We, the ThreatModCon 2023 Programme Committee were stunned by the response to our Call For Papers. It’s a new conference, the first conference dedicated to threat models and threat modelling. So the committee members would have been happy to receive a few more papers than available speaking slots.
But that’s not what’s happened! Given an embarrassment of riches, we decided to add a second (2nd) presentation and workshop track. Then the hard task of choosing began.
I wonder if those who’ve not been on a conference committee are familiar with the process:
- Understand every submission
- Adopt a process for identifying each evaluator’s favourites
- Urge (nag?) evaluators to make choices
- Categorize submissions by theme for an interesting mix
- Wrangle evaluators into 1, usually more meetings to work through disagreements and issues
- Draft acceptance and rejection letters. Obtain approval from committee
- Notify submitters
- Schedule the talks in some manner as to keep the energy flowing and themes coherent
The process may not be straightforward. Since this is the first ThreatModCon, there were challenges. For instance, we decided that some submissions were better as workshops, which required contacting submitters to see if they’d be willing to shift from presentation to workshop. There were several similar challenges that had to be surmounted.
I’m excited by the final programme because we were able to cover a range of themes:
- Methodology
- Privacy
- The effects of rapid change
- Risk
- Community
- Building a practice (threat modelling programme)
- Use of AI
In addition there will be an introductory workshop and a workshop for more experienced practitioners.
All in all, ThreatModCon 2023 is shaping up to be a rich collection covering many aspects of threat modelling. I hope to see you there
Cheers,
/Brook S.E. Schoenfield