INTRODUCTION

What’s ThreatModCon?

ThreatModCon is the world’s only conference dedicated to Threat Modeling and Secure by Design. The event brings together threat modeling communities around the world to share best practices, collaborate with peers, and discover the latest developments in the field. 

What’s unique about this Call for Papers?

This Call for Paper not only offers a chance to shine on the ThreatModCon stage and share your work with many in the community, but it also provides a unique opportunity to get personalized mentorship from the best of the best Threat Modeling experts around the world. Accepted speakers will receive 1:1 mentorship and coaching from the conference committee members to enhance the content and delivery of their sessions.

*****************************************************

CONFERENCE THEME

Threat Modeling Journeys

*****************************************************

CALL FOR PAPERS (CFP): WHO, WHAT, HOW

Who should submit a paper?

ThreatModCon 2025 Washington, D.C. is an event for AppSec professionals, researchers, developers, architects, testers, and practitioners to discuss and share their knowledge on threat modeling techniques, methodologies, tools, and best practices. We invite the submission of original and innovative research, case studies, and practical experiences.

What topics should you submit about?

We're looking for a wide range of threat modeling topics, including but not limited to:

• Frameworks, methods, and tools (including open source)
• Case studies and implementation lessons
• Scaling threat modeling in teams and organizations
• Threat modeling in emerging areas (AI, machine learning, hardware, etc.)
• Metrics and risk prioritization – measuring value, impact, and maturity
• Integration with DevSecOps and Agile development
• Security design patterns and standards
• Threat modeling culture and team dynamics
• Privacy, data protection, and regulatory alignment
• Educational strategies and training programs
• Academic or industry research in threat modeling

What types of sessions are we looking for?

• *NEW: Un-keynote 'Threat Modeling Journey' (session length: 5-8 minutes) - A personal reflection on your threat modeling journey (covering topics like where and how your journey began, what your biggest challenge was and how you overcame it, a project you're most proud of and how you built it, looking back–what you would do differently if you were starting today, etc)
  
  Context: ‘Un-keynote’ is back! It's a collective threat modeling storytime featuring multiple practitioners sharing their personal journeys. If selected, you’ll present during this special session alongside fellow un-keynote speakers.
  
  
• Presentation (session length: 30 minutes total) - An in-depth exploration of a Threat Modeling topic, inclusive of a Q&A session to engage with the audience.
  
  
• Threat modeling games (session length: 70 minutes) - Interactive games designed to educate attendees about Threat Modeling principles in a fun and engaging manner.
  
  
• Workshop (session length: 70 minutes) - A hands-on workshop where attendees collaborate on practical exercises related to Threat Modeling.
  
  
• Poster session (session length: Varies) - Present your ideas or projects on high-quality printed posters during scheduled breaks, allowing for 1:1 interactions with attendees for deep discussions and feedback.

How: Submission Guidelines

Authors are invited to submit original, unpublished material in English. Submissions should be made through the conference's submission system: Sessionize. 

The number of speaking slots is very limited so we will be looking for complete high-quality submissions within the guidelines provided below.

Traits of high-scoring submissions

• Clearly communicate the purpose and relevance of your talk. Make it compelling to draw attendee interest and reviewers with its focus and clarity.
• Highlight practical takeaways that attendees can immediately implement, making your talk not only informative but also practical.
• Clearly state the key points or techniques you will cover. For example, rather than saying, “We’ll share 5 tips,” explicitly outline what those tips are. Avoid leaving reviewers guessing about your content.
• Focus on fresh insights, unique ideas, or approaches that aren’t widely available in existing resources or past conference materials.
• Incorporate real-life experiences and practical problem-solving examples that resonate with attendees.
• Provide a clear breakdown of your talk, including its structure and timing. Reviewers should have no doubts about how your session will unfold.

Common reasons for rejections

• Don’t align with the conference’s focus (Threat Modeling, Secure by Design) or fail to address the outlined topics.
• Submissions that lack details or specificity leave reviewers with unanswered questions and reduce your chances of acceptance. (i.e. Try not to make the reviewers guess or fill in the blank).
• Lack of originality or seems automatically generated are often flagged. Authenticity matters.
• No product pitch will be accepted. If you’re a vendor, please focus on delivering value independent of your product or service.
• Poor formatting/structure, or significant misspellings/ grammatical errors can significantly detract from the perceived quality of your proposal. Review thoroughly or seek feedback before submitting.
• Avoid including identifiable information to ensure an impartial review process.

Sample of strong submissions

Check out some examples of high-quality submissions: https://docs.google.com/document/d/11k6ewdqp7HgRKex8P1axEA5ovAZk9ddxwDV5pbnuzoo/edit?usp=sharing

*****************************************************

REVIEW PROCESS

• Anonymous reviews: All submissions will be reviewed anonymously by the conference's program committee, composed of experts in the field. The review process, containing two rounds, will assess the submissions' relevance, originality, technical quality, applicability, and clarity.
• Request for additional materials: Accepted speakers will receive a conditional acceptance and will be required to provide additional materials, such as slides or speaker notes, to support their proposal. These materials must be submitted within a week of receiving the notification.
• Feedback for submitters: The Program Committee will be the final decider of acceptance or not. Feedback to submissions not accepted will be given on a case-by-case basis, upon request by the author, at the discretion of the Committee. 

*****************************************************

IMPORTANT DATES

Submission deadline: August 8th, 2025

Notifications of acceptance/rejections: The end of August

Full paper submission deadline: October 24th, 2025

*****************************************************

ACCESS TO THE CONFERENCE

All presenters must register for the conference. Registration details, including fees and deadlines, will be available on the conference website. Authors whose submissions are selected will receive complimentary access to the Conference.

Travel and accommodations will not be covered by the organizers.

*****************************************************

CONTACT US

For any inquiries regarding the submission process, conference program, or general information, please contact the conference organizers at shsu@threatmodelingconnect.com.

We look forward to receiving your contributions and meeting you at the ThreatModCon 2025 Washington D.C.