The CFP is only the starting point; there are many more moving pieces when building a conference -- topics, speakers, tracks, timelines, audience needs, etc. If your talk isn't chosen for a particular show, it doesn't necessarily mean it wasn't a good topic or was poorly written. There are many things that needs to be balanced: the number of sessions on the program, the number of submissions similar to yours, the number of submissions in the same topic area. The last point is a big one; every year there are "hot" topics for which I receive a bunch of submissions. Some of the "hot" topics are not the most applicable to enterprise security practitioners--the core group of attendees for MISTI conferences--so I have to sprinkle the fun-but-not-practical talks carefully. Attendees still flock to the talks about tried-and-true security, so those talks have to make up the bulk of talks that eventually get programmed.
In my case, I much prefer to see edgy talks and not the same old, same old. Again, there are thousands of security conferences all around the world; if there's something with a slightly different perspective, that will stand out on a conference program.
Fascinating that the best presentations are those that "no one wants to talk about, but everyone wants to listen." Share more.
A misconception about conferences is that successful shows only produce hot topics; the reality is that the most successful talks -- and looking at numbers to demonstrate it -- are on the proverbial basics. It's fun to talk about IoT, for instance, but the fact of the matter is, we're still not getting access control right. Not everyone--despite all of the noise--uses encryption as a rule...or correctly. There are big problems that need to be solved before we turn our attention to connected cars that really aren't a true threat in enterprises.
These "basics" talks are the talks no one wants to give, but everyone wants to hear. These are the real challenges and people need help improving. Or they want to see how they compare to others. The most popular sessions at InfoSec World 2016 were on active defense, understanding how and why systems/companies keep getting compromised, managing and measuring risk, information governance, NIST, building a secure cloud, forensics...all security basics.
It's an opportunity for people with core experience to share with others (hint, hint).
What happens between submission, acceptance, and the actual conference?
The challenge is selecting from competing concepts. Ultimately, the decision is made on more than the talk itself. It takes a remarkable blend of topics and talents to produce a successful show.
Sign up for CIO Asia eNewsletters.