Since 2015, I have been a freelance writer, exclusively covering cybersecurity for a variety of industry publications, so I have known about the RSA conference for quite a while. For the past four years, I have longed to attend, but the assignment always went to more seasoned journalists. Instead, I read with envy all the coverage from industry colleagues and covered myriad reports that came out of the conference.

Several weeks ago, I came across the opportunity to work as a conference content strategist and applied instantly. Fast forward to August 19, 2019, and I’m officially a member of the RSA Conference team. RSAC 2020, here I come!

I was hired smack dab in the middle of the call for speakers process. Yes, submissions are closed, but that doesn’t mean that decisions have been made. In fact, more than 2,200 proposals are being reviewed. I am as anxious as the next person to know who makes the final list, but there’s an intricate and time-consuming process that takes a speaker from the proposal to the stage. Despite being new, I’m already knee deep in it and learning as I go.

What is the process?

Most importantly, the process begins with you. In order to ensure that your efforts are properly directed so that you have the best chance of being selected, the program committee provided you with answers to frequently asked questions (FAQs) and samples of submissions that have made the cut in previous years. In turn, you selected your topic carefully, crafted a catchy title and abstract, and detailed a unique and compelling approach to tackling the most timely and troubling issues the industry is confronting. And now, you wait. What exactly are you waiting for?

Both Britta Glade, director, content and curation, RSA Conference and Dr. Hugh Thompson, RSAC program committee chair have read through every single word of more than 2,200 submissions – a rolling process that began with the first submission. After each submission was dissected by the content team and program chair, all of the submissions were divided into the different conference tracks for the next phase of review and consideration.

“Let’s say there’s been a submission for a dangerous vulnerability found in an Android app,” Britta explained. “That submission would be reviewed by the hackers and threats program committee, but it would also be reviewed by the IoT and maybe even the AppSec/DevOps group.” In our quest to be balanced and objective, the RSAC content team has organized a massive program committee of domain experts who make the final picks. That’s where we are in the process right now.

Determining the Best Fit

The torch was passed from the content team to the program committee, comprised of the domain experts who will do another round of thorough reviews. The goal is to get each entry in front of as many eyeballs as possible for consideration. Each track has between two and four domain experts from across industry sectors. Independently of each other, the members of each track will read every submission that landed in their bucket. For some tracks, that could be up to 400 submissions!

What are they looking for? I’m learning right along with you. As always, the committee is in search of submissions that help educate industry professionals and deliver practical and actionable steps that they can take not only in the days that follow the conference but in the weeks and months to come. 

“The committees meet first and do their ‘blue sky’ ideas,” Britta said, “They will ask themselves and each other what key sessions they would expect to see on this track, which helps them to identify potential holes.”

Plead Your Case, Please.

You can imagine that with so many different opinions involved in the process, it’s hard to come to a consensus. Somehow, they do it, though. After the program committees review each submission (recusing themselves if there is any conflict of interest to ensure objectivity), they duke it out in healthy discussions in order to pick the final candidates for their track. And sometimes they ask clarifying questions and seek more information from submitters via the speaker management team. They work very hard to whittle down their selections to develop the best possible content stream for RSA Conference attendees.

Then, they build an agenda and take another look to avoid scheduling overlaps. In case there is another submission on an Android-related topic, they want to make sure it’s not running simultaneously with that (hypothetical) Android app vulnerability session.

Now that we’re creeping our way through September, it won’t be too long before the committee starts cooking up that agenda, so sit tight and take comfort in knowing that notifications will be sent to the chosen speakers in mid-to-late November. Fingers crossed that yours is one of them.

Contributors: