INTRODUCTION

What’s ThreatModCon?

ThreatModCon is the world’s only conference dedicated to Threat Modeling and Secure by Design. The event brings together threat modeling communities around the world to share best practices, collaborate with peers, and discover the latest developments in the field. 

What’s unique about this Call for Papers?

This is more than just a speaking slot. We’re committed to the growth of our speakers. If your session is accepted, you will enter a collaborative process involving 1:1 mentorship and content coaching from our program committee, composed of leading global experts, to help you refine your message and maximize the impact of your delivery.

*************************************************

WHO SHOULD SUBMIT

We are looking for the "doers" who practice threat modeling. If you have a technical story to tell or a process to share that isn’t found in a textbook, we want to hear from you. We specifically encourage submissions from:

• Security Architects & Engineers with real-world implementation stories.
• Product Security Leads who have successfully scaled TM cultures.
• Open Source Contributors building the next generation of TM tooling.
• Brave Practitioners willing to show a redacted model for peer review.
• Academic Researchers with empirical data or novel methodologies validated in the field.

Note on Vendors: We do not accept product pitches. To maintain the practitioner-led integrity of our tracks, vendor submissions must focus on methodology or research independent of a specific product. Product showcases are reserved for our Vendor Expo and ‘Doctor is In’ Clinic sponsorships. Please refer to our website in mid-February for the Sponsorship Prospectus.

SUGGESTED TOPICS

We welcome a wide range of topics, including but not limited to:

• Frameworks, methods, and tools (including open source)
• Case studies and implementation lessons
• Scaling threat modeling in teams and organizations
• Threat modeling in emerging areas (AI, machine learning, hardware, etc.)
• Metrics and risk prioritization – measuring value, impact, and maturity
• Integration with DevSecOps and Agile development
• Security design patterns and standards
• Threat modeling culture and team dynamics
• Privacy, data protection, and regulatory alignment
• Educational strategies and training programs
• Academic or industry research in threat modeling

SESSION FORMATS: THE TWO-TRACK FRAMEWORK

We've structured our program by delivery style to ensure a high-energy, interactive experience for our 120 delegates. Each track has one or a few session types we’re looking for.

Track 1: The Briefings

Presentation (30 min): A focused, "no-fluff" technical briefing. These sessions prioritize a "Problem > Solution > Result" narrative. We encourage case studies that dive deep into technical implementation.

Track 2: The Sandbox

Threat Model Show & Tell (30 min): A technical peer-review session. You bring a redacted, real-world threat model and facilitate a group critique where the audience suggests improvements and identifies missed threats.

Small Group Mastermind (70 min): A facilitated roundtable discussion. You lead a group of peers in solving a persistent institutional challenge (e.g., "Developer Buy-in" or "Scaling in Agile").

Hands-on Workshop (70 min): A deep-dive interactive session. Laptops out or whiteboards ready! You lead the room through a practical exercise or tool implementation.

Check our Speaker FAQ for details on our "No-Fluff" rule or how to handle IP redaction for the Show & Tell sessions (scrubbing company secrets while keeping the technical logic).

SUBMISSION GUIDELINES

Submissions must be original, technical, and delivered in English via Sessionize. As speaking slots are limited, the committee prioritizes high-quality, complete submissions.

Traits of high-scoring submissions

• Clarity of Purpose: Clearly communicate the relevance of your talk.
• Practical Takeaways: Highlight specific artifacts (code, templates, or checklists) that attendees can implement immediately.
• Explicit Detail: State your key points clearly. Rather than saying "I'll share 5 tips," list exactly what those tips cover so reviewers don't have to guess.
• Originality: Focus on fresh insights or unique approaches not commonly found in existing resources.

Common reasons for rejections

• Lack of Specificity: Vague abstracts leave reviewers with too many questions.
• Introductory Content: Submissions that focus on "Threat Modeling 101" will be rejected. Assume the audience is already experienced.
• Commercial Pitches: Any session that feels like a product advertisement.
• Anonymity Breaches: Including identifiable names or companies in the blind review fields.

Need some inspiration? Here's an example of a strong submission accepted in the past.

REVIEW PROCESS

• Anonymous Review: All submissions undergo a two-round blind review by our expert committee to assess relevance, technical quality, and applicability.
• Conditional Acceptance: You may be asked to provide additional materials (preliminary slides or speaker notes) within one week of notification to finalize your slot.
• Final Decision: The Program Committee's decision is final. Feedback for non-accepted sessions is provided on a case-by-case basis at the committee's discretion.

*************************************************

IMPORTANT DATES

Submission deadline: March 13th, 2026

Notifications: Week of March 30

Final presentation slides or materials due: June 12th, 2026

*************************************************

ACCESS TO THE CONFERENCE

All presenters must register for the conference. Authors of selected submissions will receive a complimentary full-access pass. Please note that as a community event, ThreatModCon does not cover travel or lodging expenses.

*************************************************

CONTACT US

For any inquiries regarding the submission process, conference program, or general information, please contact the conference organizers at hello@threatmodelingconnect.com.

We look forward to receiving your contributions and meeting you at the ThreatModCon 2026 Vienna!