Congratulations, your submission has been declined!

Congratulations, your talk has been declined! Many of us have been disappointed or relieved by a rejection in the past few days. As a follow-on to my previous post about the CFP process and writing an abstract, I figured it would be fitting to write a bit about what to do now. Don’t worry, a post about what to do if you’re accepted should come right on time, about a week before Black Hat and Defcon.

It’s okay to be disappointed. You put lots of work into your research, and more into making it look good for the cfp. If you’re smart, you’ve been scrambling to deliver on the things you promised in case they asked for more info. It might feel like all that was a waste of time.

It’s not okay to accept defeat. You put lots of work into your research, & more into making it look good for the cfp. If you’re smart, you’ve been scrambling to deliver on the things you promised in case they asked for more info. Don’t waste that effort by giving up. Here’s how:

  1. Take the time you need to get a grasp on the emotional attachment to presenting at a certain conference. Sharing disappointment on social media can help. Bashing the conference and the review board might feel good but more likely will prevent you from moving on than help.
  2. Take advantage of the experts that reviewed your work. Ask for feedback, but be patient - for large events it’s difficult or even impossible to give personal feedback to every declined talks, but many will accommodate you.
  3. Keep doing what you’re doing. Just because conference X didn’t have room doesn’t mean your work isn’t worthwhile. Make slides and practice presenting. Sometimes events accept declined submissions last minute to fill gaps. How bad would it be to have to say no to that?
  4. If your work has come to a conclusion, take time to reflect on it. You probably learned a few things working on your project, and whether or not you present them to a live audience, you have that knowledge and those skills to benefit you in the future.

If you get feedback - don’t take it personally, take it critically. Use it as a blueprint to improve your research, submission, and approach. There are lots of common responses you might get and ways to learn from each of them:

  1. Your abstract wasn’t compelling: Reviewers might have 100’s to review. They did read it, & your research may be amazing, but if you can’t coherently explain it in 200 words, 50 minutes isn’t better. Reviewers look out for attendees. Take time to refine your writing skills.
  2. Not a good fit for the event: Some events are deeply technical. Some are geared towards big picture, or appeal to newcomers to the field. There might be nothing wrong with your submission, but you should do research to find an event that’s a better fit.
  3. Didn’t stand out on the topic: Your research might be new, novel, and excellent, but if 10 people submitted talks on smart lightbulb forensics to an infosec event, accepting all of them would skew the whole event
  4. Not novel: This is a tough one to swallow. Someone thinks your work isn’t new. Is there prior art you didn’t know about? Now’s your chance! Did the reviewer miss a point that made it novel? Think about how to more clearly state that in the abstract.

Maybe you got feedback, maybe you didn’t. There are plenty of ways to move forward:

  1. Get more feedback: If you didn’t get sufficient feedback, you may not know why it was declined. Ask your peers, ask people whose submissions were accepted, or ask on social media. Share your abstract and get feedback somehow.
  2. Find an event that’s a better fit: Specialized topics might be better fit to a more specialized conference. General and survey talks are better fit to smaller local conferences that appeal to newcomers to the field.
  3. Find a better medium: Write a white paper. Submit it to POC||GTFO. Turn it into a workshop. Publish a tool that does it. Post a video walkthrough. Your work might be better suited to any of these which are more effective than con talks for disseminating information.
  4. Keep working on your research. Research that leads to answers is great. Research that leads to new questions has the potential to be even better.

In summary - don’t let some conference dictate what you choose to do for your work. Do it because you want to, because it’s cool, or because it has impact, and keep doing it whether or not you get to present it at a conference.

Don’t let a single rejection stop your work, and don’t let a single rejection stop you from submitting again.

Joe FitzPatrick

Written by

Joe (@securelyfitz) is an Instructor and Researcher at Joe has spent his carrer working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontroller. He has spent the past decade developing and leading hardware security-related training, instructing hundreds of security researchers, pen-testers, hardware validators worldwide. When not teaching classes on applied physical attacks, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.