share quick, impactful ideas or projects in short segments.
• Cybersecurity games (session length: 30 minutes) - Interactive games designed to educate attendees about Threat Modeling principles in a fun and engaging manner.
• Workshop (session length: 70 minutes) - A hands-on workshop where attendees collaborate on practical exercises related to Threat Modeling.
• Poster session (session length: Varies) - Present your ideas or projects on high-quality printed posters during scheduled breaks, allowing for 1:1 interactions with attendees for deep discussions and feedback.

How: Submission Guidelines

Authors are invited to submit original, unpublished material in English. Submissions should be made through the conference's submission system: Sessionize. 

The number of speaking slots is very limited so we will be looking for complete high-quality submissions within the guidelines provided below.

Traits of high-scoring submissions

• Clearly communicate the purpose and relevance of your talk. Make it compelling to draw attendee interest and reviewers with its focus and clarity.
• Highlight practical takeaways that attendees can immediately implement, making your talk not only informative but also practical.
• Clearly state the key points or techniques you will cover. For example, rather than saying, “We’ll share 5 tips,” explicitly outline what those tips are. Avoid leaving reviewers guessing about your content.
• Focus on fresh insights, unique ideas, or approaches that aren’t widely available in existing resources or past conference materials.
• Incorporate real-life experiences and practical problem-solving examples that resonate with attendees.
• Provide a clear breakdown of your talk, including its structure and timing. Reviewers should have no doubts about how your session will unfold.

Common reasons for rejections

• Don’t align with the conference’s focus (Threat Modeling, Secure by Design) or fail to address the outlined topics.
• Submissions that lack details or specificity leave reviewers with unanswered questions and reduce your chances of acceptance. (i.e. Try not to make the reviewers guess or fill in the blank).
• Lack of originality or seems automatically generated are often flagged. Authenticity matters.
• No product pitch will be accepted. If you’re a vendor, please focus on delivering value independent of your product or service.
• Poor formatting/structure, or significant misspellings/ grammatical errors can significantly detract from the perceived quality of your proposal. Review thoroughly or seek feedback before submitting.
• Avoid including identifiable information to ensure an impartial review process.

Sample of strong submissions

Check out some examples of high-quality submissions: https://docs.google.com/document/d/11k6ewdqp7HgRKex8P1axEA5ovAZk9ddxwDV5pbnuzoo/edit?usp=sharing

*****************************************************

REVIEW PROCESS

• Blind reviews: All submissions will be blind-reviewed by the conference's program committee, composed of experts in the field. The review process, containing two rounds, will assess the submissions' relevance, originality, technical quality, applicability, and clarity.
• Request for additional materials: Accepted speakers will receive a conditional acceptance and will be required to provide additional materials, such as slides or speaker notes, to support their proposal. These materials must be submitted within a week of receiving the notification.
• Feedback for submitters: The Program Committee will be the final decider of acceptance or not. Feedback to submissions not accepted will be given on a case-by-case basis, upon request by the author, at the discretion of the Committee. 

*****************************************************

IMPORTANT DATES

Submission deadline: Feb 28th, 2025

Notifications of acceptance/rejections: Week of March 17th

Full paper submission deadline: May 11th, 2025

*****************************************************

ACCESS TO THE CONFERENCE

All presenters must register for the conference. Registration details, including fees and deadlines, will be available on the conference website. Authors whose submissions are selected will receive complimentary access to the Conference.

Travel and accommodations will not be covered by the organizers.

*****************************************************

CONTACT US

For any inquiries regarding the submission process, conference program, or general information, please contact the conference organizers at shsu@threatmodelingconnect.com.

We look forward to receiving your contributions and meeting you at the ThreatModCon 2025 Barcelona.